Thursday, October 8, 2009

AHIMA Bill of Rights to Protect Patient Data

The American Health Information Management Association has established a Health Information Bill of Rights as a model for protecting patient health information.

The Bill is comprised of seven protections that were made necessary by the many patient data breaches that have occurred recently, says AHIMA. The protections focus on guaranteeing healthcare consumers free access to health data during the course of treatment and creating a standard for health information that is “accurate and as complete as possible.”

Other protections revolve around the patient’s right to know who accesses and updates their health data, and the need for healthcare professionals to be held accountable for any violations of privacy and security laws.

Currently, health information is subject to a variety of federal and state statutes and regulations. At the national level, the Health Insurance Portability and Accountability Act (HIPAA) privacy regulations provide healthcare consumers with rights regarding their protected health information. However, only covered entities (healthcare providers, health plans, and health clearinghouses)must comply with these regulations. There are many entities who access or use health information that are not affected by these regulations. The American Recovery and Reinvestment Act of 2009 (ARRA) contains provisions known as HITECH that include significant changes to healthcare privacy and security protections.

At the state level, there are regulations in most states that address hospital-held health information and provide healthcare consumers with a right to obtain a copy of their medical records, for a fee. However, these regulations are not uniform or consistent.Additionally, healthcare consumers cross state lines for healthcare and their ability to access their health information is based on state regulations where the healthcare provider is located.

Since there is a wide variance among the states and no uniform national standard, healthcare consumers must have a number of rights regarding their health information. The following Bill of Rights has been developed to provide healthcare consumers with key rights regarding their information.

It should be noted that there is sensitive health information, such as alcohol and drug abuse treatment, behavioral health information, HIV/AIDS treatment records, and genetic information that have special protections at either the federal or state level. Healthcare providers must continue to follow these statutes and regulations in handling health information.

Healthcare consumers need to trust that their health information is accurate and complete and available to them. There is increasing use of consumer-controlled personal health records and this should be encouraged and supported by healthcare providers.

Health information is stored in a variety of media.Many healthcare providers are still using paper based records. However, the use of electronic health records (EHRs) is increasing.

These rights are technology-neutral and should govern all health information whether stored in paper or electronic record systems.

The American Health Information Management Association (AHIMA) recommends that the healthcare industry move towards implementation of these rights. It is recognized that these rights are a major paradigm shift from current practice. To accomplish this may require legislative actions or changes in industry practice. AHIMA believes that these rights are important and will allow healthcare consumers to become more proactive in managing their health and their health information.


America has always sought to protect the rights of individual citizens to be informed and therefore free from exploitation.Over and above all other state obligations—accepting only the guarantee of life and liberty—does this requirement stand.With the dawn of a new century come new challenges to protect our rights; especially in the sensitive area of privacy.

The American Health Information Management Association (AHIMA) is aware that the 21st Century daybreak that shines a bright promise across healthcare’s new horizon also brings greater risk to light. That is why we are always committed to defending the rights and health of America’s healthcare consumers by establishing a set of indisputable protections we call the AHIMA Health Information Bill of Rights.

AHIMA has established these seven measures for the sole purpose of protecting healthcare consumers. Ours is a comprehensive set of liberties to safeguard every individual’s right to lawful access of their personal health information; to prevent unauthorized access to that information; to promote its best possible accuracy; and to seek proper remedy when any such privilege is violated.

The motive for unauthorized, illegitimate, and criminal invasion of a person’s health information covers a broad range: from prying to profit to otherwise unattainable patient care. However, no rationale for denying, invading, and misinforming or mismanaging one’s health information rises above one’s right of access, security, accuracy, and responsible portability.

As America’s foremost authority on the proper management of health information, we set forth this slate.We stand in authority behind the validity of each of these protections as we stand beside the individuals whose rights these protections seek to defend.

A Model for Protecting Americans’ Health Information Principles

1. The right to access your health information free of charge

2. The right to access your health information during the course of treatment

3. The right to expect that your health information is accurate and as complete as possible

4. The right for you or your personal representative(s) to know who provides, accesses, and
updates your health information, except as precluded by law or regulation

5. The right to expect healthcare professionals and others with lawful access to your health information to be held accountable for violations of all privacy and security laws, policies, and procedures, including the sharing of user IDs and passwords

6. The right to expect equivalent health information privacy and security protections to be available to all healthcare consumers regardless of state or geographic boundaries or the location (jurisdiction) of where the treatment occurs

7. The right to the opportunity for private legal recourse in the event of a breach of one’s health information that causes harm

No comments:

Post a Comment