Tuesday, April 12, 2011

Health Information Privacy and Security Week

April 10 - 16, 2011

Is designed to raise awareness among the public about the importance of personal health information privacy and security.

This is one of those topics that everyone seems to have there own view and or combination of them – all of which complicate an already near impossible challenge to overcome.

The cold hard fact is nothing is always protected, 100%.  So the community works towards the best solution with the tools, knowledge, best practices and future trends to provide an acceptable level.

For the most part, the health Information Technology folks have a solid plan to work with and are collectivity comparing notes and working towards a common goal – which is a good thing.  Below are some key information about reaching there goals through the eight principles.

Nationwide Privacy and Security Framework for Electronic Exchange: Key Meaningful Use 2011 Objective Recommendation

On December 15, 2008, the Office of the National Coordinator for Health Information Technology of the U.S. Department of Health and Human Services (HHS) published its 11 page report: Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information. This report states: “[a] key factor to achieving a high-level of trust among individuals, health care providers, and other health care organizations participating in electronic health information exchange is the development of, and adherence to, a consistent and coordinated approach to privacy and security. Clear, understandable, uniform principles are a first step in developing a consistent and coordinated approach to privacy and security and a key component to building the trust required to realized the potential benefits of electronic health information exchange.” [p. 1]

With eight principles outlined the report, “[t]he goal of this effort is to establish a policy framework for electronic health information exchange that can help guide the Nation’s adoption of health information technologies and help improve the availability of health information and health care quality.

The eight principles are:

·   INDIVIDUAL ACCESS. Individuals should be provided with a simple and timely means to access and obtain their individually identifiable health information in a readable form and format. [p. 6]

  • CORRECTION. Individuals should be provided with a timely means to dispute the accuracy or integrity of their individually identifiable health information, and to have erroneous information corrected or to have a dispute documented if their requests are denied. [p. 7]

  • OPENNESS AND TRANSPARENCY. There should be openness and transparency about policies, procedures, and technologies that directly affect individuals and/or their individually identifiable health information. [p. 7]

  • INDIVIDUAL CHOICE. Individuals should be provided a reasonable opportunity and capability to make informed decisions about the collection, use, and disclosure of their individually identifiable health information. [p. 8]

  • COLLECTION, USE, AND DISCLOSURE LIMITATION. Individually identifiable health information should be collected, used, and/or disclosed only to the extent necessary to accomplish a specified purpose(s) and never to discriminate inappropriately. [p. 8]

  • DATA QUALITY AND INTEGRITY. Persons and entities should take reasonable steps to ensure that individually identifiable health information is complete, accurate, and up-to-date to the extent necessary for the person’s or entity’s intended purposes and has not been altered or destroyed in an unauthorized manner. [p. 8]

  • SAFEGUARDS. Individually identifiable health information should be protected with reasonable administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure. [p. 9]

  • ACCOUNTABILITY. These principles should be implemented, and adherence assured, through appropriate monitoring and other means and methods should be in place to report and mitigate non-adherence and breaches. [p. 9]

HIPPA.COM Glossary [http://www.hippa.com/cgi-bin/viewglossary.cgi?ALETTER=A]

HIPAA Legislation [http://www.hippa.com/cgi-bin/viewlaw.cgi]

Information Week Healthcare articles on security and privacy


  1. This is really an informative post. THANK you for sharing this with us.

  2. Your very welcome Beth and thanks for your comment.