American consumers need to know that personal health records must follow government-mandated guidelines for ensuring privacy and security, just as is the case for electronic health records. Otherwise, the use of PHRs may never become widespread.
Healthcare organizations need to improve the methods they use to objectively assess the severity of a security incident and whether it should be reported to comply with the HITECH Act's breach notification rule, one privacy officer says.
In the year since the breach notification rule for personal health records took effect, no major breaches affecting 500 or more individuals have been reported, according to the Federal Trade Commission.
Healthcare organizations need to improve the methods they use to objectively assess the severity of a security incident and whether it should be reported, says David Parks, a privacy officer and attorney.