Nationwide Privacy and Security Framework For Electronic Exchange of Individually Identifiable Health Information

Inspired by The Movie – Kung Fu Panda
January 2, 2013
Color Blindness is my Strength
January 2, 2013
Show all

January 9, 2009

Office of the National Coordinator (ONC) for Health Information Technology (HIT) from the U.S. Department of Health and Human Services (HHS) documented a need for Nationwide Privacy and Security Framework For Electronic Exchange of Individually Identifiable Health Information.

The purpose of the document was to address the need for protecting individually identifiable health data as the electronic health information exchange poses challenges and complexities every day.

Code of Fair Information Practice by the U.S. Department of Health, Education, and Welfare (HEW), addresses five practices to benefit from computerization while providing privacy safeguards:

  1. openness
  2. disclosure
  3. secondary use
  4. correction
  5. security

At various levels there are different laws governing Privacy & Security of patient health information. These include but are not limited to:

  1. Health Insurance Portability and Accountability Act of 1996 (HIPAA)
  2. the Privacy Act of 1974
  3. the Confidentiality of Alcohol and Drug Abuse Patient Records Regulation (42 CFR Part 2)
  4. the Family Educational Rights & Privacy Act (addresses privacy of information held by certain educational institutions)
  5. Gramm-Leach-Bliley Financial Services Act (addresses privacy of information held by financial institutions)
  6. Federal Information Security Management Act of 2002 (FISMA)

The principles outlined in the framework are meant to guide the use of electronic health information and they are technology adaptive.

The principles include:

  1. Individual Access: Individuals have right to their information and they have the right to dispute if the information is inaccurate.
  2. Openness And Transparency: Individuals should be able to trust the information system maintaining and storing their health information.
  3. Individual Choice: An individual should be able to make informed choice about his/her data being exchanged over a network.
  4. Collection, Use, And Disclosure Limitation: An individuals information if collected should be with consent. Any use of the information (secondary use) should be for specified purposes and disclosure to any information should be made after consent of the individual.
  5. Data Quality And Integrity: Entities should take appropriate measures to ensure that the identifiable information is accurate, up-to-date, complete and has not been altered.
  6. Safeguards: Reasonable Administrative, Technical, and Physical Safeguards should be in place to protect individually identifiable health information.
  7. Accountability: Appropriate procedures and policies should be in place to assure Accountability in the system.

The goal of the Nationwide Privacy and Security Framework is to ensure trust and safegurd for electronic exchange of individually identifiable health information.

Leave a Reply

Your email address will not be published. Required fields are marked *

Read more:
Being Patient with Technology

February 16, 2009 Being a CIO, I hear people complaining every hour of the day: The network performance is too...