Top Searches
April 13, 2009
| Digital Health Care > Issues > Privacy Certification Program Aims to Ensure Patients’ Trust

Privacy Certification Program Aims to Ensure Patients’ Trust


By Neil Versel

September 3, 2008 | A former senior advisor in the Department of Health and Human Services (HHS) is heading up the first large-scale effort to certify health-IT products for adherence to privacy standards.

For the past month, William Yasnoff, has been the part-time chief executive and a board member of Patient Privacy Certified, a new, nonprofit affiliate of the Patient Privacy Rights Foundation (Austin, Texas). Deborah Peel, the founder and public face of Patient Privacy Rights, is serving as chair of the certification program.

“We come at the same issue from different perspectives,” Yasnoff tells Digital HealthCare & Productivity. Peel, a psychiatrist, has been adamant about protecting the confidentiality of information her patients confide in her, while Yasnoff, an advocate of health record banking, says trust is paramount to building an interoperable nationwide health-IT network .

“In order to make it work, you have to have trust, and in order to have trust, you have to have patient control,” says Yasnoff, the former senior advisor for what was then called the National Health Information Infrastructure at HHS, and now an Arlington, Va.-based consultant with a firm he calls NHII Advisors. “Privacy is absolutely essential to health record banking, and therefore absolutely essential to the success of health-IT,” he says.

For this reason, according to Yasnoff, privacy certification is about helping technology vendors meet consumer expectations for privacy of their health information.

Peel previously said that Microsoft HealthVault would be the first product to go through privacy certification testing and that electronic health records vendor e-MDs also has agreed to participate. Yasnoff says the HealthVault testing should take place fairly soon, though the criteria are “not quite finalized but nearly complete.”

He expects some public documents to be posted to a forthcoming Patient Privacy Certified Web site within 60 to 90 days.

Yasnoff does say, however, that Patient Privacy Certified is making security certification to either HIPAA or ISO 27002 standards a prerequisite for privacy testing. “A building can have good locks, but you can’t give everyone a master key,” he explains. “Our job is to figure out whether the right people are getting the keys and that no wrong people have the keys [to a patient’s health information].”

Privacy policies also must be in clear, easily understood language, with a minimum of passive voice. For example, Yasnoff explains, policies should not say, “This will happen,” but rather explain who is causing the action and why.

The privacy certification program will be funded solely by testing fees, paid in full in advance. “It can’t be large or we will not be able to be successful,” Yasnoff says of the yet-unannounced cost. Interoperability certification of ambulatory EHRs, through the Certification Commission for Health Information Technology (CCHIT), currently costs $28,000 for testing and the first year’s maintenance fees.

While CCHIT certification is good for up to three years, Yasnoff says that the privacy certification program likely will require annual testing as criteria evolve.

Click here to log in.

0 Comments

Add Comment

Text Only 2000 character limit

Page 1 of 1
White Papers & Special Reports

Translational Research Briefing ON Report
Sponsored by GenoLogics

The varied collection of Bio-IT World articles and insights assembled in this Briefing ON examines:

  • The impact of integrating clinical data back into the research and development pipeline.
  • Using information gathered from physical samples, databases, and clinical trials to benefit the design and performance of future research.
Download the complimentary report


Reducing bottlenecks in GMP Laboratories
Sponsored by Waters
Significant time is spent conducting quality control (QC) testing and documenting QC results during the pharmaceutical manufacturing process. GMP regulations require maintaining documentation to ensure strict compliance with established SOP’s. Completing paper documents and ensuring their authenticity creates a bottleneck in the QC laboratory. Waters® NuGenesis® SDMS Intelligent Procedure Manager, an electronic SOP workflow & documentation system, addresses the predominately manual activities required to perform an analytical method. Cycle times are reduced up to 50-75% as compared to a traditional paper trail thereby boosting productivity and accuracy.
Download the white paper


Managed Innovation, Assured Compliance
Developing, executing and managing the transformation, analysis and submission of clinical research data with SAS® Drug Development
Sponsored by SAS
Get better products to market faster. Download this white paper to discover the top ten challenges facing life science executives and how to overcome them. See how SAS Drug Development transforms clinical data into true innovation.
Download the paper
More White Papers & Special Reports
Life Science Webcasts & Podcasts

Medidata Solutions

“What Will Drive Tomorrow’s Health Business Innovation: Technology, Standards or New Business Models?”

This podcast will discuss the current state of health business innovation, particularly around providing solutions for clinical trials and drug development. Executives from Medidata and SAS will address the following questions:

  • Does the health industry need more technology to drive business innovation?
  • How does the current state of industry standards impact the ability of technology to drive business innovation?
  • Is the lack of integration, inability to enter clean data or data privacy issues posing barriers to fully exploiting today’s technology?
  • Are standards and technology adoption hindered by misaligned business models?

Speakers: Glen de Vries, President of Medidata Solutions, and Jason Burke, Global Director of Health and Life Sciences Market Segments, SAS.

Download Now


More Podcasts

Job Openings


Biotechnology Information Management team
Seeks an individual to strategically lead and drive solutions for data management needs stemming from external scientific collaborations. MS in Biology, Bioinformatics, Computer Science, etc. required. Applications must be submitted at www.monsanto.com for consideration. Select req # mons-00010265. We offer very competitive salaries and an extensive benefits package. Monsanto values diversity and is an equal opportunity employer. M/F/D/V

Support Engineer
Titian leads the industry in the supply of software that empowers customers in the management of their scientific samples. Located in Hopkinton, Massachusetts, this position is responsible for the resolution of customer support issues. Candidates should hold a 4 year degree, have a technical background in software or research informatics, have 4+years of experience supporting data management and software solutions, and be proficient in C#.NET, VB6, PL/SQL, ASP. For additional information on this position and our company, visit our website at www.titian.co.uk. To apply, email resume and salary history to [email protected].

Related Resources & Products

Disease-Related Biomarkers: Their Potential in Patient Screening, Prognosis, and Stratification
Disease-Related Biomarkers: Their Potential in Patient Screening, Prognosis, and Stratification
Patient Recruitment in Clinical Trials
Patient Recruitment and Retention 2008
Patient Recruitment and Retention 2008



For reprints and/or copyright permission, please contact The YGS Group, 1808 Colonial Village Lane, Lancaster, PA;

(717) 399-1900 ext. 125, or via email to [email protected].

Cambridge Healthtech Institute

  • 250 First Avenue, Suite 300
  • Needham MA 02494
  • phone: 781-972-5400
  • fax: 781-972-5425
  • [email protected]