In our comments about the NwHIN, Patient Privacy Rights (PPR) urged the Office of the National Coordinator for Health IT (ONC) to use this critical opportunity to address the fatal privacy and security flaws in current systems and state and federal data exchanges. “Multi-stakeholder” public-private governance at the state and federal level has failed to gain public trust. Public-private governance assures that industry, research, and government interests trump the public’s rights to health information privacy.
To restore public trust, PPR strongly believes:
- All state and federal data exchanges should be certified to assure that patients control the exchange of their health data. Privacy certification should be designed by a non-profit, patient-led organization with expertise in health privacy;
- Data should only be exchanged using the Direct Project for secure email between patients, physicians, and other health professionals (with rare exceptions);
- Patients should always give meaningful informed consent before their information is disclosed; and
- Sensitive personal health information should only flow to those directly involved in an individual’s treatment, or to those who are conducting research in which an individual has agreed to participate.
Without a network designed to make sure individuals decide who sees their health records, Americans will grow even more wary of seeking needed treatment. We urge the ONC to act now to create a nationwide network that requires comprehensive data privacy and security measures to protect patients’ intimate personal health data. See comments here.