Leavitt: Privacy issues trump benefits of healthcare IT
In the address to the Nationwide Health Information Network Forum, Leavitt announced the release of privacy principles and a toolkit to guide efforts to harness new technology and data analysis, while protecting privacy. Leavitt stressed that appropriate privacy and security measures will be an essential sociological enabler of groundbreaking technology.
“Consumers shouldn’t be in a position to have to accept privacy risks they don’t want. Each consumer should be able to choose products and services that best fit their health needs and privacy preferences,” Leavitt said.
“Consumers need an easy-to-read, standard notice about how their personal health information is protected, confidence that those who misuse information will be held accountable, and the ability to choose the degree to which they want to participate in information sharing,” he noted.
Some of the privacy principles outlined by Leavitt are:
In addition, Leavitt announced several tools to help consumers and health information exchanges advance toward privacy protection and consumer access to their information. For example, the “Leavitt Label,” modeled after the nutritional labels on food packaging, would allow consumers to quickly compare PHR products.
- Individual Access: Consumers should be provided with timely means to obtain their personal health information (PHI) in a readable form and format.
- Correction: Consumers should be provided with a timely means to dispute the accuracy or integrity of their PHI, and to have erroneous information corrected or to have a dispute documented if their requests are denied. Consumers also should be able to add to amend PHI in products controlled by them, such as personal health records (PHRs).
- Openness and Transparency: Consumers know the policies and practices related to the collection, use and disclosure of their personal information through an easy-to-read notice about how their PHI is protected. Consumers should have opportunities to review who has accessed their PHI and to whom it has been disclosed.
- Individual Choice: Consumers should be empowered to make decisions about with whom, when and how their PHI is shared (or not shared).
- Data Integrity: Those who hold records must take steps to ensure that information is updated and has not been altered or destroyed in an unauthorized manner. A process must exist in which, if consumers perceive a part of their record is inaccurate, they can notify their provider.
- Safeguards: PHI should be protected with administrative, technical and physical safeguards to ensure its confidentiality, integrity and availability and to prevent unauthorized or inappropriate access, use or disclosure.
- Accountability: Compliance with these principles is strongly encouraged so that Americans can realize the benefit of electronic health information exchange.