0

HHS Privacy and Security Framework Principles

Executive Summary

We came across some useful information from the U.S. Department of Health and Human Services and CRC Press and have combined it into the summary below on the topic of the United States Department of Health and Human Services (HHS) Privacy and Security Framework Principles. Please refer to the original sources below for more detailed information.

The United States Department of Health and Human Services (HHS), otherwise known as the Health Department, is a cabinet-level department of the U.S. federal government with the goal of protecting the health of all Americans and providing essential human services. The mission of the U.S. Department of Health and Human Services (HHS) is to enhance the health and well-being of Americans by providing for effective health and human services and by fostering sound, sustained advances in the sciences underlying medicine, public health, and social services. HHS accomplishes its mission through programs and initiatives that cover a wide spectrum of activities, serving Americans at every stage of life. Eleven operating divisions, including eight agencies in the U.S. Public Health Service and three human services agencies, administer HHS’s programs. In addition, staff divisions provide leadership, direction, and policy management guidance to the Department.

Contact Organizations:

  • For the U.S. Department of Health and Human Services (HSS) and responsibilities: HSS
  • For HHS Privacy and Security Framework Principles: CRC Press

 

We are interested in generating some discussion on this topic - please check out our Healthcare Privacy Community of Practice and join the discussion.

 


Responsibilities

HHS is responsible for almost a quarter of all federal outlays and administers more grant dollars than all other federal agencies combined. The Department manages programs that cover a vast spectrum of activities that impact health, public health, and human services outcomes throughout the life span. HHS, through its programs and partnerships:

  • Provides health care coverage to more than 100 million people through Medicare, Medicaid, the Children’s Health Insurance Program, and the Health Insurance Marketplace;
  • Promotes patient safety and health care quality in health care settings and by health care providers, by assuring the safety, effectiveness, quality, and security of foods, drugs, vaccines, and medical devices;
  • Eliminates disparities in health, as well as health care access and quality, and protects vulnerable individuals and communities from poor health, public health, and human services outcomes;
  • Conducts health, public health, and social science research with the largest source of funding for medical research in the world, while creating hundreds of thousands of high-quality jobs for scientists in universities and research institutions in every state across America and around the globe;
  • Leverages health information technology to improve the quality of care and use HHS data to drive innovative solutions to health, public health, and human services challenges;
  • Improves maternal and infant health; promotes the safety, well-being, and healthy development of children and youth; and supports young people’s successful transition to adulthood;
  • Promotes economic and social well-being for individuals, families, and communities, including seniors and individuals with disabilities;
  • Supports wellness efforts across the life span, from protecting mental health to preventing risky behaviors such as tobacco use and substance abuse, to promoting better nutrition and physical activity;
  • Prevents and manages the impacts of infectious diseases and chronic diseases and conditions, including the top causes of disease, disability, and death;
  • Prepares Americans for, protects Americans from, and provides comprehensive responses to health, safety, and security threats, both foreign and domestic, whether natural or man-made; and
  • Serves as responsible stewards of the public’s investments.
 

HHS Privacy and Security Framework Principles

As part of its ongoing work on the Nationwide Health Information Network, HHS developed the Privacy and Security Framework Principles. These principles establish a consistent approach to address the privacy and security challenges related to electronic health information exchange through a broad, inclusive network.

The principles consist of:

  • Individual Access
    • Individuals should be provided with a simple and timely means to access and obtain their individually identifiable health information in a readable form and format.
  • Correction
    • Individuals should be provided with a timely means to dispute the accuracy or integrity of their individually identifiable health information and to have erroneous information corrected or to have a dispute documented in their requests are denied.
  • Openness and Transparency
    • There should be an openness and transparency about policies, procedures, and technologies that directly affect individuals and/or their individually identifiable health information.
  • Individual Choice
    • Individuals should be provided with a reasonable opportunity and capability to make informed decisions about the collection, use, and disclosure of their individually identifiable health information.
  • Collection, Use, and Disclosure Limitation
    • Individually identifiable health information should be collected, used, and/or disclosed only to the extent necessary to accomplish a specified purpose(s) and never to discriminate inappropriately.
  • Data Quality and Integrity
    • Persons and entities should take reasonable steps to ensure that individually identifiable health information is complete, accurate, and up to date to the extent necessary for the person's or entity's intended purposes and has not been altered or destroyed in an unauthorized manner.
  • Safeguards
    • Individually identifiable health information should be protected with reasonable administrative, technical, and physical safeguards to ensure administrative, technical, and availability and to prevent unauthorized or inappropriate access, use, or disclosure.
  • Accountability
    • These principles should be implemented, and adherence assured, through appropriate monitoring and other means and methods should be in place to report and mitigate non-adherence and breaches.


Key Takeaways

The goal of these principles is to establish a policy framework for electronic health information exchange to promote the adoption of health information technologies in the U.S. The principles were designed to establish and define the roles of individuals and the responsibilities of those who hold and exchange electronic individually identifiable health information through a network. These principles, which closely follow FIPPs, provide a good foundation upon which to build an organization's privacy principles.