---

Published: January 2009

HIT cannot be successful without strong privacy protections

Coalition: Medical Privacy

In a letter to Democratic leadership, Consumer Action and its coalition members urged Congress to include key privacy protections in any upcoming health IT legislation.

In order to achieve a successfully wired health care system that Americans trust, we ask you, as a member of Congress, to “A.C.T.” now to ensure our information is only used to promote health:

ACCOUNTABILITY
Hold every entity with access to health information accountable.

• Those who collect, store or use personal health information should help ensure that the data is accurate, reliable and secure. Minimum standards should include: encrypting data at rest and in transit, limiting access to specific individuals via informed, electronic consent and audit trails of all electronic transactions.
• Authorize and fund Health & Human Services and the Federal Trade Commission to increase their oversight of industry practices including random audits of contracts.  
• Require breach notification, privacy safeguards and whistleblower protections, including meaningful enforcement of privacy rights.

CONTROL
Ensure individuals control the use of their personal health information.

• Codify a federal right to health information privacy.
• Ensure individuals can segment sensitive information and that safeguards for medical information are built in up front before problems arise.  
• Provide incentives for health IT systems to use electronic informed consent, innovative consumer privacy controls and for user interfaces to be accessible for patients with disabilities.

TRANSPARENCY
Protect consumers from abusive practices. 

• Prohibit direct or indirect remuneration for the sharing, disclosure or use of personal health information with limited exceptions for research and public health.
• Ensure that corporations cannot obtain exclusive or contractual rights to own or control personal health information. We have evidence that selling of this data is happening at major companies (details available upon request). 
• Personal health information obtained for one purpose must not be used for other purposes without informed consent.  Even when consent is obtained, privacy obligations such as security and prevention of misuse, continue.

Lead Organization

Patient Privacy Rights

Other Organizations

AIDS Action | Senatory Karen Johnson (AZ) | Alliance for Patient Safety | JustHealth | American Association for People with Disabilities | Justice Through Music | American Civil Liberties Union The Liberty Coalition | Arizona Eagle Forum | Microsoft Corporation, Inc. | Bazelon Center for Mental Health Law | The Multiracial Activist | Bill of Rights Defense Committee | National Association of Social Workers | Citizens for Health | National Center for Transgender Equality | Citizens Outreach Project | The National Coalition of Mental Health Professionals and Consumers | Clinical Social Work Association | National Workrights Institute | Confederation of Independent Psychoanalytic Societies | Patient Privacy Rights Foundation | Private Citizen, Inc. The Cyber Privacy Project | Representative Cindy Rosenwald (NH) | Esther Dyson | Bruce Schneier | Electronic Privacy Information Center (EPIC) | Thoughtful House Center for Children Fairfax County Privacy Council | Tolven, Inc. | Government Accountability Project | U.S. Bill of Rights Foundation | Health Administration Responsibility Project, Inc. | Velvet Revolution International Association of Whistleblowers

More Information

Coalition urges Congress to "A.C.T." for Privacy in 2009

Download PDF

No Download Available