Designed to Help Consumers Evaluate the Integrity of Emergency Medical Information and Identification Service Organizations
The non-profit MedicAlert Foundation published a "Code of Conduct" in an effort to help consumers evaluate the integrity of organizations providing emergency medical information and identification services. In addition, as part of the "Code of Conduct" the Foundation has established business practice standards for medical information and identification service organizations that house consumer health information. Across the country millions of consumers are using personal health records, emergency medical information services, personal medical alarms systems or medical identification jewelry services.
"The need for all organizations to have comprehensive policies to maintain the security of personal health information and provide truly useful emergency medical information and identification services is compelling," said Andrew B. Wigglesworth, President & CEO of MedicAlert Foundation. "The limited interim measure put in place by the FTC that only covers notification when there has been a breach of confidentiality for electronic health records is not sufficient."
The MedicAlert Foundation has focused on the privacy and security of member health information since its inception and currently manages over 2 million individual consumer records covering over 68,000 different medical conditions. Since 1956, the Foundation has provided the functionality of an e health information exchange for emergency medical services through an innovative combination of a unique patient identifier linked to a personal health record (PHR) and a live 24/7 emergency response service. In the absence of comprehensive industry standards or appropriate oversight by federal agencies, the Foundation believes the Code of Conduct will serve as a useful tool for consumers to evaluate the myriad of medical ID and PHR providers in the marketplace. As the trusted leader and pioneer of these services, MedicAlert Foundation also authored the Code of Conduct in an effort to initiate industry standards for the emergency medical information and identification sector.
On December 3rd, Mr. Wigglesworth participated in a roundtable discussion in Washington, DC sponsored by the Department of Health and Human Services and the Federal Trade Commission, to discuss the privacy and security requirements for PHRs maintained by "non-covered entities" under HIPAA. The Foundation supports current efforts by federal policymakers to examine and clarify the regulatory framework and oversight of organizations not covered by HIPAA to ensure the protection of consumers' personal health information. "With so many electronic platforms that carry sensitive information, it is crucial that every organization clearly inform their subscribers and the public of how and under what circumstances their personal information can be disclosed," Wigglesworth said. "However, security of personal health information is only one of the important issues consumers should be looking at when evaluating their choice of medical information management and identification services."
Medical IDs, PHRs and other systems, which are intended to ensure vital information is available in an emergency, help saves lives and are particularly valuable to the millions of Americans with chronic conditions. The Code of Conduct is part of the Foundation's continuing effort to educate the public and help make sure the value of these services are not undermined by the failure of some companies to meet basic performance requirements. In addition to privacy issues, the Code of Conduct covers a broad range of considerations that every consumer should look at when evaluating the selection of emergency medical information and identification service providers, including the types of services and their limitations, the capability of emergency response services, product safety and business practices.
The Foundation's Emergency Medical Information Record (EMIR(SM)) contains actionable information about a member's specific medical conditions, medications and dosages, allergies, implanted medical devices, list of emergency contacts, and other important data. All data is securely encrypted and members give their informed consent upon enrollment for the Foundation to share their information in an emergency. Authorized first responders in the field or hospital emergency department staff treating a member can access this valuable patient medical information and history in less than 60 seconds by communicating with the Foundation's emergency response center.
"Our emergency response center personnel are rigorously trained to meet the highest levels of privacy, and the security of our health IT operations and systems are audited by an independent third party," says Wigglesworth. "The Code of Conduct and related FAQs can be used as a guide by anyone looking to make informed choices about the hundreds, if not thousands, of companies offering medical IDs and the emergency medical information services needed to support them." Visit www.medicalert.org/safe to access both the consumer and organizational Code of Conduct.