Privacy standards help safeguard online health data

Share this article:
A nonprofit, with the blessing of high-tech companies and health care firms, this week established a standard framework for protecting online health records.

The Markle Foundation, a nonprofit dedicated to using IT to enhance health care, on Wednesday unveiled a framework of policy and technical best practices that should be followed by storage providers of online patient data.

The move comes as more health care providers — and high-tech companies such as Google and Microsoft — launch hosted web-based services for storing health information, Josh Lemieux, director of the personal health technology initiative at the Markle Foundation, told on Thursday.

While health care systems must adhere to federal privacy regulations such as the Health Insurance Portability and Accountability Act (HIPAA), they do not apply to entities such as Google and Microsoft, which recently launched programs that pool information from multiple health care centers into one central location.

"We did feel it was important to lay out some sound practices and solid expectations for the handling of information," Lemieux said. "That said, we didn't try to make a distinction that someone who is covered by HIPAA should do it one way and those not covered by HIPAA should do it another way."

Known as "Connecting For Health," the guidelines — developed in 18 months by a working group of 46 members, including tech firms, health care providers, academic researchers and nonprofits — contain policy and technical components, he said.

On the privacy and enforcement side, for instance, the framework addresses consumer privacy disclosure and how long data should be retained. On the technical end, topics such as authentication and network architecture are detailed.

Peter McLaughlin, a privacy and data security lawyer with Foley & Lardner and the former global privacy leader at Cardinal Health, applauded the guidelines.

"As we have seen elsewhere in the information technology space, the use of common standards is good because it provides greater choice and improved stability of the platform," he told in an email. "This is particularly important in the health care arena because bad data or systems that do not speak to one another may lead to medical errors, ID theft and insurance fraud."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.