Framework Outlines Key Principles for Protecting Privacy of Patient Data


On Tuesday, Patient Privacy Rights announced the publication of its Privacy Trust Framework, which describes 75 auditable criteria that are based on 15 core privacy principles, HealthITSecurity reports.

Patient Privacy Rights developed the framework in partnership with:

  • Microsoft;
  • PricewaterhouseCoopers; and
  • The Coalition for Patient Privacy (Ouellette, HealthITSecurity, 4/3).

Framework Goals

The framework aims to help health care organizations measure how well their IT systems and research projects meet certain best practices for protecting patient privacy.

Patient Privacy Rights eventually intends to develop a system to license organizations based on their privacy policies and practices.  

Core Privacy Principles

The framework's 15 core privacy principles call for health care organizations to ensure that:

  1. Patients can easily locate, review and understand the organization's privacy policy;
  2. The privacy policy fully discloses how the organization will and will not use personal health data;
  3. Patients can decide whether to participate in sharing data;
  4. Patients receive notification before their data are accessed by any outside entity that does not fully comply with the organization's privacy policy;
  5. Patients can decide and actively indicate whether they want to be profiled, tracked or targeted;
  6. Patients can decide whether and how their sensitive information is shared;
  7. Patients have the ability to change any data that they input personally;
  8. Patients can decide who can access their data;
  9. Patients with disabilities can manage their health data while maintaining their privacy;
  10. Patients easily can determine who has accessed or used their information;
  11. Patients receive prompt notification if their data are lost, stolen or improperly accessed;
  12. Patients easily can report privacy concerns and receive help;
  13. Patients can expect the organization to penalize any employee or contractor who misuses patient data;
  14. Patients can expect their data to be secure; and
  15. Patients can expect to receive a copy of all disclosures of their information (Goedert, Health Data Management, 4/3).
susan popkes
how long do HIV results have to be stored in the state of CA? I have heard that there is some law that requires HIV positive results to be destroyed after 2 years.

to share your thoughts on this article.