Privacy standards help safeguard online health data
The Markle Foundation, a nonprofit dedicated to using IT to enhance health care, on Wednesday unveiled a framework of policy and technical best practices that should be followed by storage providers of online patient data.
The move comes as more health care providers — and high-tech companies such as Google and Microsoft — launch hosted web-based services for storing health information, Josh Lemieux, director of the personal health technology initiative at the Markle Foundation, told SCMagazineUS.com on Thursday.
While health care systems must adhere to federal privacy regulations such as the Health Insurance Portability and Accountability Act (HIPAA), they do not apply to entities such as Google and Microsoft, which recently launched programs that pool information from multiple health care centers into one central location.
"We did feel it was important to lay out some sound practices and solid expectations for the handling of information," Lemieux said. "That said, we didn't try to make a distinction that someone who is covered by HIPAA should do it one way and those not covered by HIPAA should do it another way."
Known as "Connecting For Health," the guidelines — developed in 18 months by a working group of 46 members, including tech firms, health care providers, academic researchers and nonprofits — contain policy and technical components, he said.
On the privacy and enforcement side, for instance, the framework addresses consumer privacy disclosure and how long data should be retained. On the technical end, topics such as authentication and network architecture are detailed.
Peter McLaughlin, a privacy and data security lawyer with Foley & Lardner and the former global privacy leader at Cardinal Health, applauded the guidelines.
"As we have seen elsewhere in the information technology space, the use of common standards is good because it provides greater choice and improved stability of the platform," he told SCMagazineUS.com in an email. "This is particularly important in the health care arena because bad data or systems that do not speak to one another may lead to medical errors, ID theft and insurance fraud."