• E-mail
• Print
• RSS

World Privacy Forum report identifies potential risks associated with some PHRs

EHR Connection, March 10, 2008

The World Privacy Forum has released a legal and policy analysis on the potential privacy consequences of personal health records (PHR) that aren't subject to the HIPAA privacy and security rules.

"Personal Health Records: Why Many PHRs Threaten Privacy," a report released February 20, calls PHRs a new convenience technology that "can have significant negative consequences for the privacy of consumers" who store their records electronically with vendors not subject to HIPAA.

The report lists these potential privacy consequences for PHRs lacking HIPAA protection:

• Health records may lose legal privileged status
• Subpoena will be easier than for records subject to HIPAA rules
• Identifiable health information may leak from a PHR to marketing systems or commercial data brokers
• Information may be sold, rented, or otherwise shared
• Accidental or casual authorization of record-sharing may become easier
• Consumers may be mistaken with respect to the extent of their control over disclosure of records
• Linkage of records from different sources may cause embarrassment, family problems, or other unexpected consequences
• Privacy protections may not meet consumer expectations and may be subject to change without notice or consumer consent

The World Privacy Forum describes itself on its Web site as a nonprofit, nonpartisan, public interest research group. The organization's investigations focus on researching and benchmarking areas such as medical and financial privacy, background checks, consumer data privacy, public records, workplace privacy, and job applicant rights.

Click here to read The World Privacy Forum report.

• E-mail to a Colleague
• Print
• RSS
• Archive