Community and Patient Principles for
Electronic Health Information Exchange and Data Stewardship
March 19, 2020 [*]
Electronic health information exchange and technology can improve health outcomes, empower people to participate actively in their care, generate research data to improve population health, and improve the effectiveness of our health system. People and communities need the benefits to individual and population health that electronic health information exchange and technology can achieve. We need the better health care outcomes for individual patients; the better decisionmaking and care coordination among doctors and patients; the greater engagement of patients and families in their care. We need the better public health outcomes; the improved quality, safety, and efficiency of health care; the integration of data on social and environmental determinants of health; the reduction of unnecessary care and costs. We need the deeper, more comprehensive understanding of individual and population health that electronic health information exchange can provide.
People and communities also want the better privacy and security of health information that health information technology can provide. Comprehensive privacy and security protections and fair information practices, in turn, engender the public trust necessary to adopt health information technology widely and achieve the benefits of electronic health information exchange for all.
The nine principles below are core expectations and minimum criteria that should govern the design and implementation of health information exchange and technology nationwide. Individuals and communities will use these principles to benchmark and evaluate efforts to implement electronic health information exchange and technology. We will also use these principles to evaluate whether policymakers and providers ensure the requisite public transparency and trust necessary to succeed. We urge policymakers, providers, technology developers, and other stakeholders to adopt and use these nine principles as well.
These principles are interdependent, and the benefits, effectiveness, protections, and balance of any one may depend in significant part upon one or more other principles.
1. Important Benefits for Individual Health: Electronic health information exchange and technology should be designed and used to improve individual health care and its quality, safety, and efficiency. Patients should have ready and complete electronic access to their health data as well as relevant tools and educational resources, in their primary or preferred languages, to make meaningful use of that information. The technology should facilitate active engagement of patients in their health care, and engagement of family members and others as the patient chooses or law provides. It should enable full coordination of the patient’s care among diverse providers and systems. It should enhance the privacy and security of the patient’s health information, and reduce costs.
2. Important Benefits for Population Health: Electronic health information exchange and technology should also be designed and used to improve health for the public and communities at large, such as promoting healthy environments and preventing unhealthy environments; reducing and preventing chronic diseases, epidemics, and health disparities; promoting patient safety and preventing medical errors; measuring and reporting the quality and performance of providers and facilities, and the comparative effectiveness of treatments; and reducing the cost of health care.
3. Inclusivity and Equality: All people should have full and equal use of electronic health information exchange and technology and their benefits, including underserved low ‑ income communities, communities of color, people speaking primary languages other than English, people with disabilities, seniors and youth, immigrant residents, and rural and inner ‑ city communities.
4. Universal Design, Accessibility and Interoperability: Electronic health information exchange and technology should be designed and built to meet the diverse needs of all people and communities from the outset, without barriers or diminished function or quality for some. Universal design anticipates and accommodates, for example, the differing needs of older people and younger people; of people from diverse cultures and communities and the need for cultural competency; of people who use diverse languages at home and the need for linguistic competency and translation; of people with diverse abilities and disabilities; of people across the range of income levels; of people across the range of literacy in reading, health care, and electronic technology. Different systems and different patients and providers should interconnect easily.
5. Privacy and Security: Health information exchange and technology must promote trust and protect the privacy, security, confidentiality, and integrity of health data. Strong privacy and security policies should be established to accomplish these ends, which are then supported by the technology necessary to implement and enforce them. To this end, health information exchange and technology should be further governed by the data stewardship rules and fair information practices specified in Appendix A, and sufficient security safeguards should protect all health data against such risks as loss or unauthorized access, destruction, use, modification, or disclosure. Both policy and technology should incorporate innovations that can enhance individual privacy and security and address new risks.
6. Preventing Misuse of Health Data: Electronic health information exchange and technology should protect against misuses of health data, including the use of health data to deny or restrict health care or insurance coverage; restrict or deny credit or other financial benefits; engage in unsolicited marketing to patients and consumers; restrict or deny employment or housing; and deny or restrict a patient’s rights under the law, including a patient’s rights in matters of law enforcement, national security, and immigration enforcement.
7. Partnership and HIT Literacy: Electronic health information exchange and technology should connect patients, providers, public health officials, and consumers as partners in personal and public health care. Such partnership requires that patients and consumers be informed in their primary languages about how to use health information exchange and technology well, and about patients’ rights, remedies, and responsibilities.
8. Accountability: Entities that collect, access, or use health data, and the governmental agencies that oversee them, must be held accountable for realizing the benefits of health information exchange for all people and communities.
9. Enforcement: Entities that collect, access, or use health data, and the governmental agencies that oversee them, must be held accountable for enforcing the protections of health information exchange for all people and communities. Sufficient resources and adequate legal and financial remedies must exist to address breaches or violations. The benefits and protections of health information exchange are public goods, and enforcement proceedings should be transparent and public.
Specific Principles for
Privacy and Security of Health Information
Under principle 5 above, Privacy and Security, health information exchange and technology should be further governed by the following data stewardship rules and fair information practices.
5 a. Openness and Transparency: All data stewards should make their policies and practices regarding health information open and transparent to patients and to the public generally. Data stewards should inform individuals about what personal health information exists about them, for what purpose or purposes it may be used, who can access and use it, and who retains it. Data stewards should also maintain and provide individuals with corresponding audit trails.
5 b. Collection Limitation: Personal health information should only be collected for specified purposes, should be obtained by lawful and fair means, and, where possible, with the knowledge and consent of the data subject.
5 c. Purpose Specification and Minimization: The purposes for which personal health data are collected should be specified at the time of collection, and only the information reasonably necessary for those purposes should be collected.
5 d. Data Integrity and Quality: All personal health data collected should be relevant to the purposes for which they are to be used and should be accurate, complete, and current. Accuracy in identifying both a patient and his or her records with little tolerance for error is an essential element of health information exchange. There must also be transparent mechanisms to help patients and organizations to correct or “clean” their data in the event that errors or omissions are discovered.
5 e. Use and Disclosure Limitation: Personal health information should be used, exchanged, or disclosed only for the purposes specified, and only the information needed to accomplish the purpose should be used, exchanged, or disclosed. Data stewards should immediately notify patients of breaches of privacy, security, or these limitations regarding their personal health information, and comply with all laws regarding such breaches.
5 f. Individual Participation and Control: Each entity that controls, accesses or uses personal health data should inform an individual upon request whether it has personal health information relating to the individual. Each individual has the right to obtain from the entity a copy of the individual’s personal health data within a reasonable time (at no or minimal charge), and in a form and language that the person can readily understand; if there are legal reasons why a copy cannot be provided, the individual has a right to know why the request was denied and to appeal the denial. Each individual has the right to challenge the collection, content, retention, use or disclosure of personal health information relating to them, including the right to have the particular information corrected, completed, amended, omitted, or expunged.
5 g. Local Control: Personal health information should remain in the control of the patient and the physicians and institutions that are directly involved with his or her health care. Local control also builds upon existing infrastructures (augmented as necessary to adhere to these principles, to ensure interconnection and interoperability, and to incorporate innovations), so that we may realize the benefits of health information exchange more quickly.
Source: Appendix A is based upon Markle Foundation/Connecting for Health’s Common Framework of Policy Principles and Technology Principles (2006).
[*] These principles are based upon “ Consumer and patient principles for electronic health information exchange in California ” (June 21, 2010), a set of consensus principles developed by Consumers Union and 22 other diverse organizations representing the needs and perspectives of communities and people across California and the nation.