CDT’s Health Privacy Project recently submitted comments to an Advanced Notice of Proposed Rulemaking (ANPRM) issued by the Department of Health & Human Services (HHS) discussing possible changes to the rules governing the use of health information in federally funded research (known as the “Common Rule”). CDT had previously led the efforts of the federal Health IT Policy Committee in issuing recommendations for the ANPRM , focusing in particular on privacy and security protections for secondary uses of data from provider electronic health records (EHRs). CDT’s comments reinforce those recommendations and add a few others not addressed by the Policy Committee.
Of note, CDT urges HHS:
- To create a more workable distinction between research uses of EHR data and retrospective reviews of the quality, safety and effectiveness of health care that should routinely be conducted by health care entities;
- To require entities conducting research or quality reviews to implement the full complement of fair information practices in lieu of relying substantially on general consent, which in practice provides weak privacy protection;
- To follow-through on proposals to require all researchers to adopt security safeguards that are commensurate with the risks raised by the data;
- To maintain incentives to use health information in the least identifiable form needed to accomplish the specified purpose; and
- To continue efforts to strengthen and harmonize federal research rules.