Electronic health records vendors and healthcare providers share an intense interest in defining best practices for the privacy and security of personal health records and the US Congress is turning its attention to PHRs as well. The Office of National Coordinator for Health Information Technology (ONC) announced this week that due to ‘overwhelming response” from the health records community, its December 3,2010 Roundtable on The Evolving Landscape for Personal Health Records is already over-subscribed and closed to in-person participation. This Roundtable will focus on privacy and security requirements for personal health record (PHR) vendors and related service providers. Discussion of privacy and security issues at the Roundtable will inform the congressionally mandated report that ONC is preparing on privacy and security requirements for non-Covered Entities (non-CEs), with a focus on personal health records (PHRs) and related service providers (Section 13424 of the HITECH Act).
Four panels will address the current state and evolving nature of PHRs and related technologies (including mobile technologies and social networking), consumer and industry expectations and attitudes toward privacy and security practices, and the pros and cons of different approaches to the requirements that should apply to non-CE PHRs and related technologies.
The first Roundtable panel will describe and discuss the history and current state of personal health records, including types of PHR vendors, business models, and privacy and security practices. The second panel will go into more detail on how PHRs are evolving, including the connection to mobile technologies and social networking, and will address privacy and security practices and challenges in this evolving context. The third panel plans to focus on consumer expectations and concerns related to the privacy and security of identifiable health information in PHRs and related technologies. It will also explore the attitudes of health care providers and industry groups to the privacy and security of PHRs.
The final panel will address the need for privacy and security requirements for PHRs and related non-CE entities, in accordance with the study required by Congress. It will provide a forum for different views on the appropriate regulation, if any, or other requirements that should be applicable to non-CE PHRs and related service providers and technologies. This panel will have two sub-panels. The first sub-panel will include representatives of federal and state agencies with current enforcement authority. The second sub-panel will explore whether there is a need for regulation and other requirements and the pros and cons of different approaches to government regulation and private sector oversight.
Interested parties can still register online for the webcast of this Roundtable.
Dr. Cronin is a Professor of Management in the Information Systems Department at Boston College. To read more of her articles, please visit her columnist page.Edited by
Erin Monda