The trusted source for
healthcare information and
HIPAA Regulatory Alert
Groups suggest basic principles for PHI privacy
Basic principles need to be incorporated in all rules, regulations, or laws pertaining to personal health information (PHI) if it is expected to flow across organizational boundaries through the nationwide health information network, according to the American Medical Informatics Association (AMIA) and the American Health Information Management Association (AHIMA).
"Public confidence that personal health information will be respected and that identifiable information, to the maximal extent possible, will be used only for authorized purposes is essential to the success of any electronic health information exchange," said AMIA President Don Detmer. "Health information confidentiality and security protections must follow PHI no matter where it resides."
The two associations said organizations accessing or storing PHI should follow these principles:
In 2002, California enacted a law requiring people to be notified if their personal information has been compromised by a privacy or security breach, and since then an additional 32 states have passed such laws. HIPAA does not have a notification requirement.
The joint policy position contains a provision that "uniform and universal protections for PHI should apply across all jurisdictions in order to facilitate consistent understanding by those covered by such laws and the individuals whose health information is covered by such laws."
More information is available on-line at http://www.amia.org/informatics/public_policy/docs/amia_ahimajointconfidentialitystatement.pdf.