Skip to Content

CDT: Comprehensive Privacy and Security Framework Needed for Personal Health Records

CDT testified today before the National Committee on Vital and Health Statistics (NCVHS) to advocate consistent and comprehensive privacy and security protections for all personal health records (PHRs). CDT recommends that a consistent set of regulations apply to all PHRs, regardless of whether the vendor is covered under HIPAA, and warns that the HIPAA Privacy Rule is not an appropriate safeguard for PHRs because it does not adequately address the unique privacy concerns raised by these records. CDT further recommends that policymakers start with the Markle Common Framework for Networked Personal Health Information, which was endorsed by a broad range of stakeholders, in developing recommendations to safeguard PHRs.