AMIA AND AHIMA RELEASE BASIC PRINCIPLES FOR ENSURING CONFIDENTIALITY OF PERSONAL HEALTH INFORMATION

CHICAGO, September 7—Basic principles need to be incorporated in all rules, regulations, or laws pertaining to personal health information (PHI) if it is expected to flow across organizational boundaries through the nationwide health information network (NHIN), according to a position statement released today by the American Medical Informatics Association (AMIA) and the American Health Information Management Association (AHIMA).

“Public confidence that personal health information will be respected and that identifiable information, to the maximal extent possible, will be used only for authorized purposes is essential to the success of any electronic health information exchange,” states Don E. Detmer, MD, MA, President and CEO of AMIA. “Health information confidentiality and security protections must follow PHI no matter where it resides.”

The Associations release the following principles that organizations accessing or storing PHI should abide:

• Inform individuals, through clear communications, about their rights and obligations and the laws and regulations governing protection and use of PHI.
• Notify individuals in clear language about the organization’s privacy practices and their rights in cases of breaches.
• Provide individuals with a convenient, affordable mechanism to inspect, copy, or amend their identified health information/records.
• Protect the confidentiality of PHI to the fullest extent prescribed under HIPAA, regardless of whether the organization and its employees all comply with HIPAA, state laws, and the policies and procedures put in place to protect PHI.
• Use PHI only for legitimate purposes as defined under HIPAA or applicable laws.
• Prohibit the use of PHI for discriminatory practices, including those related to insurance coverage or employment decisions.
• Timely notification of individuals if security breaches have compromised the confidentiality of their PHI.
• Work with appropriate law enforcement to prosecute to the maximum extent allowable by law any individual or organization who intentionally misuses PHI.
• Continuously improved processes, procedures, education, and technology so that PHI practices improve over time.

“Uniform and universal protections for PHI should apply across all jurisdictions in order to reduce confusion and increase understanding by organizations and individuals,” adds Jill Callahan Dennis, JD, RHIA, president of AHIMA.

To view the position statement, visit AMIA’s Web site at: http://www.amia.org/informatics/public_policy/index.asp#confidentiality.

About AMIA
AMIA is an organization of 3,500 health professionals committed to informatics who are leaders, shaping the future of health information technology and its application in the United States and 41 other nations. AMIA is dedicated to the development and application of informatics in support of patient care, teaching, research, and healthcare administration and public policy. For more information, visit www.amia.org.

About AHIMA
AHIMA is the premier association of health information management (HIM) professionals. AHIMA’s 52,000 members are dedicated to the effective management of personal health information needed to deliver quality healthcare to the public. Founded in 1928 to improve the quality of medical records, AHIMA is committed to advancing the HIM profession in an increasingly electronic and global environment through leadership in advocacy, education, certification, and lifelong learning. For more information, visit www.ahima.org.