Health IT Policy Committee OKs Recommendations for Big Data
The Health IT Policy Committee approved draft recommendations from its Privacy and Security Workgroup for overcoming privacy and security challenges associated with using big data in a learning health care system, Clinical Innovation & Technology reports (Walsh, Clinical Innovation & Technology, 8/12).
Draft Report Details
The draft report highlighted the increased risk of security violations amid the "rapid growth" of health information in the industry.
Other challenges included:
- A complex legal framework surrounding health privacy, which can hinder patients' and researchers' access to data; and
- A lingering threat of patient data being re-identified.
The draft report provided several recommendations to overcome such challenges (Bowman, FierceHealthIT, 8/12).
For example, the workgroup encouraged the use of voluntary codes of conduct, noting that they must be credible and include transparency and accountability.
Work group Co-Chair Stanley Crosley of the Drinker Biddle & Reath law firm said that HHS, the Federal Trade Commission and other regulatory groups must collaborate closely to develop the codes of conduct (Clinical Innovation & Technology, 8/12).
To mitigate harm, the work group recommended that policymakers:
- Identify gaps in legal protections; and
- Increase transparency about how health data are used.
The group also addressed ways to level the "uneven policy environment" (Work group letter, 8/5). For example, it recommended that:
- Existing laws be modified to "incentivize" privacy (FierceHealthIT, 8/12);
- Providers, vendors and consumers be educated about the limits of legal protections; and
- A "right of access" clause be added to the codes of conduct to support access to data for entities not covered by HIPAA (Work group letter, 8/5).
The recommendations also addressed the risk of re-identification, Clinical Innovation & Technology reports.
The work group called for the Office of Civil Rights to become a more active "steward" regarding HIPAA de-identification standards by:
- Reviewing methodology;
- Taking into account input from third parties; and
- Updating methodologies and policies.
Meanwhile, the work group made recommendations to support the secure use of data for learning (Clinical Innovation & Technology, 8/12). For example, the work group said policymakers should incentivize organizations to use "privacy-enhancing technologies" and technical infrastructures (Work group letter, 8/5).
The Usability People work with you on improving the Usability of Healthcare IT.
Together we may save a life! #SafeHealthIT