Advocacy Group Publishes Privacy Framework

Talking the talk and walking the walk are two different things.  That’s why developers of health information systems and the organizations that use these technologies should be able to absolutely prove their commitment to privacy and security, according to Patient Privacy Rights, an Austin, Texas-based advocacy organization. 

In its report entitled the Patient Privacy Rights Privacy Trust Framework, the organization has published 15 core privacy principles, with more than 75 auditable criteria to measure and align privacy policies to acceptable business practices. The Framework is designed to help measure and test whether health information systems comply with best privacy practices.

The 15 principles of the Framework include:

* Patients can easily find, review and understand the privacy policy.

* The privacy policy fully discloses how personal health information will and will not be used by the organization. Patients’ information is never shared or sold without patients’ explicit permission.

* Patients decide if they want to participate.

* Patients are clearly warned before any outside organization that does not fully comply with the privacy policy can access their information.

* Patients decide and actively indicate if they want to be profiled, tracked or targeted.

* Patients decide how and if their sensitive information is shared.

* Patients are able to change any information that they input themselves.

* Patients decide who can access their information.

* Patients with disabilities are able to manage their information while maintaining privacy.

* Patients can easily find out who has accessed or used their information.

* Patients are notified promptly if their information is lost, stolen or improperly accessed.

* Patients can easily report concerns and get answers.

* Patients can expect the organization to punish any employee or contractor that misuses patient information.

* Patients can expect their data to be secure.

* Patients can expect to receive a copy of all disclosures of their information.

The group plans to use the Framework as the basis of a certification program that will enable consumers to trust that their personal health information is adequately protected.

“Organizations whose operations demonstrate the strongest commitment to the privacy of its patients and customers will want to make the public aware of this commitment.  Privacy seals could be awarded for compliance with the PPR Trust Framework and would distinguish trustworthy organization that are truly making a full and good faith effort to honor individuals’ right to privacy from all the rest,” reads the report.