A policy framework for public health uses of electronic health data.

Successful implementation of a program of active safety surveillance of drugs and medical products depends on public trust. This article summarizes how the initial pilot phase of the FDA's Sentinel Initiative, Mini-Sentinel, is being conducted in compliance with applicable federal and state laws. The article also sets forth the attributes of Mini-Sentinel that enhance privacy and public trust, including the use of a distributed data system (where identifiable information remains at the data partners) and the adoption by participants of additional mandatory policies and procedures implementing fair information practices. The authors conclude by discussing the implications of this model for other types of secondary health data uses.

DHHS wisely proposed to remove the "consent" requirement from the HIPAA privacy standards. Department of Health and Human Services.

The author contends that requiring advance written consent to use and disclose health information interferes with patient care, is unnecessary in view of other rigorous privacy protections, and imposes an unwarranted burden on healthcare providers. Consequently, the author commends DHHS for taking the "practical and apolitical step" of removing this requirement.

HIPAA privacy: the compliance challenges ahead.

This Article reviews the HIPAA Privacy Standards' impact on healthcare organizations. It discusses whether a healthcare organization is a "Covered Entity" under the regulations, what information the Privacy Standards protect, what restrictions the regulations place on the use and disclosure of protected health information, what individual rights the Privacy Standards create, and what agreements they require between healthcare organizations and their business associates. The author provides relatively extensive guidance to organizations that are embarking upon their voyage of compliance with these broadly applicable regulations, but notes that the full extent of necessary compliance remains unclear, pending DHHS issuance of the next iteration of the rulemaking in this area. The Article was finalized in January 2002, before HHS issued any modifications to the Privacy Standards.

Using electronic health information for pharmacovigilance: the promise and the pitfalls.

The Food and Drug Administration (FDA) is embarking on the "Sentinel Initiative" to create an electronic network operating across provider electronic health records, health plan claims databases, Medicare databases, and other data sources to monitor FDA-approved medical products. Many private research collaborations also are working to improve our "early warning" system for drugs, such as the eHealth Initiative Foundation (eHI) Connecting Communities for Drug Safety Collaboration, a public-private sector effort. In this article, the author examines a variety of legal issues from the compliance perspective of the private data sources participating in these drug safety programs. These legal issues include: the Food and Drug Act Administration Amendments Act of 2007; privacy laws, including the Health Insurance Portability and Accountability Act, federal alcohol and drug abuse treatment regulations, and state health information confidentiality laws; human subject research compliance; and tort liability.