Early Adopters: OneRecord signs the CARIN Code of Conduct
At OneRecord, our users are the center of everything. We understand their experiences personally. We treat them as equal participants on our mission to transform the healthcare system into a consumer-focused one. This includes being transparent about the relationship between their data and our platform. We don’t believe anyone should have to trade privacy for access to services. Our goal at OneRecord is simple. To build the best products for accessing and managing your health data, without compromising privacy and security.
On December 1, 2019, as part of our ongoing effort to lead the way for best practices built on a foundation of privacy and security have signed the CARIN Code of Conduct. We are proud to be early adopters and look forward to our continued involvement in the CARIN Alliance and the CARIN Code of Conduct.
Background
The CARIN Alliance, a multi-sector group of more than sixty health care and other stakeholders managed by Leavitt Partners, has released the CARIN code of conduct for how entities not covered by the Health Insurance Portability Accountability Act (HIPAA), such as third-party applications, can voluntarily handle health care data on behalf of consumers. For the first time, health care organizations and other organizations can have an enforceable code of conduct for third-party applications not covered by HIPAA to self-attest to in order to access health care data on behalf of consumers.
Supportive of recent legislative statutes, such as the 21st Century Cures Act, and ongoing regulatory measures, application programming interfaces (APIs) are being implemented by health care organizations across the country to allow consumers to access their health information on a third-party application of their choice. When personally identifiable health information is shared with applications, that information is considered consumer data and falls outside of the industry's current privacy and security practices under HIPAA. The CARIN code of conduct addresses how health care data should be handled by consumer-facing applications under Section 5(a) of the Federal Trade Commission Act, which encourages industry to develop consensus for what is meant by "unfair or deceptive acts or practices.
The CARIN code of conduct is based on a central theme – third-party applications need to ensure consumers, or their authorized caregivers, provide informed, proactive consent for how their health care data is collected, used, and shared, giving consumers complete access and control over the use of their health care data by entities not covered by HIPAA.
Want to read the full press release about the CARIN Code of Conduct? Click Here