New privacy guidelines for e-health records announced

As President-elect Obama calls for widespread adoption of e-medical records, the Department of Health and Human Services is offering more privacy guidelines for them.

Stephanie Condon Staff writer, CBSNews.com
Stephanie Condon is a political reporter for CBSNews.com.
Stephanie Condon
2 min read

The Department of Health and Human Services this week released new privacy guidelines (PDF) for electronic health records, the use of which President-elect Barack Obama has promised to support as part of his plan to jump-start the economy.

The use of electronic medical records could reduce costs and medical errors while potentially improving the quality of care patients receive, advocates say, but the level of new privacy standards needed for e-health records has been a matter of debate.

"Consumers need an easy-to-read, standard notice about how their personal health information is protected, confidence that those who misuse information will be held accountable, and the ability to choose the degree to which they want to participate in information sharing," HHS Secretary Mike Leavitt said Monday.

The eight principles established in the guidelines are intended to facilitate the adoption of e-health records by providing a consistent approach to questions of privacy and defining the responsibilities of those who have access to e-health records and share them through a network. The principles address issues of patient access; correction of records; openness and transparency; patient choice; limitations to the collection, use, and disclosure of personal health information; data integrity; safeguards; and accountability.

The HHS Office for Civil Rights also published new guidance documents explaining how the Health Insurance Portability and Accountability (HIPAA) Act can facilitate the exchange of information through e-records.

Privacy advocates at a meeting with Obama's transition team on Tuesday brought up the need for more stringent privacy standards for medical information. However, some members of the software industry, which strongly supports the adoption of e-health records, have said the HIPAA Act may provide sufficient privacy safeguards.

The new HHS guidelines state that "although the HIPAA Privacy and Security Rules apply to health information in electronic form, the current landscape of electronic health information exchange poses new issues and involves additional organizations that were not contemplated at the time the rules were drafted."