Advocacy groups Consumers Union and the Center for Democracy & Technology have jointly written a policy brief on ways to strengthen privacy and security of health information while supporting information exchange. The authors offer to policymakers seven ways to address gaps in existing protection of health information:

* All business entities that access, use or disclose protected health information should be accountable under law.

* Accountability for compliance with federal and state laws should be strengthened.

* Laws protecting electronic health data should be reassessed. The HIPAA Security Rule, for instance, does not require encryption.

* Rules on use of PHI for marketing purposes should be strengthened.

* Policymakers should give more clarity on how entities are to comply with health privacy laws.

* Policymakers should ensure standards for de-identifying health data remain robust and establish penalties for inappropriate or unauthorized re-identification.

* Data sharing models that favor decentralization and local control should be prioritized.

The policy brief, “Achieving the Right Balance: Privacy and Security Policies to Support Electronic Health Information Exchange,” also includes a set of principles for maximizing HIE while securing data. A cross section of California stakeholders developed the principles in 2010. The brief is available here.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access