Background: The CARIN Alliance Code of Conduct represents the consensus view of a group of multi-sector stakeholders that include leading providers, payers, health IT companies, EHR companies, consumer platform companies, consumers, caregivers and others focused on advancing consumer-directed exchange across the U.S. The Code is based on internationally recognized standards including the Code of Fair Information Practices (FIP) (indicated in italics below) and numerous other consumer information sharing accepted principles and practices. The Alliance is working collaboratively with other stakeholders and leaders in government to overcome the policy, cultural, and technological barriers to advancing consumer-directed exchange.
The CARIN Alliance Code of Conduct
The CARIN Alliance vision is to rapidly advance the ability for consumers and their authorized caregivers to easily get, use, and share their digital health information when, where, and how they want to achieve their goals. Specifically, we are promoting the ability for consumers and their authorized caregivers to gain digital access to their health information via open APIs. We envision a future where any consumer can choose any application to retrieve both their complete health record and their complete claims information from any provider or plan in the country.
As an organization that handles personally identifiable health care information outside of HIPAA, we commit to the following regarding how we will handle personally identifiable consumer health care data.
_________________________________________________________________________________
The CARIN Alliance strives to build consensus with industry leaders, consumer and caregiver advocates, and others. As such, submitted comments will be reviewed for consideration by CARIN Alliance participants in our respective workgroups. We strongly encourage comments from all, but are especially interested in hearing from patients and caregivers. If you are interested in joining our workgroups, please let us know on the Contact Us page.
The Principle of Collection Limitation, which provides that there should be limits to the collection of personal data, that data should be collected by lawful and fair means, and that data should be collected, where appropriate, with the knowledge or consent of the subject.
We will:
The Principle of Use Limitation, which provides that there must be limits to the internal uses of personal data and that the data should be used only for the purposes specified at the time of collection. The Principle of Disclosure Limitation, which provides that personal data should not be communicated externally without the consent of the data subject or other legal authority.
We will:
The Principle of Individual Participation, which provides that each individual should have a right to see any data about himself or herself and to correct or remove any data that is not timely, accurate, relevant, or complete.
We will:
The Principle of Security, which provides that personal data should be protected by reasonable security safeguards against such risks as loss, unauthorized access, destruction, use, modification or disclosure.
We will:
The Principle of Openness, which provides that the existence of record-keeping systems and databanks containing data about individuals be publicly known, along with a description of main purpose and uses of the data
We will:
The Principle of Data Quality, which provides that personal data should be relevant to the purposes for which they are to be used, and should be accurate, complete, and timely.
We will:
The Principle of Accountability, which provides that record keepers should be accountable for complying with fair information practices.
We will:
We will:
We will:
_________________________________________________________________________________________________________________________________________
The US-based, National Institutes of Health’s All of Us Research program developed a universal consent framework that is described in more detail in the reference document here. These concepts may be helpful for organizations who are looking to implement the principles within the CARIN Code of Conduct.