Assessing the HIPAA standard in practice: PHR privacy policies

Author

Carrión, Inmaculada ; Alemán, José Luis Fernández ; Toval, Ambrosio

Author_Institution

Dept. of Inf. & Syst., Univ. of Murcia, Murcia, Spain

fYear

2011

fDate

Aug. 30 2011-Sept. 3 2011

Firstpage

2380

Lastpage

2383

Abstract

Health service providers are starting to become interested in providing PHRs (Personal Health Records). With PHRs, access to data is controlled by the patient, and not by the health care provider. Companies such as Google and Microsoft are establishing a leadership position in this emerging market. A number of benefits can be achieved with PHRs, but important challenges related to security and privacy must be addressed. This paper presents a review of the privacy policies of 20 free web-based PHRs. Security and privacy characteristics were extracted and assessed according to the HIPAA standard. The results show a number of important differences in the characteristics analyzed. Some improvements can be made to current PHR privacy policies to enhance the audit and management of access to users´ PHRs. A questionnaire has been defined to assist PHR designers in this task.

Keywords

data privacy; information resources; medical information systems; security of data; HIPAA standard assessment; PHR privacy policies; health service providers; personal health records; security; web based PHR; Data privacy; Medical services; Privacy; Security; Standards; Systematics; Web sites; Confidentiality; Electronic Health Records; Health Insurance Portability and Accountability Act; Health Records, Personal; Practice Guidelines as Topic; United States;

fLanguage

English

Publisher

ieee

Conference_Titel

Engineering in Medicine and Biology Society, EMBC, 2011 Annual International Conference of the IEEE

Conference_Location

Boston, MA

ISSN

1557-170X

Print_ISBN

978-1-4244-4121-1

Electronic_ISBN

1557-170X

Type

conf

DOI

10.1109/IEMBS.2011.6090664

Filename

6090664