Federal Computer Week reports that the Department of Health and Human Services is looking at privacy as it concerns patient data:
An advisory group to the Health and Human Services Department today began considering a draft Basic Patient Privacy Consent technical framework that describes how health organizations should incorporate patients’ consents and consent policies into their enterprises.
The Health IT Policy Committee’s privacy and security workgroup gave its members a draft patient consent framework. The draft was created with input from Integrating the Health Enterprise, an organization that promotes the coordinated use of technical standards.
The patient consents are needed for collecting and sharing patient health care data in electronic health record (EHR) systems to improve quality of care and public health. […]
Under the framework, a health information exchange would develop a set of privacy and consent policies and start an access-controlled system to implement those policies supported by an EHR system. Patients would be given the policies and could “selectively acknowledge” which policies apply to their records.
The draft included at least 12 types of patient consents, including implicit and explicit opt-out and opt-in, authorizations for specific research projects and authorizations for use of the document but not for republishing.