New Principles for Maintaining Health Information Privacy Outlined
There's a fresh new slate of industry privacy guidelines for companies that handle health and wellness data to follow.
The Consumer Technology Association (CTA) has released new guidance for companies that handle consumer health and wellness data. The guidance, which is voluntary, is designed to serve as the basis for healthcare companies when it comes to establishing consumer trust.
In a document, "Guiding Principles for the Privacy of Personal Health and Wellness Information," (.PDF) the CTA outlines five principles that organizations can follow in order to be a good data steward.
CTA is a standards and trade organization that serves the needs of over 2,000 technology companies; it also puts on the annual Consumer Electronics Show (CES) - one of the longest running technology trade shows - in Las Vegas each year.
The five principles are as follows:
1. Be open and transparent about the personal health information you collect and why
2. Be careful about how you use personal health information.
3. Make it easy for consumers to access and control the sharing of their personal health information, and empower them to do so.
4. Build strong security into your technology.
5. Be accountable for your practices and promises.
In light of recently passed - and soon to go into effect - data privacy legislation, CTA is also recommending companies give consumers the ability to access and control how their personal health information is shared, the ability to correct it, if wrong, and grant them the right to deletion, portability, or objection if the law dictates it.
When it comes to safeguarding data, companies should perform regular information security risk assessments to ensure the confidentiality and integrity of data, work in tandem with their IT team to identify and remedy risks, and use encryption to protect it while at rest and in transit.
Lastly, the organization is stressing healthcare companies to appoint a data protection officer or something akin to one, to oversee the security and privacy of personal health information, educate staff on the principles, and if necessary, report security issues and breaches to personal data.
The trade group says that it developed the principles on currently present and developing U.S. law and that its goal is to have it complement, not supplant, legal requirements. The CTA is also leaving the guidance open to interpretation; if a company wants to use it to guide their practices around consumer data that isn't health related, it's available.