Presentation is loading. Please wait.

Presentation is loading. Please wait.

Healthcare Privacy: The Perspective of a Privacy Advocate

Published byLaura Ryan Modified over 5 years ago

Similar presentations

Presentation on theme: "Healthcare Privacy: The Perspective of a Privacy Advocate"— Presentation transcript:

1 Healthcare Privacy: The Perspective of a Privacy Advocate
Deven McGraw

2 The Health Privacy Project at CDT
Health IT and electronic health information exchange have tremendous potential to improve health care quality, reduce costs, and empower consumers. But little progress has been made on resolving the privacy and security issues raised by e-health. Project’s aim: Develop and promote workable privacy and security policy solutions for personal health information.

3 People want Health IT - but also have significant privacy concerns
Survey data shows the public wants electronic access to their personal health information. But a majority - 67% - also have significant concerns about the privacy of their medical records (California Healthcare Foundation 2005).

4 Consequences of Failing to Act
Good health care depends on accurate and reliable information. Without privacy protections, people will engage in “privacy-protective behaviors” to avoid having their information used inappropriately. 1 in 6 adults withhold information from providers due to privacy concerns. (Harris Interactive 2007) Persons in poor health, and racial and ethnic minorities, report even higher levels of concern and are more likely to engage in privacy-protective behaviors. (CHF 2005)

5 Health IT Can Protect Privacy - But Also Magnifies Risk
Tools of technology can better protect privacy But moving health information into electronic form - in the absence of strong privacy and security safeguards - magnifies the risks. Recent thefts of laptops, inadvertent posting of data on the Internet Cumulative effect of these reports deepens consumer distrust

6 A Comprehensive Approach is Needed
Privacy and security protections are not the obstacle - enhanced privacy and security is an enabler to health IT. A comprehensive privacy and security framework is needed to facilitate the adoption of health IT and health information exchange. Rules should be tailored to different contexts.

7 What Does a Comprehensive Framework Look Like?
Includes core privacy principles, incorporates trusted network design characteristics, and establishes oversight and accountability mechanisms. (Markle Foundation) The framework should also cover generally accepted fair information practices that have been used to shape policies governing uses of PHI in a variety of contexts. No single formulation - but Markle’s Common Framework provides a good model.

8 Common Framework Principles
Openness and transparency Purpose specification and minimization Collection limitation Use limitation Individual participation and control Data integrity and quality Security safeguards and controls Accountability and Oversight Remedies

9 Role of HIPAA in New Environment
HIPAA Privacy and Security Rules reflect elements of this framework and provide important protections governing access, use and disclosure of PHI by health system entities. But the regulations are insufficient to cover the new and rapidly evolving e-health environment - particularly the migration of health information out of the health care system. Effective enforcement is also lacking.

10 What About Patient Consent
Individual control is an important component of fair information practices - but it is just one component. In the context of PHRs and accounts in health record banks, consumer control is the model - and the rules that govern these tools should enforce that principle. Will that become the prevailing model of health information exchange?

11 Patient Consent (cont.)
For records held by health system entities, providing greater authorization rights is not the best way to protect privacy and security. Data stewardship responsibility should primarily vest with the entity holding the data. Places most of the burden of privacy protection on the individual at a time when they are least able to make complicated decisions about the use of their data. Research shows that patients do not read consent forms - and if they do read them, they frequently do not understand them and inherently believe they protect privacy even in cases where the opposite is true.

12 Consent (cont.) Blanket authorizations or easy “check the box” electronic forms in particular can easily become shields for inappropriate uses. Relying on consent relieves entities of the burden of adopting strong privacy and security policies and practices. There is a role for consent - and we want consumers to be paying attention in those moments (no “consent fatigue”).

13 Consent (cont.) The adoption of a comprehensive privacy and security framework that places clear limits on the access, use and disclosure of identifiable health information - with aggressive enforcement - will better protect privacy in e-health systems. But health systems should be engineered to honor (and appropriately manage) patient consent where such consent is legally required or voluntarily sought. Is there room for a hybrid approach?

14 Consent (cont.) We need to consider the appropriate role for consent - particularly with respect to information that is particularly sensitive and stigmatizing. HHS should follow-up on NCVHS recommendations concerning the right to restrict information in sensitive categories. Consider work already being done in state and regional health information exchanges.

15 For privacy to enable health IT, we need to “enable” privacy

Download ppt "Healthcare Privacy: The Perspective of a Privacy Advocate"

Similar presentations

Opportunities & Dangers: Consumers and Electronic Health Records Paul Feldman, Health Privacy Project Deven McGraw, National Partnership for Women & Families.

Opportunities & Dangers: Consumers and Electronic Health Records Paul Feldman, Health Privacy Project Deven McGraw, National Partnership for Women & Families.
Privacy: Who Owns What and Who Gets Access? Allen Fremont, M.D., Ph.D. RAND Corporation Annual Meeting of AcademyHealth Sunday, June, 25 th 2006 Seattle,

Privacy: Who Owns What and Who Gets Access? Allen Fremont, M.D., Ph.D. RAND Corporation Annual Meeting of AcademyHealth Sunday, June, 25 th 2006 Seattle,
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
INTERNATIONAL UNION FOR CONSERVATION OF NATURE. 2 Implemented in 12 countries of Africa, Asia, Latin America and the Middle East, through IUCN regional.

INTERNATIONAL UNION FOR CONSERVATION OF NATURE. 2 Implemented in 12 countries of Africa, Asia, Latin America and the Middle East, through IUCN regional.
Legal Framework for Information Sharing in Organ Donation and Transplantation Alexandra K. Glazier, Esq. VP & General Counsel New England Organ Bank.

Legal Framework for Information Sharing in Organ Donation and Transplantation Alexandra K. Glazier, Esq. VP & General Counsel New England Organ Bank.
Davis Wright Tremaine LLP Non-HIPAA Governmental Regulation of Healthcare Privacy and Security Sixteenth HIPAA Summit/The Privacy Symposium August 21,

Davis Wright Tremaine LLP Non-HIPAA Governmental Regulation of Healthcare Privacy and Security Sixteenth HIPAA Summit/The Privacy Symposium August 21,
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.

NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.

Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.
Confidentiality, Ethics, Privacy, and Access REPORT FROM CONFIDENTIALITY, ETHICS, PRIVACY AND ACCESS Group B.

Confidentiality, Ethics, Privacy, and Access REPORT FROM CONFIDENTIALITY, ETHICS, PRIVACY AND ACCESS Group B.
Health Information Security & Privacy February 9, 2014 ONC Policy HIT Policy Committee Privacy and Security Workgroup Denise Anthony Sociology and ISTS.

Health Information Security & Privacy February 9, 2014 ONC Policy HIT Policy Committee Privacy and Security Workgroup Denise Anthony Sociology and ISTS.
Credit Reporting: What’s the role for the state? Fredes Montes Financial Infrastructure The World Bank.

Credit Reporting: What’s the role for the state? Fredes Montes Financial Infrastructure The World Bank.
Strand 1 Social and ethical significance. Reliability and Integrity Reliability ◦Refers the operation of hardware, the design of software, the accuracy.

Strand 1 Social and ethical significance. Reliability and Integrity Reliability ◦Refers the operation of hardware, the design of software, the accuracy.
Developing Privacy and Security Standards Allen Briskin Allen Briskin

Developing Privacy and Security Standards Allen Briskin Allen Briskin
© CSR Asia 2010 ISO 26000 Richard Welford CSR Asia www.csr-asia.com.

© CSR Asia 2010 ISO Richard Welford CSR Asia
P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.
Session 3 - Plenary on implementing Principle 1 on an Explicit Policy on Regulatory Quality, Principle 3 on Regulatory Oversight, and Principle 6 on Reviewing.

Session 3 - Plenary on implementing Principle 1 on an Explicit Policy on Regulatory Quality, Principle 3 on Regulatory Oversight, and Principle 6 on Reviewing.
Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.
“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January.

“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January.
Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University 202-687-0880.

Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University

Similar presentations

Ads by Google