ACP Calls for Improving Privacy Protections to Increase Trust in Digital Health Technology

Washington, DC (April 27, 2020) — Today the American College of Physicians (ACP) released a new policy paper that seeks to improve the existing health information privacy framework and expand similar privacy guardrails in which physicians have practiced for decades to entities that are not currently governed by privacy laws and regulations. Published in Annals of Internal Medicine, the new policy paper titled “Health Information Privacy, Protection, and Use in the Expanding Digital Health Ecosystem: A Position Paper of the American College of Physicians” offers principles and evidence-based recommendations for health information privacy, protection, and use.

“Health information technology and electronic health records systems surely possess the power to enhance the patient-physician relationship and value of care tremendously,” said Jacqueline W. Fincher, MD, MACP, president, ACP. “Patients being able to track their glucose levels, schedule an appointment, and easily access their latest records online are all just a small window into the opportunity digital health technology provides -- all of which requires a great amount of trust for all parties involved.”

Technologic advancements and ongoing efforts to improve access to and exchange of valuable health information will undoubtedly help improve the US health care system. However, these advancements have led to other challenges around privacy protections for personal health information that is generated and collected, both within and outside of traditional health care. To maintain trust within the patient-physician relationship, these challenges must be addressed through establishing comprehensive health information privacy and security protections that are transparent, understandable, adaptable, and enforceable.

The following policy principles were drafted to build upon ACP health information privacy policy for the evolving digital health landscape:

Principle 1: ACP believes that protecting the privacy and security of personal health information collected both within and outside the health care system—while providing individual rights to that information—is essential for fostering trust in the evolving digital health care system, maintaining ethical standards and respect for persons, and promoting the safe delivery of health care.

Principle 2: ACP supports increased transparency and public understanding and improved models of consent about the collection, exchange, and use of personal health information within existing HIPAA rules as well as for entities collecting, exchanging, and using personal health information outside the health care system.

Principle 3: ACP believes that the confidentiality of personal health information is a fundamental aspect of medical care, and physicians and other clinicians have an obligation to adhere to appropriate privacy and security protocols to protect individual privacy.

Principle 4: ACP believes that health IT and other digital technologies, including personalized digital health products, should incorporate privacy and security principles within their design as well as consistent data standards that support privacy and security policies and promote safety.

Principle 5: ACP supports oversight and enforcement to ensure that all entities not currently subject to HIPAA rules and regulations and that interact with personal health information are held accountable for maintaining confidentiality, privacy, and security of that information.

Principle 6: ACP believes that new approaches to privacy and security measures should be tested before implementation and regularly reevaluated to assess the effect of these measures in real-world health care settings.

“Patients must be able to trust in the power of digital health technology and can only truly do so if they feel their private information is being safeguarded on all levels,” continued Dr. Fincher. “It is our hope as frontline physicians who use these technologies every day, that the implementation of the recommendations offered in this paper will help ensure more comprehensive health information privacy and security protections.”


About the American College of Physicians

The American College of Physicians is the largest medical specialty organization in the United States with members in more than 145 countries worldwide. ACP membership includes 163,000 internal medicine physicians (internists), related subspecialists, and medical students. Internal medicine physicians are specialists who apply scientific knowledge and clinical expertise to the diagnosis, treatment, and compassionate care of adults across the spectrum from health to complex illness. Follow ACP on Twitter, Facebook, and Instagram.

Contact: Taneishia Bundy, (202) 261-4523,