Recently published policy paper outlines necessary changes for improving the existing health information privacy framework
May 7, 2021 (ACP) -- Amid the acceleration of technology that collects patient data, the 管家婆心水论坛 is calling for updated privacy regulations that better safeguard patients' personal health information and improve patient trust in digital health technology.
Most patients have apps that track their daily steps, sleep, meditation habits, glucose levels, blood pressure or other important health data, which hold patients accountable to lifestyle changes and help physicians better counsel and manage patients' health in real time. However, health information technology gathered by apps and websites may not be well protected.
Since HIPAA was first signed into law in 1996, technology has changed significantly, explained ACP President Dr. Jacqueline W. Fincher. 鈥淗IPAA looked at privacy of health information being exchanged between direct medical organizations such as physician offices, hospitals and insurance companies,鈥 said Fincher. Today, this health information is shared with numerous parties both within and outside of traditional health care.
鈥淎ll of these new apps and websites are collecting patient data and may be making money off their use without any guardrails and regulation,鈥 she said. 鈥淢ost of the population doesn't realize how much is unregulated and, therefore, at risk.鈥
In a new policy paper, ACP outlines the changes necessary to improve the existing health information privacy framework and expand privacy regulations and standards to which physicians have been held to entities not yet governed by privacy laws and regulations. The policy paper, titled 鈥淗ealth Information Privacy, Protection, and Use in the Expanding Digital Health Ecosystem: A Position Paper of the 管家婆心水论坛,鈥 is published in the April 27, 2021 issue of the Annals of Internal Medicine.
ACP built its health information privacy policy for the evolving digital health landscape on six principles:
1. Protecting the privacy and security of personal health information collected within and outside the health care system is essential for fostering trust in the digital health care system.
ACP is proposing that all stakeholders agree to play by the same rules. This starts with analyzing where we are now, Fincher said. 鈥淪tates have different rules, and at the federal level, there are rules under the U.S. Centers for Medicare & Medicaid Services and the Federal Trade Commission,鈥 she said. These entities must ultimately come together to develop and implement any new regulations.
The next step is to identify any gaps in terms of health information patient privacy. The biggest gaps appear to be with mobile apps. 鈥淭here is a huge burgeoning field of commercial apps, and they are not regulated in terms of privacy policies, so patients are innocently inputting personal information that they think is private, but it's not,鈥 Fincher said.
2. Transparency and public understanding must be increased, and models of consent should be improved regarding the collection, exchange and use of personal health information.
鈥淭he new regulations must be transparent and understandable to those who are providing the information, so they understand how it is being used,鈥 Fincher said. Updated regulations must also be adaptable to all types of apps and technologies.
3. Confidentiality of personal health information is a fundamental aspect of health care.
4. Health information technology and other digital technologies should incorporate privacy and security principles within their design.
Exactly what new health information technology privacy and security protections will look like is a work in progress, Fincher said. 鈥淚t has to be comprehensive and involve everyone handling any personal health information,鈥 she said, adding that these parties must be held accountable for maintaining confidentiality, privacy and security of that information and should incorporate privacy and security principles within their design.
5. There must be oversight and enforcement to ensure that all entities not currently subject to HIPAA rules that interact with personal health information are held accountable.
6. Testing of privacy and security measures is essential before implementation, and these measures should be regularly reevaluated.
These new approaches to privacy and security measures should be regularly reevaluated to assess their effect in real-world health care settings, Fincher said. 鈥淧atients' personal health information should always be protected -- and that's the real goal of this policy paper and the recommendations it includes,鈥 she said.
More Information
The position paper, 鈥淗ealth Information Privacy, Protection, and Use in the Expanding Digital Health Ecosystem: A Position Paper of the 管家婆心水论坛,鈥 is available on the