Electronic Healthcare Records , Governance & Risk Management , Healthcare

Privacy Framework Proposed to Address HIPAA Gaps

Jennifer Covich Bordenick of eHealth Initiative Seeks Feedback on Proposal
Privacy Framework Proposed to Address HIPAA Gaps
Jennifer Covich Bordenick, CEO of the eHealth Initiative and Foundation

The eHealth Initiative and the Center for Democracy and Technology are seeking feedback on their draft privacy framework that addresses gaps in legal protections for consumer health data falling outside of HIPAA's regulatory umbrella, says eHI CEO Jennifer Covich Bordenick.

"Most consumers recognize that there really is no way to manage and track all of the data they have out there - all of the groups, systems and companies that are capturing, storing and using their health information," she says in an interview with Information Security Media Group.

"So we wanted to create a framework to address that defines what health information is, comes up with rules and standards for how it should be protected and comes up with a model for how to really hold companies accountable."

The voluntary framework calls for prohibiting companies from using consumer health data for purposes the consumer did not request or expect, she says.

"A company that is helping you track your ancestors online can't turn around and use your data for something completely different, like marketing drugs to you. It has to be used for what you expected [the data] to be used for."

The framework also calls for limiting the amount of consumer health information that can be collected, disclosed or used to only what is necessary to provide the product or feature a consumer requested, she adds. "If a company is selling you a wearable device, they can't then collect data about what medications you're taking because that's not necessary."

Comments Sought

The eHI and CDT are accepting public comment on the proposed framework until Sept. 25. The feedback will be considered as the groups hammer out the next iteration of the framework, she says.

In the interview (see audio link below photo), Bordenick also discusses:

  • Other issues the privacy framework aims to tackle;
  • How the framework compares with other privacy frameworks;
  • Who should potentially use the framework and how it can be applied;
  • Next steps for the framework and other privacy and security projects in the works by eHI.

Bordenick is CEO of eHealth Initiative and Foundation, a nonprofit health IT advocacy and research group. She is a member of the HL7 board of directors and is also former co-chair of the Department of Health and Human Services' Federal Health Information Technology Policy Committee's strategy and innovation workgroup.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.