In the realm of health care, privacy protections are needed to preserve patients' dignity and prevent possible harms. Ten years ago, to address these concerns as well as set guidelines for ethical health research, Congress called for a set of federal standards now known as the HIPAA Privacy Rule. In its 2009 report, Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research, the Institute of Medicine's Committee on Health Research and the Privacy of Health Information concludes that the HIPAA Privacy Rule does not protect privacy as well as it should, and that it impedes important health research.

Daniel Solove presents a startling revelation of how digital dossiers are created, usually without the knowledge of the subject, & argues that we must rethink our understanding of what privacy is & what it means in the digital age before addressing the need to reform the laws that regulate it.

This User’s Guide is intended to support the design, implementation, analysis, interpretation, and quality evaluation of registries created to increase understanding of patient outcomes. For the purposes of this guide, a patient registry is an organized system that uses observational study methods to collect uniform data (clinical and other) to evaluate specified outcomes for a population defined by a particular disease, condition, or exposure, and that serves one or more predetermined scientific, clinical, or policy purposes. A registry database is a file (or files) derived from the registry. Although registries can serve many purposes, this guide focuses on registries created for one or more of the following purposes: to describe the natural history of disease, to determine clinical effectiveness or cost-effectiveness of health care products and services, to measure or monitor safety and harm, and/or to measure quality of care. Registries are classified according to how their populations are defined. For example, product registries include patients who have been exposed to biopharmaceutical products or medical devices. Health services registries consist of patients who have had a common procedure, clinical encounter, or hospitalization. Disease or condition registries are defined by patients having the same diagnosis, such as cystic fibrosis or heart failure. The User’s Guide was created by researchers affiliated with AHRQ’s Effective Health Care Program, particularly those who participated in AHRQ’s DEcIDE (Developing Evidence to Inform Decisions About Effectiveness) program. Chapters were subject to multiple internal and external independent reviews.

Hearings on medical information confidentiality. Witnesses: Donna Shalala, Sec., HHS; Wanda Walker & Jeff Crowley, Consortium for Citizens with Disabilities; John Glaser, Partners Healthcare System, on behalf of the National Research Council; John Nielsen, on behalf of the Amer. Assoc. of Health Plans; Donald Palmisano, Amer. Medical Assoc.; Spencer Foreman, on behalf of the Amer. Hospital Assoc.; Elizabeth Andrews, Worldwide Epidemiology, Glaxo Wellcome, on behalf of the Healthcare Leadership Council; & A.G. Breitenstein, dir., JRI Health Law Institute, on behalf of the Nat. Coalition for Patients Rights.

For all the passion that surrounds discussions about privacy, and the recent attention devoted to electronic privacy, surprisingly little consensus exists about what privacy means, what values are served - or compromised - by extending further legal protection to privacy, what values are affected by existing and proposed measures designed to protect privacy, and what principles should undergird a sensitive balancing of those values.

The escalation of security breaches involving personally identifiable information (PII) has contributed to the loss of millions of records over the past few years. Breaches involving PII are hazardous to both individuals and org. Individual harms may include identity theft, embarrassment, or blackmail. Organ. harms may include a loss of public trust, legal liability, or remediation costs. To protect the confidentiality of PII, org. should use a risk-based approach. This report provides guidelines for a risk-based approach to protecting the confidentiality of PII. The recommend. here are intended primarily for U.S. Fed. gov¿t. agencies and those who conduct business on behalf of the agencies, but other org. may find portions of the publication useful.