Google, Microsoft Back Security & Privacy Framework for Online Health Data

The Common Framework for Networked Personal Health Information defines best practices for protecting patient data for online access

Dark Reading Staff, Dark Reading

June 25, 2008

2 Min Read
Dark Reading logo in a gray background | Dark Reading

Most Americans want access to their personal health records online -- but nine of out 10 say whether they actually sign up for it depends on the privacy of that data. That’s one of the findings in a newly released survey of 1,580 adults in the U.S. by the Markle Foundation, which today also helped launch the industry’s first framework for securing and protecting healthcare records online.

Google, Intuit, Microsoft, WebMD, and major healthcare providers and insurers including Aetna, BlueCross BlueShield, the American Academy of Family Physicians, and the U.S. Department of Veteran Affairs all announced that they endorse the new Common Framework for Networked Personal Health Information. The framework defines a set of best practices for protecting and securing patient data online, as consumers are increasingly being offered options for keeping copies of their own health information and connecting to health services online.

Today, only about 2.7 percent of Americans use electronic personal health records (PHR), according the Markle’s study. The goal is to make the practice more secure and palatable to consumers so that this model can take off. Connecting for Health, the public-private organization under Markle heading up the framework, two years ago came up with a related framework for linking medical professionals from different institutions and clinics via the Internet. The new framework is focused on networks offered to consumers, who then can collect, store, and share their health data with anyone they want.

“The common framework is a set of technology practices and policy commitments,” says Zoe Baird, president of the Markle Foundation. “This focuses on the rules of all participants on the network.”

The framework does not, however, specify just what security technologies (think authentication methods, encryption) that participants must deploy. “It references a set of standards that should be adhered to,” says David Lansky, president and CEO of the Pacific Business Group on Health.

It encompasses authentication of users, audit trails, limiting the scope of identifying data to third parties, and securing the data in transit and at rest. It also includes policy enforcement mechanisms and other policy parameters.

Meanwhile, 46.5 percent of the Markle Foundation survey respondents say they would be interested in using an online PHR service, and among those who are not, 56.8 percent say it’s due to their concerns about privacy and confidentiality.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights