Secretary Leavitt Announces New Principles, Tools to Protect Privacy, Encourage More Effective Use of Patient Information to Improve Care

On December 15, 2008, Health and Human Services Secretary Michael Leavitt announced new principles and tools to be used in order to protect patient information and confidentiality. The new principles were developed based on the recognition that the growing use of computers and electronic transmissions of patient information, while offering the potential to improve the quality of care, also pose significant privacy issues. The Secretary announced a new toolkit to guide efforts to protect patient information while maximizing the use of new technology for the provision of quality care. He expressed confidence that consumer trust would grow over time assuming protections are put into place.

First, the Secretary emphasized "Individual Access" to ensure that consumers are able simply and easily to obtain their personal health information. Consumers should also be able easily to obtain "Correction" of their information, including adding or amending material. Also important is "Openness and Transparency," which will ensure that consumers will understand the methods of collection, use, and disclosure of their protected health information. "Individual Choice" should empower consumers to make decisions about with whom, when, and how their personal information is shared or not shared. Also, a "Collection, Use, and Disclosure Limitation" should make sure that personal health information is only used to accomplish certain specified purposes.

With regard to "Data Integrity," the Secretary emphasized that those who hold records must ensure that the information is accurate and up-to-date. "Safeguards" should be put into place via administrative and other means to guarantee the confidentiality, integrity, and availability of information, as well as to prevent inappropriate use of the information. Finally, "Accountability" mechanisms must be put into place to ensure that those who tamper with or mishandle personal health information are held responsible.