Committee readies recommendations to extend broad health privacy protections

The National Committee on Vital and Health Statistics is considering recommending extending the applicability of the federal rules that protect the privacy of individuals’ medical records.


The committee, which advises the Health and Human Services Department, issued a draft report full of recommendations on how medical records are used for purposes other than treating patients, such as for research and monitoring the quality of care.


NCVHS drafted the report, “Enhanced Protections for Uses of Health Data: A Stewardship Framework for ‘Secondary Uses’ of Electronically Collected and Transmitted Health Data,” in response to a request from the Office of the National Coordinator of Health Information Technology.


The document calls for extending privacy protections under the Health Insurance Portability and Accountability Act of 1996 to all users of health data. HIPAA’s coverage is limited to certain groups, primarily insurers and health care providers.


“The following observations and recommendations call for a transformation, in which the focus is on enhanced protections for all uses of health data by all users, independent of whether an organization is covered under HIPAA,” the report states.


Ways to accomplish that transformation are laid out in 13 pages of detailed recommendations, including these:
<li>Limit and control how so-called business associates with access to HIPAA-covered data use that data.</li>
<li>Strengthen regulation of Web sites that collect personal health information.</li>
<li>Provide more guidance to those covered by HIPAA on how to comply with it.</li>
<li>Require that users of personal health information outside HIPAA obtain patient’s authorization for those uses.</li>
<li>Enact more-inclusive federal privacy legislation, or at least expand the definition of covered entities under HIPAA.</li>


“There is an increasing need to adopt enhanced data stewardship principles by all entities that have access to health data, ...” the draft report states. “When an individual provides personal health information to anyone else, in any manner (e.g., in person or online), the information is provided in confidence and with implicit trust that the information will not be used in unintended ways.”


In the course of developing the report, the document states, the committee determined that the commonly used phrase “secondary uses of health data” is not a useful label. What one person regards as a primary use, such as billing for a doctor’s services, is secondary to another, the report states. Rather than distinguishing between primary and secondary uses of data, rules should cover all uses, it recommends.


The committee will receive public comments on the document in a telephone conference Oct. 31. It will consider revisions before delivering its recommendations to HHS later this year.

About the Author

Nancy Ferris is senior editor of Government Health IT.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.