Committee readies recommendations to extend broad health privacy protections

The National Committee on Vital and Health Statistics is considering recommending extending the applicability of the federal rules that protect the privacy of individuals’ medical records.


The committee, which advises the Health and Human Services Department, issued a draft report full of recommendations on how medical records are used for purposes other than treating patients, such as for research and monitoring the quality of care.


NCVHS drafted the report, “Enhanced Protections for Uses of Health Data: A Stewardship Framework for ‘Secondary Uses’ of Electronically Collected and Transmitted Health Data,” in response to a request from the Office of the National Coordinator of Health Information Technology.


The document calls for extending privacy protections under the Health Insurance Portability and Accountability Act of 1996 to all users of health data. HIPAA’s coverage is limited to certain groups, primarily insurers and health care providers.


“The following observations and recommendations call for a transformation, in which the focus is on enhanced protections for all uses of health data by all users, independent of whether an organization is covered under HIPAA,” the report states.


Ways to accomplish that transformation are laid out in 13 pages of detailed recommendations, including these:
<li>Limit and control how so-called business associates with access to HIPAA-covered data use that data.</li>
<li>Strengthen regulation of Web sites that collect personal health information.</li>
<li>Provide more guidance to those covered by HIPAA on how to comply with it.</li>
<li>Require that users of personal health information outside HIPAA obtain patient’s authorization for those uses.</li>
<li>Enact more-inclusive federal privacy legislation, or at least expand the definition of covered entities under HIPAA.</li>


“There is an increasing need to adopt enhanced data stewardship principles by all entities that have access to health data, ...” the draft report states. “When an individual provides personal health information to anyone else, in any manner (e.g., in person or online), the information is provided in confidence and with implicit trust that the information will not be used in unintended ways.”


In the course of developing the report, the document states, the committee determined that the commonly used phrase “secondary uses of health data” is not a useful label. What one person regards as a primary use, such as billing for a doctor’s services, is secondary to another, the report states. Rather than distinguishing between primary and secondary uses of data, rules should cover all uses, it recommends.


The committee will receive public comments on the document in a telephone conference Oct. 31. It will consider revisions before delivering its recommendations to HHS later this year.

About the Author

Nancy Ferris is senior editor of Government Health IT.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.