Privacy Certification Program Aims to Ensure Patients’ Trust

By Neil Versel

September 3, 2008 | A former senior advisor in the Department of Health and Human Services (HHS) is heading up the first large-scale effort to certify health-IT products for adherence to privacy standards.

For the past month, William Yasnoff, has been the part-time chief executive and a board member of Patient Privacy Certified, a new, nonprofit affiliate of the Patient Privacy Rights Foundation (Austin, Texas). Deborah Peel, the founder and public face of Patient Privacy Rights, is serving as chair of the certification program.

“We come at the same issue from different perspectives,” Yasnoff tells Digital HealthCare & Productivity. Peel, a psychiatrist, has been adamant about protecting the confidentiality of information her patients confide in her, while Yasnoff, an advocate of health record banking, says trust is paramount to building an interoperable nationwide health-IT network .

“In order to make it work, you have to have trust, and in order to have trust, you have to have patient control,” says Yasnoff, the former senior advisor for what was then called the National Health Information Infrastructure at HHS, and now an Arlington, Va.-based consultant with a firm he calls NHII Advisors. “Privacy is absolutely essential to health record banking, and therefore absolutely essential to the success of health-IT,” he says.

For this reason, according to Yasnoff, privacy certification is about helping technology vendors meet consumer expectations for privacy of their health information.

Peel previously said that Microsoft HealthVault would be the first product to go through privacy certification testing and that electronic health records vendor e-MDs also has agreed to participate. Yasnoff says the HealthVault testing should take place fairly soon, though the criteria are “not quite finalized but nearly complete.”

He expects some public documents to be posted to a forthcoming Patient Privacy Certified Web site within 60 to 90 days.

Yasnoff does say, however, that Patient Privacy Certified is making security certification to either HIPAA or ISO 27002 standards a prerequisite for privacy testing. “A building can have good locks, but you can’t give everyone a master key,” he explains. “Our job is to figure out whether the right people are getting the keys and that no wrong people have the keys [to a patient’s health information].”

Privacy policies also must be in clear, easily understood language, with a minimum of passive voice. For example, Yasnoff explains, policies should not say, “This will happen,” but rather explain who is causing the action and why.

The privacy certification program will be funded solely by testing fees, paid in full in advance. “It can’t be large or we will not be able to be successful,” Yasnoff says of the yet-unannounced cost. Interoperability certification of ambulatory EHRs, through the Certification Commission for Health Information Technology (CCHIT), currently costs $28,000 for testing and the first year’s maintenance fees.

While CCHIT certification is good for up to three years, Yasnoff says that the privacy certification program likely will require annual testing as criteria evolve.



Click here to log in.


Add Comment

Text Only 2000 character limit

Page 1 of 1

White Papers & Special Reports

Wiley Chem Planner Synthesis Solved
Sponsored by Wiley

SGI and Intel
HPDA for Personalized Medicine
Sponsored by SGI and Intel

Life Science Webcasts & Podcasts

medidata_podcast_Sites and Sponsors: Mending Bridges over Troubled Waters  
Sites and Sponsors: Mending Bridges over Troubled Waters
Sponsored by Medidata Solutions Worldwide

This podcast brings together two industry leaders to focus on the issues that divide sponsors and sites. On the one hand sites and sponsors unite in advancing better health care through a common passion for developing better drugs. Yet some issues divide them and bridges need to be built or mended to advance the highest levels of cooperation, coordination and success in clinical trials. Listen as the key issues are debated from the site and the sponsor side and new methods and technology are advanced that offer near-term and lasting solutions.

• Common ground in reaching agreement on a budget

• Improving the pace of agreement on budgets and contracts

• Processes for payment to sites on a timely basis

Listen Now  

More Podcasts

Job Openings

For reprints and/or copyright permission, please contact Angela Parsons, 781.972.5467.