Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Patient privacy laws need updating to handle electronic health information exchanges

The shift from paper to electronic health records presents new challenges to protecting the privacy and security of patients’ health information
The shift from paper to electronic health records presents new challenges to protecting the privacy and security of patients’ health information

According to a policy brief prepared by the two groups, the shift from paper to electronic health records presents new challenges to protecting the privacy and security of patients’ health information. A breach that formerly affected a single paper record now could expose an entire database of patient records, the brief noted.

At the same time, health information exchange presents new ways to improve the privacy and security of patients’ data, including encryption, authentication and authorization controls, and electronic audit trails, the groups argued.

While current laws set rules for how health care entities may collect, use, and share health information, the policy brief identified gaps in the laws that should be addressed.

The brief recommended that accountability for compliance with federal and state health privacy and security protections should be strengthened; laws that protect electronic health data should be reassessed to ensure they address new security challenges and incorporate technological innovations such as encryption; and penalties should be established for unauthorized re-identification of de-identified health data.