Healthcare Organizations Must Create Consistent Privacy and Security Practices

Submitted by the Missouri Health Information Management Association
Supported by the Privacy and Security Practice Council

In 2007 and 2008 a number of patient privacy breaches have made the headlines. From the many highly publicized breaches of celebrities' health information to the 3000 electronic patient records on a laptop stolen from the trunk of a car, it is obvious that the privacy and security standards are much too lax for many healthcare providers and health plans. Such deficient standards undermine public confidence in the privacy and security of electronic health records, which could hinder their future adoption and undermine President Bush's call for most Americans to have access to an interoperable electronic medical record by 2014.

AHIMA is committed to being the leader in protecting health information from inappropriate use and disclosure, ensuring confidentiality and integrity of identifiable health information by applying privacy and security measures to enhance public confidence in the protection of data.

Whereas, patients have a fundamental right to health information privacy and security;

Whereas, the media has reported the improper access and disclosure of several celebrities' health information;

Whereas, there have been many instances of stolen computers containing unencrypted, non-secure health information;

Whereas, health information should only be accessed by those who need the information for continuity of care, payment, healthcare operations, and/or applicable laws, based on the concept of minimum necessary;

Whereas, health information must be kept in a secure and reliable manner that ensures its accuracy and integrity;

Whereas, health information professionals have the expertise in privacy and security of health information and must abide by AHIMA's Code of Ethics to protect the confidentiality of health information;

Therefore, be it

Resolved, that AHIMA members call on healthcare organizations to educate users of health information about the need for improved and consistent information privacy and security and the role HIM professionals have in protecting and securing information;

Resolved, that AHIMA call on healthcare organizations to improve privacy and security of health information through greater attention to the concept of minimum necessary, encryption of health information and use of biometric-based keys;

Resolved, that HIM professionals be on the forefront of educating about and auditing and monitoring access to individual health information, especially high-profile patients;

Resolved, that AHIMA endorses consistent internal sanction policies that are enforced equally across all disciplines when a privacy or security breach is discovered and external penalties for organizations that do not take appropriate steps to prevent privacy or security breaches.

Resolved, that AHIMA supports efforts to establish consistent patient health information privacy and security legislation to establish standards for national health information exchange and eliminate confusing and contradictory state regulations.

Approved by the 2008-09 House of Delegates, October 12, 2008, Seattle, Washington