Set of Privacy Standards Adopted by Providers of Personal Health Records

Given the fragmentation of many health services in the U.S., creating a shared set of privacy standards is an important step in furthering the adoption of personal health records (PHRs) .

PHRs include a variety of electronic data designed to help consumers better manage their health-related information, including prescription data and diagnostics.

While the new standards haven’t readily altered the way most providers operate (many indicated they had been following the practices since inception), the agreement may alleviate privacy concerns among consumers.

The goal is to let individuals compile and share copies of their personal health information electronically, using a set of standardized practices that allow the patient to control how information is collected and shared. One might liken this to adopting English as the standard language of international travel, as well as a standardized set of laws by which to abide. To summarize:

  • Consumers should be able to know what information has been collected about them, the purpose of its use, who can access and use it, and where it resides.
  • The purposes for which personal data are collected should be specified at the time of collection, and the subsequent use should be limited to those purposes.
  • The collection and storage of personal health data should be limited to that information necessary to carry out the specified purpose.
  • Personal data should not be disclosed, made available, or otherwise used for purposes other than those specified.
  • Consumers should be able to control access to their personal information. They should know who is storing what information on them, and how that information is being used.
  • Reasonable safeguards should protect personal data against such risks as loss or unauthorized access, use, destruction, modification, or disclosure.
  • Entities in control of personal health information must be held accountable for implementing these principles. Remedies must exist to address security breaches or privacy violations.

Perhaps more important, by creating a standardized way to communicate, individuals are now free to choose those applications that best meet their own needs. Cue Google and Microsoft.