This article appeared a few days ago.
New Framework Details 15 Core Health Privacy Principles
APR 3, 2013 5:30pm ET
Advocacy organization Patient Privacy Rights has published the Privacy Rights Framework, with 15 core principals comprising more than 75 auditable criteria to measure and align privacy policies to acceptable business practices.
The Framework is designed to help measure and test whether health information systems and research projects comply with best privacy practices in such areas as whether patients have control over their protected health information, an organization obtains meaningful consent before disclosing data and obtains new consent before secondary data use occurs, patients have the ability to selectively share data, and the organization uses servers housed in the United States, among other factors.
The framework is available now for all stakeholders. However, Patient Privacy Rights will develop a system to permit licensing for entities that want to be formally approved by the organization to enable consumers “to tell the good guys from the bad guys.”
This article is found here:
The framework is available here.
The core privacy principals from the .pdf are:
Principle 1: Patients can easily find, review and understand the privacy policy.
Principle 2: The privacy policy fully discloses how personal health information will and will not be used by the organization. Patients’ information is never shared or sold without patients’ explicit permission.
Principle 3: Patients decide if they want to participate.
Principle 4: Patients are clearly warned before any outside organization that does not fully comply with the privacy policy can access their information.
Principle 5: Patients decide and actively indicate if they want to be profiled, tracked or targeted.
Principle 6: Patients decide how and if their sensitive information is shared.
Principle 7: Patients are able to change any information that they input themselves.
Principle 8: Patients decide who can access their information.
Principle 9: Patients with disabilities are able to manage their information while maintaining privacy.
Principle 10: Patients can easily find out who has accessed or used their information.
Principle 11: Patients are notified promptly if their information is lost, stolen or improperly accessed.
Principle 12: Patients can easily report concerns and get answers.
Principle 13: Patients can expect the organization to punish any employee or contractor that misuses patient information.
Principle 14: Patients can expect their data to be secure.
Principle 15: Patients can expect to receive a copy of all disclosures of their information.
A description of the approach is here:
Trust Framework
What is the PPR Framework?
The PPR Framework is a set of 75+ auditable criteria that measure how much technology protects data privacy. It can offer ALL health care consumers the ability to control their most sensitive and sacred personal information by empowering patients to make meaningful choices about HIT systems and products based on attestation to the tough privacy principles and criteria they expect for health information.
Who developed the PPR Framework?
PPR and the bipartisan Coalition for Patient Privacy, in concert with Microsoft and PricewaterhouseCoopers (PwC), developed and tested a set of privacy principles and standards, operationalized in criteria that should be built into all electronic systems, platforms, and applications that handle personal health data in order to prove that they are worthy of trust.
What is PPR Framework based on?
The PPR Framework is grounded in American’s longstanding civil, human, and ethical rights to health information privacy. It is based on the bipartisan consumer privacy policies and principles established by members of the Coalition for Patient Privacy in 2007.
What does the PPR Framework test?
The PPR Framework tests whether health IT, platforms, applications, and research projects comply with the gold-standard privacy principles the bipartisan Coalition for Patient Privacy established in 2007-2008 over a period of 18 months. A patent is pending to assure that this system can be widely used to measure how closely systems, platforms, and applications meet patients’ expectations for control over personal data, and expectations of state-of-the art data security.
Who will benefit?
Everyone.
Developers of health IT systems, platforms, applications, and organizations that claim to be committed to privacy should be able to outwardly reflect that avowed commitment. Privacy seals could be awarded for compliance with the PPR Trust Framework and would distinguish trustworthy organizations that are truly making a full and good-faith effort to honor individuals’ right to privacy from all the rest. Patients are the greatest beneficiaries of the PPR Trust Framework. They should be able to protect themselves and easily see which electronic records systems, applications, and websites to avoid. Restoring patient control will offer consumers the ability to reap the rewards of health IT by enabling them to select systems worthy of trust.
PPR Trust Framework
Today’s data-rich networked society makes deployment of trusted electronic systems practical and painless. PPR believes organizations can earn public trust by attesting and adhering to the principles outlined in its Trust Framework and privacy certification process. In 2008, PPR, PwC, and Microsoft developed and tested this robust privacy certification program on HealthVault. Several key consumer organizations, inducing the ACLU and Consumer-Action, participated in the development and testing of the PPR Trust Framework.
PPR’s Trust Framework could be used for a formal privacy certification process. It differs from other health IT certification processes because it is designed specifically to enhance consumer engagement, education, and trust in electronic systems, platforms, and applications that hold individuals’ personal health information.
Public awareness of privacy-positive companies and organizations would be a very significant step and create pressure to restore privacy and the Constitutional liberties and freedoms that the Digital Age has violated. As more and more consumers – of healthcare and other products and services – become better educated about their privacy rights and the existing and growing threats to those rights, they will look for privacy-committed companies with which they can do business. Consumers will reward good business practices by participating in systems or projects that are publically committed to operate in compliance with the Trust Framework’s privacy principles.
The PPR Framework can play an integral role in building a vibrant, trusted research ecosystem. In general, the public is altruistic and willing to participate in research, provided that they know they have control over their information and can choose the type of research in which they participate. Furthermore, they want to know that the platforms and applications they donate their information to are trustworthy and secure. The Trust Framework offers research organizations and institutions the opportunity to demonstrate their commitment to informed consent and strong data security and data privacy protections.
Click here for a nutshell overview of Principle 1 of PPR’s Trust Framework.
Click here to read more about the Framework criteria
Click here to read more about the Framework criteria
This page is found here:
It should be noted that the intent of these principles and the auditable points apply to all those who handle health information electronically. While I can see some obvious areas where the NEHRS may not comply it is also clear there will be many medical practices and facilities who are not quite up to scratch.
There is no doubt these requirements set a high bar - but I think we should be working towards them if we are to ensure patient trust.
David.
0 comments:
Post a Comment