Comparing eHealth Privacy Initiatives November 2001 Prepared for the California HealthCare Foundation by Angela Choy and Janlori Goldman Health Privacy Project Institute for Health Care Research and Policy Georgetown University Acknowledgments The Health Privacy Project is part of the Institute for Health Care Research and Policy at the Georgetown University Medical Center. The project is dedicated to raising public awareness of the importance of ensuring health privacy in order to improve health care access and quality, both on an individual and a community level. For more information, visit www.healthprivacy.org. The CALIFORNIA HEALTHCARE FOUNDATION, a private philanthropy based in Oakland, California, focuses on critical issues confronting a changing health care marketplace by supporting innovative research, developing model programs, and initiating meaningful policy recommendations. For more information visit www.chcf.org. The iHealth Reports series focuses on emerging technology trends and developments and related policy and regulatory issues. Additional copies of this report and other publications in the iHealth series can be obtained by calling the California HealthCare Foundation's publications line at 1-888-430-2423 or visiting us online at www.chcf.org. Copyright © 2001 California HealthCare Foundation California HealthCare Foundation 476 Ninth Street Oakland, CA 94607 tel: (510) 238-1040 fax: (510) 238-1388 www.chcf.org Comparing eHealth Privacy Initiatives 2 Key Findings • Many in the eHealth private sector have established core principles for health Web sites to adhere to in protecting consumer privacy and autonomy. In fact, many of these initiatives have adapted the Federal Trade Commission’s (FTC) Code of Fair Information Practice Principles in developing standards and guidelines for protecting the privacy of online health information. • The self-regulatory efforts differ in focus and comprehensiveness; some offer general principles while others provide detailed rules and examples to assist sites in implementing the standards. • Because there is a range of self-regulatory standards and programs available to health Web sites, consumers may find it difficult to determine the distinguishing features of each program and may be confused by the various symbols and seals that appear on different sites. • A key weakness of these self-regulatory efforts is that compliance with online standards is voluntary and there are few, if any, enforcement mechanisms in place for noncompliance. Comparing eHealth Privacy Initiatives 3 Overview Increasingly, consumers are worried about their loss of privacy, especially with regard to personal health information. They are concerned that their information may be used or disclosed inappropriately, leaving them vulnerable to unwanted exposure, stigma, and discrimination. These fears exist whether they engage in health-related activities online or offline. According to a survey released by the Pew Internet and American Life Project in November 2000, 80 percent of “health seekers” say it is important to them that they are able to obtain information anonymously. For the most part, users do not share personal information at health Web sites: only 21 percent have provided their email address; only 17 percent have provided their name or other identifying information; and only 9 percent have participated in an online support group about a health condition. These results are consistent with the findings of an earlier study released by the California HealthCare Foundation (CHCF) of consumers in more traditional health care settings. The 1999 CHCF survey found that almost one in six U.S. adults withdraws from full participation in his or her own health care to keep personal medical information confidential. While many people continue to use the Internet to get health information, they would like to see rules in place to protect their privacy (Markle Foundation survey, July 2001). A few companies, such as Intel, AOL-Time Warner, and the American Electronics Association (a trade association), acknowledge that privacy is a problem that requires some federal action. Many Internet service providers and online companies, however, such as Earthlink, IBM, and Amazon.com, do not believe federal Internet privacy legislation is warranted, although they would accept limited legislation that preempts state laws and sets a federal standard. To avoid overzealous federal regulation, while responding to the public’s desire for privacy protections online, initiatives have been developed or are underway by the private sector to establish privacy guidelines and standards for health Web sites that incorporate fair information practice principles. While the goal of these initiatives is to promote consumer trust and confidence in health Web sites, many of the standards are only voluntary efforts at self- policing with no penalties and few, if any, enforcement mechanisms for noncompliance. In addition, Hewlitt- Packard Co. had testified before the Senate Commerce Committee in October 2000 that “even with all these self- regulatory efforts..., it is unlikely that the majority of commercial Web sites will post consumer-friendly, easily- readable privacy policies, or join privacy programs, at least in the short run.” With so many guidelines and recommendations available, consumers may find it difficult to determine the distinguishing features of each privacy initiative. For example, Hi-Ethics and TRUSTe have partnered to develop an eHealth Seal program. Hi-Ethics has also partnered with URAC on accreditation standards for health Web sites. Comparing eHealth Privacy Initiatives 4 How will the two programs fit together? Will Web sites be required to meet the criteria of both programs? Moreover, will there be efforts to reconcile the differences in terminology for the various standards? Despite the potential confusion among consumers, it does appear that many of the self-regulatory efforts have adapted the FTC’s Code of Fair Information Practice Principles in developing their own guidelines and recommendations. (The principles include: notice, access, choice/consent, security, and enforcement.) A California HealthCare Foundation report, co-authored by the Health Privacy Project, which documented the weaknesses in the privacy policies and practices of 21 major health Web sites, has also become an ongoing framework for privacy policies. Many of the current self-regulatory initiatives include standards for ensuring privacy on health Web sites that address issues of notice, user control and consent, user access to personal information provided to Web sites, security, limits on disclosures, and transparency. While earlier efforts, such as HONcode, offered only general principles for health Web sites; recent initiatives, like URAC’s accreditation program and the American Health Information Management Association’s (AHIMA) recommendations, provide more comprehensive standards and greater guidance for self-regulation. Comparing eHealth Privacy Initiatives 5 Methodology The accompanying tables summarize the various initiatives and the status of their development and implementation. Comparisons of the self-regulatory initiatives were made against a set of criteria based on the FTC Fair Information Practice Principles—key elements that should be addressed in any privacy standard. Table 1 compares the self-regulatory efforts that have been or are in the process of being developed by trade associations for use by any health-related Web site. These trade associations were established specifically to address issues of privacy, security, and quality on health sites. Table 2 compares the guidelines and requirements established by professional organizations predominantly for their members who have expanded their offline health care activities onto the Internet. Recommendations from professional organizations generally are derived from traditional health care practice principles and codes of ethics. Guidelines or seal programs that are not specifically designed for health Web sites are not included in these tables. Comparing eHealth Privacy Initiatives 6 Table 1. Comparison of Self-regulatory Efforts by Trade Associations Hi-Ethics TRUSTe and URAC and Internet Healthcare Health on the Net eHealth Initiative Hi-Ethics Hi-Ethics Coalition – eHealth (HON) Foundation (eHI) Ethics Initiative 1. Type of Principles: "Ethical Partnership to Accreditation program for Code of ethics: Code of conduct for A national not-for- Initiative Principles for Offering develop health seal health Web sites: Health "eHealth Code of medical and health profit advocacy and Internet Health for health Web sites. Web Site Standards Ethics" Web sites trade organization, Services to Version 1.0 (HONcode); an alliance of 53 Consumers" accredits health- healthcare institu- URAC developed detailed related Web sites— tions; its mission is Coalition of Internet standards based on the 14 self-regulatory, to promote the health sites and service Hi-Ethics Principles. voluntary adoption of the providers; some certification system Internet and other members of Hi-Ethics based on a seal emerging technolo- include America Online, concept. gies to modernize drkoop.com, health care delivery. Medscape, They have not and PersonalMD, and do not intend to offer WebMD. recommendations now. 2. Status Principles released in TRUSTe already Accreditation standards for IHC held an eHealth Health on the Net Incorporated on June 2000. Founding has a privacy seal health sites were released Ethics Summit to Foundation is a March 19, 2001. members were program with almost on July 30, 2001. develop a code of nonprofit, Members include expected to implement 2000 members. The Implementation of the ethics. The code was international Swiss IBM, Medscape, the principles within six partnership with Hi- standards was expected to developed by organization created Medstar, WellMed, months—by December Ethics is to develop begin in August. URAC Hastings Center and in 1995. More than Pricewaterhouse- 2000. eHealth seals for plans to work with TRUSTe Summit Steering 2,800 sites adhere Coopers, the health Web sites. to implement the program. Group after the to the HONcode. Internet Healthcare Hi-Ethics is currently The end of the third Summit and released Coalition, and updating its principles quarter of 2001 is in May 2000. RnetHealth. The with plans to release the target date for Organizations organization is version 2.0 of the issuance of the first endorsing the code working on position principles by December group of seals. include American statements on 2002. College of Preventive specific eHealth Medicine, Coalition for issues. Health Information Policy, drkoop.com, MedicaLogic/Medscap e, and URAC. Comparing eHealth Privacy Initiatives 7 Table 1. Comparison of Self-regulatory Efforts by Trade Associations (continued) Hi-Ethics TRUSTe and URAC and Internet Healthcare Health on the Net eHealth Initiative Hi-Ethics Hi-Ethics Coalition – eHealth (HON) Foundation (eHI) Ethics Initiative 3. Process Members of Hi-Ethics The eHealth seal willURAC will conduct annual Compliance with the Web sites apply for Members pay agree to adopt the be available for reviews of each site that it Code is voluntary. registration. A HON annual dues of ethical principles and Internet companies accredits to verify team member $2,500 to $25,000. pay a $20,000 annual that meet Hi-Ethics’ continuing compliance. inspects the site to eHI lobbies membership fee. In 14 standard URAC will investigate make sure that all of Congress. It June 2001, the principles of privacycomplaints. Sites that the principles are engages in membership fees were and professionalism violate the standards will followed. If advocacy, reduced by 70% to (see summary of Hi- be required to take accepted, a site is education, and other $1,500 per quarter. The Ethics Principles). corrective action or issued a unique ID informational organization also must withdraw from the program. number. Compliant activities to address be willing to participate Pricewaterhouse- There will be a $5,000 sites display the barriers to “realizing in the eHealth Seal Coopers is expected application fee. HONcode seal. The the promise of program administered to perform audits to sites are responsible eHealth,” including by TRUSTe. Now that ensure compliance for complying with privacy and security. the URAC accreditation with the principles. the HON principles. standards have been released, Hi-Ethics will be relying on URAC to verify a site’s adherence to the Hi- Ethics principles. Comparing eHealth Privacy Initiatives 8 Table 1. Comparison of Self-regulatory Efforts by Trade Associations (continued) Hi-Ethics TRUSTe and URAC and Internet Healthcare Health on the Net eHealth Initiative Hi-Ethics Hi-Ethics Coalition – eHealth (HON) Foundation (eHI) Ethics Initiative 4. Notice Members must adopt See Hi-Ethics Accredited Web sites must Sites that endorse the HONcode is silent Not applicable. privacy policies that are principles. prominently post the notice Code should clearly on the issue of easy for consumers to of all disclosures. They are disclose: that there notice. find, read, and also required to disclose to are potential risks to understand and provide users (1) what information user privacy on the users with reasonable about them is collected and Internet; what data notice of the member's how it is used, (2) to whom are being collected information practices, the information may be when users visit the including disclosure of: disclosed, (3) for what site; who is collecting collection or use of any purpose, (4) how long the the data; how the site information about the information will be retained, will use the data; user; collection or use (5) what rights the user has whether the site of aggregate data; and with respect to their knowingly shares data what, if any, access to personally identifiable with others; and with personal information information, (6) the entity which organizations or the site provides to that maintains their individuals the site unrelated third parties. information, and (7) shares data and how Member sites are also limitations on deletion or it expects its affiliates required to give notice removal of that information. to use that data. The to users of any changes If the site uses “passive site also must tell to its privacy policies. tracking mechanisms,” users how the site (e.g., cookies and Web stores the user’s bugs), the site must personal data and for disclose the use of such how long. mechanisms and the purpose for which they are used, obtain opt-in from users before using such mechanisms, provide means for subsequent opt- out if users previously agreed to tracking, and inform users of consequences of not agreeing to passive tracking. Comparing eHealth Privacy Initiatives 9 Table 1. Comparison of Self-regulatory Efforts by Trade Associations (continued) Hi-Ethics TRUSTe and URAC and Internet Healthcare Health on the Net eHealth Initiative Hi-Ethics Hi-Ethics Coalition – eHealth (HON) Foundation (eHI) Ethics Initiative 5. Choice/ Users are given See Hi-Ethics A site can collect personal Sites should not HONcode is silent Not applicable Consent “meaningful” choice to principles. health information only for collect, use or share on the issue of accept or decline the users who opt in and the personal data without consent. site’s collection and use site must describe the a user’s specific of personal information consequences for providing affirmative consent. provided by the user, and not providing the including consent to information. The opt-in transfer information to must be obtained from third parties. If a site users prior to the collection collects health-related and use of personal health personal information, information. The site must the site will use it only allow users, at any point, to as agreed to by the opt-out of the continued consumer or for collection and use of their purposes for which a information and/or request reasonable consumer deletion of that information. would expect the site to use that information. The site will not disclose health-related personal information to unrelated third parties or for unrelated purposes without consent of consumer (via opt-in procedure). If significant changes are made to the privacy policy that affects the use of health-related personal information collected prior to the change, the site will not make use of the information without first obtaining the consumer’s consent. Comparing eHealth Privacy Initiatives 10 Table 1. Comparison of Self-regulatory Efforts by Trade Associations (continued) Hi-Ethics TRUSTe and URAC and Internet Healthcare Health on the Net eHealth Initiative Hi-Ethics Hi-Ethics Coalition – eHealth (HON) Foundation (eHI) Ethics Initiative 6. Transpar- Member sites with See Hi-Ethics Accredited sites must Sites should clearly The site is required Not applicable. ency relationships with third principles clearly indicate to users indicate who owns or to clearly identify parties must adopt when they are leaving the has significant support for the Web procedures to inform site to go to a linked site. financial interest in the site, including consumers whether The site must disclose site, the purpose of commercial and third parties have what types of services it the site or service, noncommercial access to their provides, the terms and and any relationship a organizations that information from the conditions regarding those reasonable person have contributed site. The sites also services, appropriate uses would believe would funding, services or must disclose and limitations of those likely influence his or material for the site. information about site services, rights and her perception of the ownership, and responsibilities of the users information, products, financial sponsorship, and other participants. The or services offered by and strive to make it site must also disclose the site. Sites should apparent to consumers significant financial also clearly indicate when they move within investors and interests in when users are a site or leave one site the owner or the site, the leaving the site. for another. identity of the Web site owner, where to get more information about the owner, significant relation- ships with commercial sponsors, its advertising and sponsorship policies, and whether it has material financial and/or business relationships with linked sites. Comparing eHealth Privacy Initiatives 11 Table 1. Comparison of Self-regulatory Efforts by Trade Associations (continued) Hi-Ethics TRUSTe and URAC and Internet Healthcare Health on the Net eHealth Initiative Hi-Ethics Hi-Ethics Coalition – eHealth (HON) Foundation (eHI) Ethics Initiative 7. Access The site's privacy policy See Hi-Ethics The accredited site must Sites that collect HONcode is silent Not applicable. must provide, where principles. provide information to personal data should on the issue of appropriate, procedures users about how to access, make it easy for users users' access to the for consumers to review supplement and amend to review their data personal health and correct their their personal health and to update or information they personal information, or information. correct it. provide to Web to request that the site sites. delete the information and include a description of the effect of any changes on other information about the user. 8. Security The principles require See Hi-Ethics The site owner must Sites that collect HONcode does not Not applicable that privacy policies principles require a business partner personal data should: specifically address contain a positive agreement from third take reasonable steps security. commitment from the parties that have access to to prevent site to use security personally identifiable unauthorized access procedures to protect information on or obtained to or use of personal personal information it through the site. These data; adopt collects from misuse. third parties are held to the reasonable same or higher security mechanisms to trace standards as the owner of how the data are the site. If the site keeps or used; and assure that collects personal health when personal data information, the owner are de-identified, the must have on file a credible data cannot be linked auditor's report that finds back to the user. the site meets or exceeds industry security standards and practices to guard against unauthorized access to the information. URAC will evaluate the credibility of the security audits case-by-case. Comparing eHealth Privacy Initiatives 12 Table 1. Comparison of Self-regulatory Efforts by Trade Associations (continued) Hi-Ethics TRUSTe and URAC and Internet Healthcare Health on the Net eHealth Initiative Hi-Ethics Hi-Ethics Coalition – eHealth (HON) Foundation (eHI) Ethics Initiative 9. Additional If the site collects See Hi-Ethics The Web site cannot use A site should make The site is required Not applicable Restric- personal health principles personal health information reasonable efforts to to respect tions or information, it will use it for any purpose outside the ensure that sponsors, confidentiality, Protec- only for the purposes scope of the opt-in. The partners, or other honoring or tions expected by a Web site owner must affiliates abide by exceeding legal reasonable consumer. require a business partner applicable law and requirements of Third parties that have agreement from any third uphold the same medical/health access to health-related parties that have access to ethical standards as information privacy personal information personally identifiable the site itself. In that apply in the from the member site information on or obtained addition, health care country and state are required to follow through the site. The third professionals who where the site and the same principles. parties are held to the provide medical care its mirror sites are The site is also required same or higher privacy or advice online located. to take appropriate standards as the site should abide by precautions to prevent owner. ethical codes inadvertent disclosures governing their of personal information professions in face-to- to third parties and will face relationships, take immediate steps to which include: eliminate such protecting patient disclosures, if they confidentiality; occur, once they come disclosing to the attention of the sponsorships and site. financial incentives; and obeying relevant laws and regulations. Comparing eHealth Privacy Initiatives 13 Table 1. Comparison of Self-regulatory Efforts by Trade Associations (continued) Hi-Ethics TRUSTe and URAC and Internet Healthcare Health on the Net eHealth Initiative Hi-Ethics Hi-Ethics Coalition – eHealth (HON) Foundation (eHI) Ethics Initiative 10. Remarks The Hi-Ethics principles The January 2000 This is the first independent The Code was drafted Problem: Funding is Unlike the other offer a set of rules for CHCF survey found accreditation program for and adopted after not being renewed initiatives, eHI is an Web sites that offer that the presence of health Web sites. It is input from diverse when current advocacy health services, seals of approval intended for consumer- stakeholders, both contract expires in organization. It does products and from Internet trade oriented, online health users and providers of December 2001. not recommend information to groups had no resources. Potential eHealth information The principles are codes of conduct for consumers. The impact—positive or problem: accreditation fee and services. The very general and Web sites nor does principles address all of negative—on may be prohibitive. In Code provides therefore offer little it accredit or audit the criteria in this table. respondents’ addition, because of the standards on all of the guidance. They do these sites. willingness to submit collaborative relationships criteria in this table. not address the health information among URAC, Hi-Ethics specific privacy online. and TRUSTe, the three issues of notice, entities may need to make access, and it clearer to consumers consent. They are what role each of them will also silent on the play. For example, will a issue of online site that participates in the security. eHealth seal program also be required to meet the URAC accreditation standards? Comparing eHealth Privacy Initiatives 14 Table 2. Comparison of Guidelines and Requirements Established by Professional Organizations American Medical American Health American International National Board for National Association International Association (AMA) Information Association of Society for Mental Certified Counselors of Boards of Committee of Management Health Plans (AAHP) Health Online (NBCC) Pharmacy (NABP) Medical Journal Association (AHIMA) (ISMHO) Editors (ICMJE) 1. Type of Guidelines: Principles: Principles: Principles: Standards: Certification: Uniform Initiative "Guidelines for "Recommendations to "AAHP Principles "Suggested "Standards for the Verified Internet Requirements for Medical and Health Ensure Privacy and for Consumer Principles for the Ethical Practice of Pharmacy Practice Manuscripts Information Sites on Quality of Personal Information in an Online Provision of WebCounseling" Sites (VIPPS) Submitted to the Internet" Health Information on eHealth Mental Health program Biomedical the Internet" Environment" Services" Journals 2. Status Guidelines were Released August Approved by AAHP Principles officially The standards were Established by A group of editors published in March 2000. Board of Directors endorsed by last updated on NABP in spring of of general medical 2000 to guide the on June 5, 2000. ISMHO on June 21, 2000. 1999. journals met in development and January 9, 2000. 1978 to establish posting of Web site guidelines for the content on AMA format of sites. A committee manuscripts will review and submitted to their revise the journals. The guidelines as guidelines were necessary. published in 1979. They were revised in 1997 and sections were updated in May 1999 and 2000. Over 500 journals have agreed to use the guidelines. Comparing eHealth Privacy Initiatives 15 Table 2. Comparison of Guidelines and Requirements Established by Professional Organizations (continued) American Medical American Health American International National Board for National Association International Association (AMA) Information Association of Society for Mental Certified Counselors of Boards of Committee of Management Health Plans (AAHP) Health Online (NBCC) Pharmacy (NABP) Medical Journal Association (AHIMA) (ISMHO) Editors (ICMJE) 3. Process The AMA policy AHIMA offers these The principles are The principles are These standards To be VIPPS certi- Journals that agree applies to AMA principles as a intended for AAHP only suggestions are intended for use fied, a pharmacy to use the Web sites – medical blueprint for ensuring member health for addressing by WebCounselors. must comply with guidelines are journals, online the privacy and plans' ehealth practice issues WebCounselors the licensing and expected to state in discussion groups, quality of personal activities. They directly related to who are not inspection require- their instructions to chat rooms, etc. health information on represent only best online provision of National Certified ments of their state authors on how to Guidelines are the Internet. practices. mental health Counselors can and each state to prepare expected to be services. indicate at their which they dispense manuscripts that operational on AMA Web site their pharmaceuticals. their requirements sites. adherence to these The criteria for are in accordance standards but they certification include with the Uniform cannot publish the patient rights to Requirements and standards in their privacy and authen- to cite a version of entirety without tication and security the requirements written permission of prescription published in 1997 from NBCC. orders. Certified or later in those sites display the instructions. VIPPS seal. A user Guidelines also can view informa- apply to electronic tion about a specific publishing. pharmacy main- tained by NABP by clicking on the VIPPS seal, which is linked to the NABP VIPPS site. The fees for partici- pation depend on the size and type of pharmacy (i.e., community based vs. chain store) and include an applica- tion fee, annual participation fee, compliance review fee, and facility fee. Comparing eHealth Privacy Initiatives 16 Table 2. Comparison of Guidelines and Requirements Established by Professional Organizations (continued) American Medical American Health American International National Board for National Association International Association (AMA) Information Association of Society for Mental Certified Counselors of Boards of Committee of Management Health Plans (AAHP) Health Online (NBCC) Pharmacy (NABP) Medical Journal Association (AHIMA) (ISMHO) Editors (ICMJE) 4. Notice An AMA site must The notice of Health plans should The client should WebCounselors The VIPPS site only ICMJE does not provide a link to the information practices disclose: their be informed of: the should inform Web generally mentions specifically address site’s privacy policy should be policies and potential risks of clients of encryption the certification the issue of notice. on the home page conspicuously procedures to use receiving mental methods being used criteria, which or the site provided and in and safeguard health services to help insure include privacy. navigational bar. language that a confidentiality of online, such as security of There are no The policy should layperson can personal health breach of client/counselor/sup specific standards be easily accessible understand. A Web information and the confidentiality; the ervisor for protecting the to the user and the site should inform limitations of such safeguards being communications. If confidentiality of site should adhere consumers about safeguards; and taken by the encryption is not online patient health to its privacy what information is whether personal counselor and used, the client information. NABP principles. The site collected, by whom health information is could be taken by must be informed of coordinates the should not collect and how it will be collected through the client against potential hazards of efforts of state and personal used. The site should plans’ Web sites potential risks; any unsecured federal regulatory information unless inform users of the and how the exceptions to the communications on agencies to regulate voluntarily provided security measures information may be general rule – the online pharmacies. by the user after the that the site uses to used. client information Internet.WebCouns user is informed of protect their should be elors also should the potential use of information. The site released only with inform clients if, such information. If should notify users on the client’s how and how long personal the screen when they permission; and session data are information is being enter or leave the about copies or being preserved. collected, the site’s owner’s site. The site recordings of Session data may opt in process should maintain a communications include should include consumer-specific log with the client that WebCounselor/ explicit notice that of information are being WebClient email, personal disclosures and make maintained by the test results, information will be it available for review counselor. audio/video session saved and an by consumers. recordings, session explanation of how notes and the information will counselor/superviso be used and by r communications. whom. Comparing eHealth Privacy Initiatives 17 Table 2. Comparison of Guidelines and Requirements Established by Professional Organizations (continued) American Medical American Health American International National Board for National Association International Association (AMA) Information Association of Society for Mental Certified Counselors of Boards of Committee of Management Health Plans (AAHP) Health Online (NBCC) Pharmacy (NABP) Medical Journal Association (AHIMA) (ISMHO) Editors (ICMJE) 5. Choice/ AMA sites will not The site should AAHP principles do Confidentiality of The The VIPPS site only The guidelines Consent collect or allow third provide users with not address the client should WebCounseling generally mentions state that parties to collect meaningful consent. be protected. standards do not the certification identifying personal medical opportunities to make Information about address consent, criteria, which information should information without choices about what the client should but the NBCC Code include privacy. not be published in the express consent information is be released only of Ethics, which There are no written of the individual collected and how the with the client’s applies to all specific standards descriptions, after explaining the information will be permission. certified counselors, for protecting the photographs and potential uses of used – give users state that the confidentiality of pedigrees unless such information. right to opt in or out of information in online patient health essential for Identifying patient specific uses and counseling records information. NABP scientific purposes information should disclosures. belongs to the client coordinates the and the patient (or not be published Information should and therefore may efforts of state and parent or guardian) unless essential for not be collected not be released to federal regulatory provides written scientific purposes without the user’s others without the agencies to regulate informed consent and the patient knowledge. consent of the client online pharmacies. for publication. The gave express or when the published article informed consent counselor has should indicate for publication; exhausted when informed identifying data challenges to a consent has been should be omitted if court order. In obtained. not essential. Users’ addition, any data names and email derived from a client addresses should relationship and not be released to a used in training or third party without research that the user’s express cannot be disguised permission. Users to protect the should be able to client's identity may select whether the be used only as site will retain the expressly username and authorized by the password. Users client's informed should be able to and uncoerced opt in or out of consent. functions that track personal data. Comparing eHealth Privacy Initiatives 18 Table 2. Comparison of Guidelines and Requirements Established by Professional Organizations (continued) American Medical American Health American International National Board for National Association International Association (AMA) Information Association of Society for Mental Certified Counselors of Boards of Committee of Management Health Plans (AAHP) Health Online (NBCC) Pharmacy (NABP) Medical Journal Association (AHIMA) (ISMHO) Editors (ICMJE) 6. Access AMA recommend- The site should give The health plan ISMHO principles The The VIPPS site only ICMJE does not ations do not users the opportu-nity should have a do not address WebCounseling generally mentions address user address users' to see, copy and process in place to users' access to standards do not the certification access to personal access to personal append their records. respond to or direct mental health address client criteria, which health information health information The site should to the appropriate records. access, but under include privacy. they provide to a they provide to a specify when, where, recipient consumer the NBCC Code of There are no site. The focus of site. and how to access requests for or Ethics, all records specific standards the ICMJE individually identi- submission of must be released to for protecting the guidelines is fiable consumer clinically related the client upon confidentiality of publication of health data that is information. (Not request. online patient health materials. collected and clear if this principle information. NABP maintained but not refers to general coordinates the available at the clinical information efforts of state and particular ehealth site. or the consumer’s federal regulatory personal agencies to regulate information.) online pharmacies. 7. Transpar- All financial or The site should The health plan Clients should be The standards The VIPPS site only At a minimum, ency material support for clearly indicate on its should disclose if it informed of the mention self generally mentions biomedical journal electronic collec- home page or a page has a financial name and disclosure, I.e., the certification sites should tions of articles, directly accessible interest in a linked qualifications of a information about criteria, which indicate names of Web site content from the home page site and the identity counselor. the service provider include privacy. editors, authors, and other types of Web site ownership of any organizations Telephone that would be There are no contributors and online products or any relationships a that contribute numbers or web available if the specific standards. their affiliations; should be acknow- reasonable person funding to the site. page URLs of counseling were NABP will reveal conflicts of ledged and clearly would believe likely to relevant taking place face to coordinate the interests; and indicated on the influence the site’s institutions should face, but do not efforts of state and disclose site home page or via a information or be provided so address specifically federal regulatory ownership, link from the home services. that clients can disclosures of agencies to regulate sponsorship, page. Users should confirm financial interests online pharmacies. advertising and be notified on- information and support. commercial screen when they regarding a funding. In addition, are entering or counselor's it should be clearly leaving a secure qualifications. indicated if a site site and have the links to another site option to proceed or because of remain on the financial current site. considerations. Comparing eHealth Privacy Initiatives 19 Table 2. Comparison of Guidelines and Requirements Established by Professional Organizations (continued) American Medical American Health American International National Board for National Association International Association (AMA) Information Association of Society for Mental Certified Counselors of Boards of Committee of Management Health Plans (AAHP) Health Online (NBCC) Pharmacy (NABP) Medical Journal Association (AHIMA) (ISMHO) Editors (ICMJE) 8. Security The site should The site should obtain The principles state ISMHO principles Standards suggest The VIPPS site only ICMJE guidelines describe all security and maintain a list of that health plans suggest that extra that encryption generally mentions do not address software and authorized users. The should disclose safeguards be methods be used the certification security issues. encryption protocol site should develop, their policies and considered when whenever possible. criteria, which used on the site for implement, and procedures to the computer is When it is difficult to include privacy. financial adhere to policies that safeguard shared by others. verify the identity of There are no transactions. define whom, how, confidentiality and The client should the WebCounselor specific standards and when data can be the limitations of be informed of the or client, steps for protecting the entered or modified. those safeguards safeguards taken should be taken to confidentiality of Sites should develop, applicable to Web by the counselor. address imposter online patient health implement, and based systems, concerns. In information. NABP adhere to a rigorous although it does not addition, under the coordinates the information security specifically NBCC Code of efforts of state and infrastructure – recommend that Ethics, certified federal regulatory include appropriate security measures counselors must agencies to regulate policies, technology be taken and that ensure that data online pharmacies. and architect to these measures maintained in protect information ought to meet or electronic storage against threats to exceed industry are secure. The data integrity and standards. data must be limited repudiation. to information that is appropriate and necessary for the services being provided and accessible only to appropriate staff members. Counselors must also ensure that the electronically stored data are destroyed when it is no longer of value in providing services or required as part of clients' records. Comparing eHealth Privacy Initiatives 20 Table 2. Comparison of Guidelines and Requirements Established by Professional Organizations (continued) American Medical American Health American International National Board for National Association International Association (AMA) Information Association of Society for Mental Certified Counselors of Boards of Committee of Management Health Plans (AAHP) Health Online (NBCC) Pharmacy (NABP) Medical Journal Association (AHIMA) (ISMHO) Editors (ICMJE) 9. Additional The site should The site should Health plans should No other specific WebCounselors VIPPS pharmacies No other relevant Restric- ensure that the collect, maintain, and promote the use of protections or must work to ensure must maintain and protections or tions or current technology disclose data in a way de-identified or restrictions are the confidentiality of enforce policies and restrictions. Protec- and access that safeguards aggregate mentioned, their Web procedures to tions possessed by third personal information information. Health although the counseling assure patient parties adhere to and complies with plans should also principles do relationship—follow confidentiality and the site’s privacy federal and state laws work with vendors suggest that appropriate protect patient policies. The and regulations. The and practitioners to counselors follow procedures identity and patient- content published site should only promote the laws and other regarding the specific information within an AMA site collect and use health understanding of established release of from inappropriate should also adhere information for a the plans' guidelines that information for or nonessential to the patient necessary, lawful confidentiality apply to them. sharing Web client access, use or privacy and purpose. Health standards. information with distribution. anonymity information collected other electronic principles followed should be restricted to sources. Under the by JAMA and the what is necessary to NBCC Code of Archives Journals, carry out the Ethics, the which also apply to legitimate collections counseling informal interactive purposes. Privacy relationship and communications on protections should information that the site, including follow consumers’ results from that chat rooms and data (chain of trust). relationship remains discussion groups. The site should use confidential. appropriate education Certified counselors and training. Sites are responsible for that collect or display insuring that their identifiable health employees handle information should confidential make sure that the information data are documented, appropriately. authenticated, Confidentiality also corrected, stored, must be maintained retained, and during the storage destroyed in a and disposition of manner consistent records. with federal and state laws and regulations. Comparing eHealth Privacy Initiatives 21 Table 2. Comparison of Guidelines and Requirements Established by Professional Organizations (continued) American Medical American Health American International National Board for National Association International Association (AMA) Information Association of Society for Mental Certified Counselors of Boards of Committee of Management Health Plans (AAHP) Health Online (NBCC) Pharmacy (NABP) Medical Journal Association (AHIMA) (ISMHO) Editors (ICMJE) 10. Remarks The guidelines AHIMA has AAHP offers only The guidelines The NABP does not ICMJE tries to provide detailed developed detailed general principles only focus on WebCounseling regulate the online apply its offline rules for AMA Web principles for its for its member online delivery of standards are silent pharmacies. VIPPS standards for sites that provide membership and plans. The mental health on client access to certification is only a journal publication medical and health ehealth organizations principles do not services so they records maintained voluntary program to online posting of information, on protecting privacy address user do not address by the for Internet similar materials, however, they do and ensuring the control and consent. issues that may be WebCounselor and pharmacies. Online so its application is not address users’ quality of health relevant to other clients' consent to sites and limited. access to personal information on the types of mental the disclosure of practitioners are information they Internet. However, health sites, such their information to regulated by the provide to these compliance with the as information others, however, state boards of sites and whether principles is voluntary. based or patient they refer pharmacy. they can amend or driven sites. counselors to the supplement that NBCC Code of information. Ethics, which applies to all certified counselors and include standards on access and consent. Comparing eHealth Privacy Initiatives 22 Sources American Association of Health Plans, AAHP Principles for Consumer Information in an E-Health Environment (http://www.aahp.org/AAHP/Govt_Advocacy/LegacyDocs/PDF/board-5.pdf). American Health Information Management Association, Recommendations to Ensure Privacy and Quality of Personal Health Information on the Internet (http://www.ahima.org/infocenter/guidelines/tenets.html). eHealth Initiative (http://www.ehealthinitiative.org). Health On the Net Foundation, HON Code of Conduct (http://www.hon.ch/HONcode/Conduct.html). Hi-Ethics, Ethical Principles For Offering Internet Health Services to Consumers (http://www.hiethics.org/ Principles/index.asp). International Committee of Medical Journal Editors, Uniform Requirements for Manuscripts Submitted to Biomedical Journals (http://www.icmje.org/index.html). International Society for Mental Health Online, Suggested Principles for the Online Provision of Mental Health Services (http://www.ismho.org/suggestions.html). Internet Healthcare Coalition, eHealth Ethics Initiative, eHealth Code of Ethics (http://www.ihealthcoalition.org/ethics/ehcode.html). National Association of Boards of Pharmacy, Verified Internet Pharmacy Practice Sites program (http://www.nabp.net/vipps/intro.asp). National Board for Certified Counselors, The Practice of Internet Counseling (http://www.nbcc.org/ ethics/webethics.htm). TRUSTe and Hi-Ethics, E-Health Seal Program (http://www.truste.org/programs/pub_ehealth.html). URAC and Hi-Ethics, Health Web Site Accreditation (http://www.urac.org/programs/technologyhws.htm). M.A. Winker et al., Guidelines for Medical and Health Information Sites on the Internet American Medical Association, 283 JAMA 1600 (2000). Comparing eHealth Privacy Initiatives 23