[Med-privacy] IOM Report

[peter marshall]

  National Academies Report Calls for New Approach to Medical Privacy\
[EPIC]
=======================================================================

The National Academies called for a new approach to medical record
privacy. "Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving
Health Through Research" found that the current medical privacy
regulations do not protect privacy and unnecessarily impede health
research. The expert committee recommended Congress authorize the
development of an entirely new approach to protecting personal health
information in research applying privacy, data security, and
accountability standards uniformly to information used in all medical
research regardless the funder or who conducts the research.

The report by the Institute of Medicine, urged all institutions
conducting medical research to improve data protection as data breaches
were a growing threat for health information databases. The experts
suggested that all portable media containing health information,
including laptops, be encrypted.

The experts recommendations took into consideration benefits that both
ethically conducted research as well as privacy protections ensured and
came to the conclusion that the Health Insurance Portability and
Accountability Act was difficult to reconcile with other federal
regulations governing research involving personally identifiable
information.

Among the recommendations, the committee suggested the development of a
new method that focuses on the best practices in privacy, security and
transparency. The committee also suggested the usage of de-identified
medical data in which personal information is removed and unauthorized
re-identification is prohibited by law. Other recommendations included
an ethical oversight in which use of personally identifiable
information without individual consent is necessary.

Finally, the expert committee concluded that to ensure progress in the
nation's health and health care, effective privacy protections must be
implemented in a way that does not hinder health research or inhibit
medical advances. EPIC Director Marc Rotenberg participated in the study
project.



HIPAA Privacy Rule Fails to Adequately Protect Patient Privacy
and Hampers Health Research:
       http://epic.org/redirect/020909_HIPAA_Natl_Acad.html

Report Brief: Beyond the HIPAA Privacy Rule: Enhancing Privacy,
Improving Health Through Research:
       http://epic.org/redirect/020909_HIPAA_Rept_Brf.html

Report: Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving
Health Through Research:
       http://www.nap.edu/catalog.php?record_id=12458

Institute of Medicine:
       http://www.iom.edu/

Report Brief from the Institute of Medicine:
       http://www.iom.edu/File.aspx?ID=61836