1. Collection, Use, and Disclosure Limitation
1.1. Information can only be collected, used, and/or disclosed to the extent necessary to accomplish a specific purpose
1.2. Establishing limits is essential to maintain integrity of information
2. Preamble
2.1. Purpose
2.1.1. Intent
2.1.1.1. Acheive trust between individuals and care providers
2.1.1.2. Outline clear understandables principles
2.1.1.3. Establish a policy framework
2.1.1.4. Calrify roles and responsibilities of health care providers
2.1.2. Benefits
2.1.2.1. Improved Care
2.1.2.2. Save Money
2.2. Background
2.2.1. US Department of HEW
2.2.1.1. Analyzed the consequences of using computers to keep records about people
2.2.2. Code of Fair Information Practice
2.2.2.1. Openness
2.2.2.2. Disclosure
2.2.2.3. Secondary use
2.2.2.4. Correction
2.2.2.5. Security
2.2.3. Laws
2.2.3.1. Privacy Act
2.2.3.2. Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
2.2.3.3. HIPAA Privacy and Security Rules
2.2.3.3.1. First to apply to health organizations
2.2.3.4. Privacy Act of 1974
2.2.3.5. Federal Information Security Management Act
2.3. Methodology
2.3.1. Review Existing Principles
2.3.1.1. HEW Code of Fair Information Practice
2.3.1.2. Markle Foundation
2.3.1.3. OECD Guidelines
2.3.1.4. Health Information Principles
2.3.1.5. FTC Privacy Online Report
2.3.1.6. ISTPA Privacy Framework
2.3.2. Review Other Approaches
2.3.2.1. UN Guidelines Concerning Personalized Computer Files
2.3.2.2. EU Data Protection Directive
2.3.2.3. Canadian Standards Association Model Code
2.3.2.4. HIPAA Privacy Rules
2.3.2.5. US FTC Fair Principles Statement
2.3.2.6. US-EU Safe Harbor Principles
2.3.2.7. Australian Privacy Act
2.3.2.8. Japan Personal Information Protection Act
2.3.2.9. APEC Privacy Framework
2.4. Principles
2.4.1. Intent and Design
2.4.1.1. Meant for Public and Private Sector entities
2.4.1.2. Designed to compliment existing laws and regulations
2.4.1.3. Implementation should be dynamic and subject to modification
2.4.2. Scope
2.4.2.1. Expected to Guide the Actions of All Helath Care Related Persons or Entities
2.4.2.2. Meant to Standardize Industry Approach to Inforation Security
2.4.2.3. Do not apply to individuals individually identifiable health information
2.4.3. Organizational Principles
2.4.3.1. Framework has 8 Principels
2.4.3.1.1. Individual Access
2.4.3.1.2. Correction
2.4.3.1.3. Openness and Transparency
2.4.3.1.4. Individual Choice
2.4.3.1.5. Collection, Use, and Disclosure Limitation
2.4.3.1.6. Data Quality and Integrity
2.4.3.1.7. Safe Guards and Accountability
3. Framework
3.1. Individual Access
3.1.1. Simple
3.1.1.1. Readable Form
3.1.1.2. Readable Format
3.1.1.3. Include Electronic Format
3.1.2. Timely
3.1.2.1. Obtain Information Easily
3.1.2.2. Information should be attainable promptly
3.2. Correction
3.2.1. Dispute Accuracy
3.2.2. Ability to have Erroneous Info Corrected
3.2.3. Document Disputes
3.3. Openness and Transparency
3.3.1. Policies
3.3.2. Procedures
3.3.2.1. Collecting Information
3.3.2.2. Use of Information
3.3.2.3. Disclosure
3.3.3. Technologies
3.4. Individual Choice
3.4.1. Individuals should have opportunity and capability to make decisions about their health information
3.4.2. Outside Affects and Limitations
3.4.2.1. Type of information being exchanged
3.4.2.2. Medical necessity
3.4.2.3. Ethical Principles
3.4.2.4. Technology
3.5. Data Quality and Integrity
3.5.1. Information should be..
3.5.1.1. Complete
3.5.1.2. Accurate
3.5.1.3. Up-to-date
3.5.1.4. Un-altered
3.5.2. Information Integrity affects quality of care patients receive
3.6. Safeguards
3.6.1. Administrative
3.6.2. Technical
3.6.3. Physical
3.7. Accountability
3.7.1. Priciples should be implemented
3.7.2. Adherence should be assured
3.7.3. Monitoring to avoid non-adherence and breaches