New privacy guidelines for e-health records announced

The Department of Health and Human Services this week released new privacy guidelines (PDF) for electronic health records, the use of which President-elect Barack Obama has promised to support as part of his plan to jump-start the economy.

The use of electronic medical records could reduce costs and medical errors while potentially improving the quality of care patients receive, advocates say, but the level of new privacy standards needed for e-health records has been a matter of debate.

"Consumers need an easy-to-read, standard notice about how their personal health information is protected, confidence that those who misuse information will be held accountable, and the ability to choose the degree to which they want to participate in information sharing," HHS Secretary Mike Leavitt said Monday.

The eight principles established in the guidelines are intended to facilitate the adoption of e-health records by providing a consistent approach to questions of privacy and defining the responsibilities of those who have access to e-health records and share them through a network. The principles address issues of patient access; correction of records; openness and transparency; patient choice; limitations to the collection, use, and disclosure of personal health information; data integrity; safeguards; and accountability.

The HHS Office for Civil Rights also published new guidance documents explaining how the Health Insurance Portability and Accountability (HIPAA) Act can facilitate the exchange of information through e-records.

Privacy advocates at a meeting with Obama's transition team on Tuesday brought up the need for more stringent privacy standards for medical information. However, some members of the software industry, which strongly supports the adoption of e-health records, have said the HIPAA Act may provide sufficient privacy safeguards.

The new HHS guidelines state that "although the HIPAA Privacy and Security Rules apply to health information in electronic form, the current landscape of electronic health information exchange poses new issues and involves additional organizations that were not contemplated at the time the rules were drafted."

[FunkyMan3333]

Not a word in the document about using EMR information for medical research. The U.S. is falling far behind Europe and Canada in that field. EMR data can be centralized and anonymized to protect patient privacy, contributing hugely to the improvement of the health care system through medical and health services research. Where is the government on this topic??

[inachu1]

Using EMR would make it hard for black hat employers to make sure there is a reason to fire people.

[Renegade Knight]

If it were really considered personal health information, it wouldn't be on the web. It would be in my hands for my sole use and benefit. The entire reason it's online is for other 'interested' parties.

[BenjaminWright]

Maybe patients can bolster privacy by inserting legal terms of access (like an end-user license agreement) into the content of their electronic medical records. The terms could set binding rules for who may view data and when. The idea is not legal advice, just something to think about. --Ben http://hack-igations.blogspot.com/2008/02/contracts-for-patient-privacy.html