Privacy of Health Information: An IFHIMA Global Perspective

Privacy is the right of an individual to keep oneself and one’s information concealed from unauthorized access and view by others.

As the world moves to electronic health records, albeit at varying stages, health data is being used for a wider range of purposes, including improving population health, disease surveillance, and the study of health economics. There also have been dramatic changes in how patients, consumers, and individuals access and use their health data. While health information is first about delivering health and wellness services, it is increasingly shared across platforms and providers. Unfortunately, sometimes, this sharing is without the knowledge, understanding, or consent of the patient. Headlines in the U.S. over the past year certainly affirm these concerns. 

While this transformation is good for the advancement of healthcare, through goals like improving access, reducing costs, and empowering consumers/patients with better access to their own data, it presents new challenges for health information professionals.

New technologies such as machine learning, artificial intelligence, and biometric authentication will no doubt further compound these issues, leading to new policies and regulations to support the privacy of health information. And, as is obvious, regulations and policies can’t keep pace with new technology and the innovation that is unfolding. 

These changes require principled stewardship by health information management (HIM) professionals and policymakers to implement good privacy practices across the healthcare continuum, by private, public, and community healthcare providers and data users.

The International Federation of Health Information Management Associations’ (IFHIMA’s) recent white paper was published with the intent to assist HIM professionals, policymakers, and regulators navigate the changing landscape of health information privacy.

Throughout the paper, we discuss some principles that guide how information is managed, and the impact of not attending to these principles. One of the key tenets is that privacy and trust go hand in hand.

Trust and Stewardship 

Trust between the patient/consumer and their provider, healthcare organization, or pharmacy is essential to health and well-being. When personal health information (PHI) is compromised, trust is eroded, and a loss of trust can be detrimental to the patient-provider relationship.

Effective stewardship is an important obligation for all who create, use, and manage health information. Preserving confidentiality of health information is an indisputable stewardship obligation.

Standards for crafting stewardship frameworks for governing health and other sensitive information in physical or even digital form have been around since the 1970s, with the Caldecott Principles of the United Kingdom, the Principles of Fair Information Practice (FIPPS) of the United States, and the Organization for Economic Co-operation and Development (OECD) Privacy Framework.

These decades-old principles continue to serve privacy practices around the globe.

Our Mobile, Digital World

We live in an increasingly mobile world. Data, like individuals, move from country to country, adding to the challenge of keeping health information private across boundaries. Healthcare organizations are obligated to understand and respond to regulations outside of their service areas, as health information is increasingly shared across jurisdictions and nations.

Recommendations

IFHIMA recommends that HIM professionals consider the following when privacy regulations are being explored or revised in your countries:

• Get involved as privacy or data protection regulations are developed, and provide feedback to all principles, but especially to healthcare.
• Assess what the proposed regulations may mean to your organization and communicate your concerns and insight to leadership and legislative/regulatory bodies.
• Identify required changes to systems, policies, processes, and technologies as the regulations are finalized.
• Train your healthcare teams, administrators, and patients/clients about their privacy rights and responsibilities.
• Commit to ongoing professional growth through continuing education, and take a leadership approach to data stewardship.