Advocacy org publishes trust framework
Advocacy organization Patient Privacy Rights (PPR) has published its Privacy Trust Framework, a set of more than 75 auditable criteria based on 15 key privacy principles. The framework enables objective measurement of how well health IT, platforms, applications, electronic systems and research projects protect data privacy and ensure patient control over the collection, use and disclosure of their health data.
The copyrighted Trust Framework was developed by the bipartisan Coalition for Patient Privacy, in concert with Microsoft and PricewaterhouseCoopers (PwC). The framework was developed, tested and validated on HealthVault over an 18-month period. It is designed to allow patients to easily see and compare which systems, applications, platforms, websites and research projects are worthy of their trust. At the same time, companies and organizations will benefit as citizens reward them by participating in systems and using applications that distinguish themselves as trustworthy, according to a release.
* Patients can easily find, review and understand the privacy policy.
* The privacy policy fully discloses how personal health information will and will not be used by the organization. Patients’ information is never shared or sold without patients’ explicit permission.
* Patients decide if they want to participate.
* Patients are clearly warned before any outside organization that does not fully comply with the privacy policy can access their information.
* Patients decide and actively indicate if they want to be profiled, tracked or targeted.
* Patients decide how and if their sensitive information is shared.
* Patients are able to change any information that they input themselves.
* Patients decide who can access their information.
* Patients with disabilities are able to manage their information while maintaining privacy.
* Patients can easily find out who has accessed or used their information.
* Patients are notified promptly if their information is lost, stolen or improperly accessed.
* Patients can easily report concerns and get answers.
* Patients can expect the organization to punish any employee or contractor that misuses patient information.
* Patients can expect their data to be secure; and
* Patients can expect to receive a copy of all disclosures of their information.
Editor
Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.