Although the Department of Health and Human Services (HHS, Washington) has taken steps to define and implement a plan for protecting the privacy of electronic personal health information, further efforts are needed, states a report released by the Government Accountability Office (Washington).
According to the report, which is a follow-up to a January 2007 study, HHS’ privacy approach fails to identify a defined process for assessing and prioritizing privacy-related initiatives to ensure that key issues will be adequately addressed. This in turn may isolate stakeholders and negatively impact consumer confidence, it says.
In the original document, GAO recommended that HHS define and implement an overall privacy approach for protecting health records. GAO was asked to provide an update on HHS’ efforts after analyzing reports detailing the department’s privacy-related health IT activities.