ACP calls for improved privacy protections

The American College of Physicians (ACP) has released a new policy aimed at improving the existing health information privacy framework and expanding similar privacy guardrails to entities not covered by current laws and regulations.

According to a news release, the paper was published in Annals of Internal Medicine and is titled “Health Information Privacy, Protection, and Use in the Expanding Digital Health Ecosystem: A Position Paper of the American College of Physicians.” It lays out principles and recommendations for health information privacy, protection, and use.

“Health information technology and electronic health records systems surely possess the power to enhance the patient-physician relationship and value of care tremendously,” Jacqueline W. Fincher, MD, MACP, president of ACP, says in the release. “Patients being able to track their glucose levels, schedule an appointment, and easily access their latest records online are all just a small window into the opportunity digital health technology provides -- all of which requires a great amount of trust for all parties involved.”

The policy principles laid out in the paper are below as they appear in the release:

Principle 1: ACP believes that protecting the privacy and security of personal health information collected both within and outside the health care system—while providing individual rights to that information—is essential for fostering trust in the evolving digital health care system, maintaining ethical standards and respect for persons, and promoting the safe delivery of health care.

Principle 2: ACP supports increased transparency and public understanding and improved models of consent about the collection, exchange, and use of personal health information within existing HIPAA rules as well as for entities collecting, exchanging, and using personal health information outside the health care system.

Principle 3: ACP believes that the confidentiality of personal health information is a fundamental aspect of medical care, and physicians and other clinicians have an obligation to adhere to appropriate privacy and security protocols to protect individual privacy.

Principle 4: ACP believes that health IT and other digital technologies, including personalized digital health products, should incorporate privacy and security principles within their design as well as consistent data standards that support privacy and security policies and promote safety.

Principle 5: ACP supports oversight and enforcement to ensure that all entities not currently subject to HIPAA rules and regulations and that interact with personal health information are held accountable for maintaining confidentiality, privacy, and security of that information.

Principle 6: ACP believes that new approaches to privacy and security measures should be tested before implementation and regularly reevaluated to assess the effect of these measures in real-world health care settings.