Committee readies recommendations to extend broad health privacy protections

The National Committee on Vital and Health Statistics is considering recommending extending the applicability of the federal rules that protect the privacy of individuals’ medical records.


The committee, which advises the Health and Human Services Department, issued a draft report full of recommendations on how medical records are used for purposes other than treating patients, such as for research and monitoring the quality of care.


NCVHS drafted the report, “Enhanced Protections for Uses of Health Data: A Stewardship Framework for ‘Secondary Uses’ of Electronically Collected and Transmitted Health Data,” in response to a request from the Office of the National Coordinator of Health Information Technology.


The document calls for extending privacy protections under the Health Insurance Portability and Accountability Act of 1996 to all users of health data. HIPAA’s coverage is limited to certain groups, primarily insurers and health care providers.


“The following observations and recommendations call for a transformation, in which the focus is on enhanced protections for all uses of health data by all users, independent of whether an organization is covered under HIPAA,” the report states.


Ways to accomplish that transformation are laid out in 13 pages of detailed recommendations, including these:
<li>Limit and control how so-called business associates with access to HIPAA-covered data use that data.</li>
<li>Strengthen regulation of Web sites that collect personal health information.</li>
<li>Provide more guidance to those covered by HIPAA on how to comply with it.</li>
<li>Require that users of personal health information outside HIPAA obtain patient’s authorization for those uses.</li>
<li>Enact more-inclusive federal privacy legislation, or at least expand the definition of covered entities under HIPAA.</li>


“There is an increasing need to adopt enhanced data stewardship principles by all entities that have access to health data, ...” the draft report states. “When an individual provides personal health information to anyone else, in any manner (e.g., in person or online), the information is provided in confidence and with implicit trust that the information will not be used in unintended ways.”


In the course of developing the report, the document states, the committee determined that the commonly used phrase “secondary uses of health data” is not a useful label. What one person regards as a primary use, such as billing for a doctor’s services, is secondary to another, the report states. Rather than distinguishing between primary and secondary uses of data, rules should cover all uses, it recommends.


The committee will receive public comments on the document in a telephone conference Oct. 31. It will consider revisions before delivering its recommendations to HHS later this year.

About the Author

Nancy Ferris is senior editor of Government Health IT.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.