Privacy standards help safeguard online health data

Share this article:
A nonprofit, with the blessing of high-tech companies and health care firms, this week established a standard framework for protecting online health records.

The Markle Foundation, a nonprofit dedicated to using IT to enhance health care, on Wednesday unveiled a framework of policy and technical best practices that should be followed by storage providers of online patient data.

The move comes as more health care providers — and high-tech companies such as Google and Microsoft — launch hosted web-based services for storing health information, Josh Lemieux, director of the personal health technology initiative at the Markle Foundation, told on Thursday.

While health care systems must adhere to federal privacy regulations such as the Health Insurance Portability and Accountability Act (HIPAA), they do not apply to entities such as Google and Microsoft, which recently launched programs that pool information from multiple health care centers into one central location.

"We did feel it was important to lay out some sound practices and solid expectations for the handling of information," Lemieux said. "That said, we didn't try to make a distinction that someone who is covered by HIPAA should do it one way and those not covered by HIPAA should do it another way."

Known as "Connecting For Health," the guidelines — developed in 18 months by a working group of 46 members, including tech firms, health care providers, academic researchers and nonprofits — contain policy and technical components, he said.

On the privacy and enforcement side, for instance, the framework addresses consumer privacy disclosure and how long data should be retained. On the technical end, topics such as authentication and network architecture are detailed.

Peter McLaughlin, a privacy and data security lawyer with Foley & Lardner and the former global privacy leader at Cardinal Health, applauded the guidelines.

"As we have seen elsewhere in the information technology space, the use of common standards is good because it provides greater choice and improved stability of the platform," he told in an email. "This is particularly important in the health care arena because bad data or systems that do not speak to one another may lead to medical errors, ID theft and insurance fraud."

Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.