Security by design

FederalStatePrivate Sector

Policymakers and the private sector should ensure that organizations effectively protect against unauthorized access to or misuse of consumers’ health and health-related information. This includes those collected by new technologies. Steps must be taken to prevent data that have been deidentified from being reidentified. 

Security controls should be embedded into products and services. Organizations, by default, should appropriately secure health and health-related information. 

Protections should be updated to keep pace with changing technology and privacy standards and developed with ample input from consumer.