On Tuesday, Patient Privacy Rights announced the publication of its Privacy Trust Framework, which describes 75 auditable criteria that are based on 15 core privacy principles, HealthITSecurity reports.
Patient Privacy Rights developed the framework in partnership with:
- PricewaterhouseCoopers; and
- The Coalition for Patient Privacy (Ouellette, HealthITSecurity, 4/3).
The framework aims to help health care organizations measure how well their IT systems and research projects meet certain best practices for protecting patient privacy.
Patient Privacy Rights eventually intends to develop a system to license organizations based on their privacy policies and practices.
Core Privacy Principles
The framework's 15 core privacy principles call for health care organizations to ensure that:
- Patients can decide whether to participate in sharing data;
- Patients can decide and actively indicate whether they want to be profiled, tracked or targeted;
- Patients can decide whether and how their sensitive information is shared;
- Patients have the ability to change any data that they input personally;
- Patients can decide who can access their data;
- Patients with disabilities can manage their health data while maintaining their privacy;
- Patients easily can determine who has accessed or used their information;
- Patients receive prompt notification if their data are lost, stolen or improperly accessed;
- Patients easily can report privacy concerns and receive help;
- Patients can expect the organization to penalize any employee or contractor who misuses patient data;
- Patients can expect their data to be secure; and
- Patients can expect to receive a copy of all disclosures of their information (Goedert, Health Data Management, 4/3).