Omnimedix Institute Policy Statement

Patient Privacy and Personal Health Information Systems

View PDF 

PORTLAND, Oregon - August 6, 2007

Omnimedix Institute was incorporated in 2004 as a 501(c)(3) public charitable organization.  We believed from the outset that only a non-governmental, non-commercial organization would be trusted across the American political spectrum with the highly sensitive job of developing and deploying a personal health information system.

The public mission and true non-profit status of Omnimedix Institute - as opposed to a government agency, commercial vendor, or corporate sponsored non-profit 501(c)(6) special industry group – provides public assurance of independence, trustworthiness, and security. Among its recent projects, Omnimedix Institute developed the organizational and technical architecture underlying the Dossia™ initiative, and the data handling and management subsystems it required, with the goal of meeting the needs of a well-defined population for access to and control over its own health information.  We have long believed that organizations holding personal health information in trust for an employee, consumer, beneficiary or patient must address the following areas: (1) the security of the system; (2) the governance model; (3) auditing and transparency; and (4) patient control.

1. System Security - Systems that hold patient data in trust must deploy state-of-the-art technologies to protect privacy.  Omnimedix Institute is a leader in developing and applying highly secure software solutions that protect personal health information and ensure that it is under the control of employees, consumers, beneficiaries or patients.
   
2. Governance and Trust - Institutional independence is required to assure the public that personal medical and other health data is truly protected from institutions that might use it to engage in medical, economic, employment and other discrimination. The importance of the institutional independence of a personal health data repository is highlighted by numerous studies indicating that employers and health insurers are the two least trusted providers of personal health information systems.
3. Transparency and Auditing – Independent auditing of all data repositories and personal health information systems is essential.  Omnimedix Institute is also committed to meeting and exceeding all existing legal standards for patient privacy protection, including those of HIPAA and state specific requirements.
4. Patient Control - Users must have the right to opt-in to participation in a data repository and to be fully informed about access to and uses of data in that repository. People should have access to an audit trail for all instances of access to their personal health data.

In the area of personal health data storage and access, all of Omnimedix Institute's technical development activities, legal and other actions, and public policy activities are carried out in support of these objectives and beliefs. We encourage all systems that hold employee, consumer, beneficiary or patient data in trust to describe their approaches in each of these areas.