Statement on Health Information Confidentiality: A Joint Position Statement
American Medical Informatics Association
American Health Information Management Association
The American Medical Informatics Association (AMIA) and the American Health Information Management Association (AHIMA) have a long history of working to protect the confidentiality of individuals’ health information and to promote fair information practices. Public confidence that privacy will be protected and that identifiable information will be used only for purposes authorized by the individual, or otherwise permitted by law are essential to ensuring trust in a nationwide health information network (NHIN that facilitates sharing of personal health information (PHI). As the United States progresses from a paper-based system of health records to an electronic environment, AMIA and AHIMA believe that the following principles should be incorporated in all rules, regulations, or laws pertaining to PHI.
Any organization that accesses or stores PHI should abide by the following principles. The organization should:
- Inform individuals, through clear communications, about their rights and obligations and the laws and regulations governing protection and use of PHI.
- Notify individuals in clear language about the organization’s privacy practices and their rights in cases of breaches
- Provide individuals with a convenient, affordable mechanism to inspect, copy, or amend their identified health information/records
- Protect the confidentiality of PHI to the fullest extent prescribed under HIPAA, regardless of whether the organization is a “covered entity” as defined in HIPAA, and ensure that the organization and its employees all comply with HIPAA, state laws, and the policies and procedures put in place to protect PHI.
- Use PHI only for legitimate purposes as defined under HIPAA or applicable laws.
- Prohibit the use of PHI for discriminatory practices, including those related to insurance coverage or employment decisions
- Timely notification of individuals if security breaches have compromised the confidentiality of their personal health information.
- Work with appropriate law enforcement to prosecute to the maximum extent allowable by law any individual or organization who intentionally misuses PHI
- Continue to improve processes, procedures, education, and technology so that PHI practices improve over time.
Furthermore, because PHI is expected to flow across organizational boundaries through the NHIN, it is important that the following principles covering information when it is transferred from one entity to another also apply:
- Health information privacy protections must follow PHI no matter where it resides
- Uniform and universal protections for PHI should apply across all jurisdictions in order to facilitate consistent understanding by those covered by such laws and the individuals whose health information is covered by such laws.
About AMIA: The American Medical Informatics Association (AMIA) is an organization of 3,500 health professionals committed to informatics who are leaders shaping the future of health information technology and its application in the United States and 41 other nations. AMIA is dedicated to the development and application of informatics in support of patient care, teaching, research, and health care administration and public policy. www.amia.org
About AHIMA: The American Health Information Management Association (AHIMA) is the premier association of health information management (HIM) professionals. AHIMA’s 50,000 members are dedicated to the effective management of personal health information needed to deliver quality health care to the public. Founded in 1928 to improve the quality of medical records, AHIMA is committed to advancing the HIM profession in an increasingly electronic and global environment through leadership in advocacy, education, certification, and lifelong learning. www.ahima.org
"Statement on Health Information Confidentiality: A Joint Position Statement." (AHIMA Position Statement, July 2006).