Protect Patients’ Health Information and Their Privacy Rights
The protection of patient privacy, coupled with efforts to advance health information technology (IT) and electronic health information exchange (eHIE), are key steps in improving patients’ health, as well as health care delivery. The success of health IT and eHIE is dependent on patients’ trust that their health information will be kept private and secure and that their rights with respect to this information will be respected. HHS is committed to working with multiple partners to improve both the culture and practice of using IT in a manner that advances the protection of patients’ privacy, the security of their health information, and patients’ rights to their health information.
Promote a Culture Where Privacy and Security Are Shared Values
Building a culture where privacy and security are respected and valued by all stakeholders is integral to the success of electronic health IT and eHIE. To further this goal, HHS is engaging stakeholders across the federal government and in the private sector (e.g., vendors, health providers, health plans, and patients), to encourage each group to value protecting the principles related to privacy of patient information and safeguarding its confidentiality, integrity, and availability.
Increase the Knowledge of How to Protect Patient Health Information
HHS is working to provide key health IT stakeholders with the resources and tools they need to understand and effectively manage patient health information privacy and security. HHS will continue to develop and distribute plain-language privacy- and security-related education and outreach materials, focusing on those stakeholders that generally have few resources for training materials (e.g., small health care providers and patients).
Establish and Enforce Strong and Effective Privacy and Security Policies
HHS must strive to ensure that privacy and security policies keep pace with the continuously evolving electronic health IT ecosystem. To this end, HHS will continue to ensure that appropriate, strong, and effective federal privacy and security protections are in place as HHS encourages the expanded use and sharing of health information through its various programs. As the primary federal regulator of health information privacy, HHS is committed to continued, robust administration and enforcement of federal privacy and security standards.
Encourage Health IT Vendors to Incorporate Easy-to-Use Privacy and Security Features into Their Products
Recognizing that health care providers and others who use health IT are most likely to implement security features that are easy to use, HHS will encourage vendors to develop and health care providers to adopt user-friendly and cost-effective privacy and security safeguards. HHS will continue to require, as appropriate, that electronic health records certified in relation to the Medicare and Medicaid Electronic Health Records Incentives Programs have functions that facilitate health care providers’ compliance with key requirements related to federal privacy and security standards.
Advance Patients’ Rights
HHS is committed to encouraging the development and use of policy and technology to advance patients’ rights to access, amend, and make choices for the disclosure of their electronic health information. HHS will lead this effort by making a patient’s information readily available to the patient in a format that is easy to use. HHS also is supporting the development of standards and technology to facilitate patients’ ability to control the disclosure of specific information that is considered by many to be sensitive in nature (such as information related to substance abuse treatment, reproductive health, mental health, or HIV) in an electronic environment.