Annu Int Conf IEEE Eng Med Biol Soc. 2011;2011:2380-3. doi: 10.1109/IEMBS.2011.6090664.

Assessing the HIPAA standard in practice: PHR privacy policies.

Annual International Conference of the IEEE Engineering in Medicine and Biology Society. IEEE Engineering in Medicine and Biology Society. Annual International Conference

Inmaculada Carrión, José Luis Fernández Alemán, Ambrosio Toval

PMID: 22254820 DOI: 10.1109/IEMBS.2011.6090664

Abstract

Health service providers are starting to become interested in providing PHRs (Personal Health Records). With PHRs, access to data is controlled by the patient, and not by the health care provider. Companies such as Google and Microsoft are establishing a leadership position in this emerging market. A number of benefits can be achieved with PHRs, but important challenges related to security and privacy must be addressed. This paper presents a review of the privacy policies of 20 free web-based PHRs. Security and privacy characteristics were extracted and assessed according to the HIPAA standard. The results show a number of important differences in the characteristics analyzed. Some improvements can be made to current PHR privacy policies to enhance the audit and management of access to users' PHRs. A questionnaire has been defined to assist PHR designers in this task.

MeSH terms

• Confidentiality / standards*
• Electronic Health Records / standards*
• Health Insurance Portability and Accountability Act / standards*
• Health Records, Personal*
• Practice Guidelines as Topic*
• United States

Publication Types

• Journal Article
• Research Support, Non-U.S. Gov't