Consumer Ownership and Control of Health Records
1. Health record banks protect the individual consumer’s right to health information privacy and confidentiality by acting as trusted legal custodians of consumers’ health records.
2. Health record banks are repositories for trustworthy copies of health information selected or submitted by the consumer from various sources.
3. Health information in a health record bank is owned by the consumer and is not an asset of the health record bank.
4. Consumers may authorize someone else to manage their health record bank account.
5. Health record banks provide consumers and others they authorize with immediate electronic access to their health information.
6. Consumers control all disclosures of their health information by a health record bank unless otherwise required by law.
7. With consumer consent based on advance disclosure appropriate to the circumstances, health record banks enable secondary use of health information, such as for public health and research purposes.
Operation of Health Record Banks
8. Health record banks are governed in an open, accountable, and transparent manner.
9. All access and updates to information in health record banks are recorded as they occur in an appropriately detailed audit trail database, and each health record bank shall maintain those unaltered audit records at least during the time that a consumer’s health record is kept at the bank and make those audit records immediately accessible to consumers.
10. Health record banks have established processes for correcting errors by updating, amending, and sequestering data, including mechanisms for notification of parties who have received such data.
11. Health record banks promptly disclose breaches of privacy, confidentiality, or security to consumers.
Operation of the Health Record Banking Alliance
12. The Health Record Banking Alliance seeks to maintain neutrality among vendors that agree to adhere to the above principles.
Definitions Used in the Statement of Principles
Health information privacy refers to an individual's right to control the acquisition, use, or disclosure of his or her identifiable health data. Confidentiality refers to the obligations of those who receive information to respect the privacy interests of those to whom the data relate. Security refers to the physical, technological, or administrative safeguards or tools used to protect identifiable health data from unwarranted access or disclosure.
1. Health record banks protect the individual consumer’s right to health information privacy and confidentiality by acting as trusted legal custodians of consumers’ health records.
2. Health record banks are repositories for trustworthy copies of health information selected or submitted by the consumer from various sources.
3. Health information in a health record bank is owned by the consumer and is not an asset of the health record bank.
4. Consumers may authorize someone else to manage their health record bank account.
5. Health record banks provide consumers and others they authorize with immediate electronic access to their health information.
6. Consumers control all disclosures of their health information by a health record bank unless otherwise required by law.
7. With consumer consent based on advance disclosure appropriate to the circumstances, health record banks enable secondary use of health information, such as for public health and research purposes.
Operation of Health Record Banks
8. Health record banks are governed in an open, accountable, and transparent manner.
9. All access and updates to information in health record banks are recorded as they occur in an appropriately detailed audit trail database, and each health record bank shall maintain those unaltered audit records at least during the time that a consumer’s health record is kept at the bank and make those audit records immediately accessible to consumers.
10. Health record banks have established processes for correcting errors by updating, amending, and sequestering data, including mechanisms for notification of parties who have received such data.
11. Health record banks promptly disclose breaches of privacy, confidentiality, or security to consumers.
Operation of the Health Record Banking Alliance
12. The Health Record Banking Alliance seeks to maintain neutrality among vendors that agree to adhere to the above principles.
Definitions Used in the Statement of Principles
Health information privacy refers to an individual's right to control the acquisition, use, or disclosure of his or her identifiable health data. Confidentiality refers to the obligations of those who receive information to respect the privacy interests of those to whom the data relate. Security refers to the physical, technological, or administrative safeguards or tools used to protect identifiable health data from unwarranted access or disclosure.