DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Health Information Technology: HHS Has Taken Important Steps to Address Privacy Principles and Challenges, Although More Work Remains

Posted on September 18, 2008October 24, 2024 by Dissent

 

From the GAO report released yesterday:

Summary

Although advances in information technology (IT) can improve the quality and other aspects of health care, the electronic storage and exchange of personal health information introduces risks to the privacy of that information. In January 2007, GAO reported on the status of efforts by the Department of Health and Human Services (HHS) to ensure the privacy of personal health information exchanged within a nationwide health information network. GAO recommended that HHS define and implement an overall privacy approach for protecting that information. For this report, GAO was asked to provide an update on HHS’s efforts to address the January 2007 recommendation. To do so, GAO analyzed relevant HHS documents that described the department’s privacy-related health IT activities.

Since GAO’s January 2007 report on protecting the privacy of electronic personal health information, the department has taken steps to address the recommendation that it develop an overall privacy approach that included (1) identifying milestones and assigning responsibility for integrating the outcomes of its privacy-related initiatives, (2) ensuring that key privacy principles are fully addressed, and (3) addressing key challenges associated with the nationwide exchange of health information. In this regard, the department has fulfilled the first part of GAO’s recommendation, and it has taken important steps in addressing the two other parts. The HHS Office of the National Coordinator for Health IT has continued to develop and implement health IT initiatives related to nationwide health information exchange. These initiatives include activities that are intended to address key privacy principles and challenges. For example: (1) The Healthcare Information Technology Standards Panel defined standards for implementing security features in systems that process personal health information. (2) The Certification Commission for Healthcare Information Technology defined certification criteria that include privacy protections for both outpatient and inpatient electronic health records. (3) Initiatives aimed at the state level have convened stakeholders to identify and propose solutions for addressing challenges faced by health information exchange organizations in protecting the privacy of electronic health information. In addition, the office has identified milestones and the entity responsible for integrating the outcomes of its privacy-related initiatives, as recommended. Further, the Secretary released a federal health IT strategic plan in June 2008 that includes privacy and security objectives along with strategies and target dates for achieving them. Nevertheless, while these steps contribute to an overall privacy approach, they have fallen short of fully implementing GAO’s recommendation. In particular, HHS’s privacy approach does not include a defined process for assessing and prioritizing the many privacy-related initiatives to ensure that key privacy principles and challenges will be fully and adequately addressed. As a result, stakeholders may lack the overall policies and guidance needed to assist them in their efforts to ensure that privacy protection measures are consistently built into health IT programs and applications. Moreover, the department may miss an opportunity to establish the high degree of public confidence and trust needed to help ensure the success of a nationwide health information network.

GAO-08-1138 [pdf] September 17, 2008

Category: Health Data

Post navigation

← UK: All patients to be identified by their NHS number
IE: HSE confirms five laptops stolen over the past year →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Western intelligence agencies unite to expose Russian hacking campaign against logistics and tech firms
  • Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • Privilege Under Fire: Protecting Forensic Reports in the Wake of a Data Breach
  • Hacker who breached communications app used by Trump aide stole data from across US government
  • Massachusetts hacker to plead guilty to PowerSchool data breach (1)
  • Cyberattack brings down Kettering Health phone lines, MyChart patient portal access (1)
  • Gujarat ATS arrests 18-year-old for cyberattacks during Operation Sindoor
  • Hackers Nab 15 Years of UK Legal Aid Applicant Data
  • Supplier to major UK supermarkets Aldi, Tesco & Sainsbury’s hit by cyber attack with ransom demand

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach
  • Drugmaker Regeneron to acquire 23andMe out of bankruptcy
  • Massachusetts Senate Committee Approves Robust Comprehensive Privacy Law

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.