The Virginia HISPC Project Charter, approved on May 28, 2008 by the Steering Committee, includes following 7 principles:
- Openness and Transparency - There should be a general policy of openness with respect to personal data.
- Purpose Specifications and Minimization - The purposes for which personal data are collected should be specified at the time of collection, and the subsequent use should have limited purposes.
- Collection Limitation - Personal health information should only be collected for specified purposes and should be obtained by lawful and fair means
- Individual Participation and Control - Individuals should control access to their personal information.
- Data Integrity and Quality - All personal data collected should be relevant to the purposes for which they are to be used.
- Security Safeguards and Controls - Reasonable security safeguards against such risks of loss or unauthorized access should be in place to protect personal information.
- Accountability and Oversight - Entities in control of personal health data must be held accountable for implementing these information practices.