Protecting Privacy and Building Trust as Mobile and Online Health Evolve

Content From: HIV.govPublished: March 28, 20123 min read


Co-authored by Lygeia Ricciardi, Office of the National Coordinator for Health IT

The healthcare system is going digital at a fast clip. In the last two years, the number of hospitals using electronic health records has more than doubled to 35%--and the majority of remaining hospitals say they have near-term plans to do so. While patient or consumer use of digital tools for health, such as patient portals and personal health records (PHRs) generally lags behind, it is catching up, especially when you also consider the use of “non-traditional” tools, such as mHealth and social media. The proportion of American consumers using mobile phones for health has more than doubled in a single year to 26%, and social media use for health has more than tripled since 2007, reaching roughly a third of the country.

As we know from numerous polls and studies, the privacy of personal health information is one of the policy issues the public cares about most as health care goes digital. Laws and regulations such as HIPAA and HITECH provide some parameters for privacy guidance in this changing environment, and as health information technology evolves, additional initiatives can build on and complement those protections.

The Office of the National Coordinator (ONC), primarily through its Office of the Chief Privacy Officer, is working to understand and provide tools for addressing privacy and security issues related to mobile and online health through several initiatives, described below. In addition, in partnership with the Office of Civil Rights (OCR), ONC is helping to inform the public about privacy and security within the context of the benefits of health information technology and its potential impact on individual patients and consumers (see Patients & Families website).

Current Privacy Initiatives at ONC include:
  • Mobile Devices Roundtable: Safeguarding Health Information: A March 16, 2012 roundtable to inform the development of clinician “good practices” regarding securing health information on mobile devices.
  • mHealth Privacy and Security Consumer Research: Ongoing focus group research to explore the attitudes and preferences of consumers with respect to health-related information and mobile devices.
  • Survey on Privacy, Security of Medical Records: An annual public survey looking at preferences related to the privacy and security of electronic health records and health information exchange, exploring, among other key measures, the percentage of people who report having kept any part of their medical history from their doctor due to privacy concerns. Results will be posted online.
  • Model Privacy Notice for Consumers for Personal Health Records: An online tool that help consumers assess and compare the privacy practices of individual personal health records (PHRs) through a simple table, filled out by PHR providers, describing how they use and protect health information.
For those who wish to do a deeper dive into privacy/security issues, take a look at the following websites as well: Hitech Act and HIPAA (notice of proposed rulemaking), HHS Office of Civil Rights (Health Information Privacy Page webpage), HHS Office of the National Coordinator for Health IT (Cybersecurity webpage), Federal Trade Commission (Privacy and Security webpage), and the Department of Justice (Privacy Act of 1974)).