Secretary Leavitt Announces New Principles, Tools to Protect Privacy, Encourage More Effective Use of Patient Information to Improve Care

Client Alert | 1 min read | 12.18.08

On December 15, 2008, Health and Human Services Secretary Michael Leavitt announced new principles and tools to be used in order to protect patient information and confidentiality. The new principles were developed based on the recognition that the growing use of computers and electronic transmissions of patient information, while offering the potential to improve the quality of care, also pose significant privacy issues. The Secretary announced a new toolkit to guide efforts to protect patient information while maximizing the use of new technology for the provision of quality care. He expressed confidence that consumer trust would grow over time assuming protections are put into place.

First, the Secretary emphasized "Individual Access" to ensure that consumers are able simply and easily to obtain their personal health information. Consumers should also be able easily to obtain "Correction" of their information, including adding or amending material. Also important is "Openness and Transparency," which will ensure that consumers will understand the methods of collection, use, and disclosure of their protected health information. "Individual Choice" should empower consumers to make decisions about with whom, when, and how their personal information is shared or not shared. Also, a "Collection, Use, and Disclosure Limitation" should make sure that personal health information is only used to accomplish certain specified purposes.

With regard to "Data Integrity," the Secretary emphasized that those who hold records must ensure that the information is accurate and up-to-date. "Safeguards" should be put into place via administrative and other means to guarantee the confidentiality, integrity, and availability of information, as well as to prevent inappropriate use of the information. Finally, "Accountability" mechanisms must be put into place to ensure that those who tamper with or mishandle personal health information are held responsible.

Insights

Client Alert | 5 min read | 12.23.25

An ITAR-ly Critical Reminder of Cybersecurity Requirements: DOJ Settles with Swiss Automation, Inc.

Earlier this month, the Department of Justice (DOJ) announced that Swiss Automation Inc., an Illinois-based precision machining company, agreed to pay $421,234 to resolve allegations that it violated the False Claims Act (FCA) by inadequately protecting technical drawings for parts delivered to Department of Defense (DoD) prime contractors. This settlement reflects DOJ's persistent emphasis on cybersecurity compliance across all levels of the defense industrial base, reaching beyond prime contractors to encompass subcontractors and smaller suppliers. The settlement is also a reminder to all contractors not to overlook the often confusing relationship between Controlled Unclassified Information (CUI) and export-controlled information....

Client Alert | 10 min read | 12.23.25
CMS Proposed Rules Prohibit Provision and Coverage of "Sex-Rejecting Procedures" for Minors Enrolled in Medicare and Medicaid
Client Alert | 2 min read | 12.23.25
Record-Setting False Claims Act Settlement Highlights DOJ Commitment to Customs Enforcement
Client Alert | 22 min read | 12.23.25
The FY 2026 National Defense Authorization Act

View All Insights