HITECH Modifications to HIPAA

Slides:



Advertisements
Similar presentations
National HIT Agenda and HIE John W. Loonsk, M.D. Director of Interoperability and Standards Office of the National Coordinator Department of Health.
Advertisements

Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.
A Plan for a Sustainable Community Behavioral Health Information Network Western States Health-e Connection Summit & Trade Show September 10, 2013.
HIT Policy Committee Federal Health IT Strategic Plan April 13, 2011 Jodi Daniel, ONC Seth Pazinski, ONC.
ONC Policy and Program Update Health IT Standards Committee Meeting February 20, 2013 Jodi Daniel, Office of Policy and Planning, ONC.
Electronic Submission of Medical Documentation (esMD) Face to Face Informational Session esMD Requirements, Priorities and Potential Workgroups – 2:00pm.
ONC Privacy and Security Update May 7, 2013 Joy Pritts, JD Chief Privacy Officer.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
Series 1: “Meaningful Use” for Behavioral Health Providers 9/2013 From the CIHS Video Series “Ten Minutes at a Time” Module 10: HIPAA Privacy & Security.
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.
Project Proposal to IHE: Implementation Guide for Data Segmentation For Privacy (DS4P) over REST Submitted by S&I Framework Data Segmentation for Privacy.
A San Diego Health Information Exchange San Diego Health Care Association April 26 th, 2012 Jami Young, MPA San Diego Beacon Project Manager.
Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.
Texas Approach to Supporting Statewide Health Information Exchange January 2013.
A Primer on Healthcare Information Exchange John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.
User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.
Connecting Health and Care for the Nation: A Shared Nationwide Interoperability Roadmap – DRAFT Version 1.0 Joint FACA Meeting Chartese February 10, 2015.
Informed Consent and HIPAA Tim Noe Coordinating Center.
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
Achieving Interoperability Doug Fridsma, MD, PhD, FACMI Director, Office of Standards & Interoperability, ONC 1.
Presentation to HL7 S&I Framework Data Segmentation for Privacy Initiative 9/25/2013 Johnathan Coleman, CISSP Initiative Coordinator, Data Segmentation.
August 10, 2011 A Leading Provider of Consulting and Systems Engineering Services to Public Health Organizations.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Privacy and Security Tiger Team Recommendations Adopted by The Health IT Policy Committee Relevant to Consumer Empowerment May 24, 2013.
Colorado Children and Youth Information Sharing (CCYIS) Educational Stability Summit April 10, 2015.
Privacy and Security Tiger Team Today’s Discussion: Query/Response Scenarios for Health Information Exchange and MU3 RFC Comments April 30, 2013.
Privacy and Security Tiger Team Today’s Discussion: MU3 RFC Comments May 8, 2013.
Update on Federal HIT Legislation Kirsten Beronio Mental Health America.
Medicaid EHR Incentive Program Meaningful Use: Patient Engagement Kim Davis-Allen, Outreach Coordinator
Nationwide Health Information Network: Conditions for Trusted Exchange Request For Information (RFI) Steven Posnack, MHS, MS, CISSP Director, Federal Policy.
State Alliance for e-Health Conference Meeting January 26, 2007.
Data Gathering HITPC Workplan HITPC Request for Comments HITSC Committee Recommendations gathered by ONC HITSC Workgroup Chairs ONC Meaningful Use Stage.
Chapter 6 – Data Handling and EPR. Electronic Health Record Systems: Government Initiatives and Public/Private Partnerships EHR is systematic collection.
State HIE Program Chris Muir Program Manager for Western/Mid-western States.
HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.
Data Segmentation for Privacy Agenda All-hands Workgroup Meeting May 9, 2012.
HIT Policy Committee Privacy & Security Workgroup Update Deven McGraw Center for Democracy & Technology Rachel Block Office of Health Information Technology.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Draft – discussion only Advanced Health Models and Meaningful Use Workgroup June 23, 2015 Paul Tang, chair Joe Kimura, co-chair.
Privacy and Security Tiger Team Today’s Discussion: Query/Response Scenarios for Health Information Exchange and MU3 RFC Comments Summary April 15, 2013.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
January 26, 2007 State Alliance for e-Health January 26, 2007 Robert M. Kolodner, MD Interim National Coordinator Office of the National Coordinator for.
Health Information Exchange Roadmap: The Landscape and a Path Forward Primary and Behavioral Health Care Integration Program Grantee.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
Creating an Interoperable Learning Health System for a Healthy Nation Jon White, M.D. Acting Deputy National Coordinator Office of the National Coordinator.
Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.
Kentucky eHealth Summit Michael R. Lardiere, LCSW Vice President Health Information Technology and Strategic Development The National Council for Community.
The Patient Choice Technical Project Pilots Working Group May 20, 2016.
HIMSS – Chicago – April, 2009 New Jersey - Health Information Technology – NJ HIT Act – Office for Health Information Technology Development - Recovery.
© 2014 By Katherine Downing, MA, RHIA, CHPS, PMP.
The Medical College of Georgia HIPAA Privacy Rule Orientation.
COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,
Health Information Exchange: Alaska’s Health Pipeline Alaska Bar Association Health Law Section February 2, 2012 Carolyn Heyman-Layne.
Our pledge: reliability, integrity and trust
The Value of Performance Benchmarking
Project Proposal to IHE IHE ITI Representational State Transfer (REST) Transport Implementation Guide for Data Segmentation for Privacy (DS4P) Submitted.
eHealth Standards and Profiles in Action for Europe and Beyond
INSPIRE and the role of Spatial Data Interest Communities (SDIC)
Randall (Randy) Snyder, PT, MBA Division Director January 27, 2016
Refuah Community Health Collaborative (RCHC) PPS
Commonwealth of Virginia Health Information Technology
Regional Health Information Exchange: Getting There
Electronic Health Record Update
1915(i)& (k) Implementation Update
HIMSS National Conference New Orleans Convention Center
Enforcement and Policy Challenges in Health Information Privacy
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
CyberSecure: Your Medical Practice
Health Information Exchange for Eligible Clinicians 2019
Presentation transcript:

ONC Privacy and Security Update May 7, 2013 Joy Pritts, JD Chief Privacy Officer

HITECH Modifications to HIPAA OCR published Final Rule January 25, 2013 2013 Compliance date September 23, 2013 Office of the National Coordinator for Health Information Technology

HITECH Modifications to HIPAA Some key provisions Finalizes breach notification rule Extends use and disclosure provisions of HIPAA Privacy Rule and most requirements of HIPAA Security Rule to business associates Clarifies patient right to access electronic health information Patient right to restrict providers disclosing health information to plans when paying out of pocket Office of the National Coordinator for Health Information Technology

Executive Order 13636— Improving Critical Infrastructure Cybersecurity Published February 19, 2013 Health and public health care considered to be a critical infrastructure sector (since 2003) http://www.gpo.gov/fdsys/pkg/FR-2013-02-19/pdf/2013-03915.pdf 12/30/2017 Office of the National Coordinator for Health Information Technology

Executive Order 13636— Improving Critical Infrastructure Cybersecurity Increase government sharing cybersecurity information with private sector critical infrastructure and state and local governments NIST to lead development of a framework to reduce cyber risks 12/30/2017 Office of the National Coordinator for Health Information Technology

Executive Order 13636— Improving Critical Infrastructure Cybersecurity Identifying critical infrastructure at greatest risk—cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security A very high bar 12/30/2017 Office of the National Coordinator for Health Information Technology

NSTIC: Health Related Pilot Overview Resilient Network Systems, in partnership with the American College of Cardiology (ACC), The American Medical Association (AMA), LexisNexis, NaviNet, ActiveHealth Management, the San Diego Beacon eHealth Community, Gorge Health Connect, the Kantara Initiative, and the National eHealth Collaborative (NeHC) will implement a Trust Network infrastructure to enable convenient multi-factor, on-demand identity proofing and authentication of patients, physicians and staff on a national scale. The pilot’s use cases will facilitate patient-centered coordination of care among a select group of primary care physicians and cardiologists by enhancing existing automated systems for secure, HIPAA-compliant access to electronic referral (eReferral) and Transfer of Care messaging and an advanced clinical decision support service. 12/30/2017 Office of the National Coordinator for Health Information Technology

NSTIC Pilot Participants San Diego Beacon eHealth Community Select subset of physicians as pilot sites Interface with their Mirth Mail messaging system with Direct HISP Access their Axolotl HIE platform Gorge Health Connect Interface with their Medicity iNexx eReferral system with Direct HISP Access their Medicity HIE platform Policy Authority Service Neutral policy authority service on Trust Network will mitigate liability by ensuring alignment of policies and services to comply with relevant regulations and best practices. National eHealth Collaborative (NeHC) Publish neutral policy authority service on Trust Network to mitigate liability by ensuring alignment of policies and services to comply with relevant healthcare regulations Coordinate HIE stakeholders to advise on policy and technology requirements for pilot phases, and plans for transition to production and commercialization 12/30/2017 Office of the National Coordinator for Health Information Technology

Trust Services (IDP, Discovery, ZK, etc) PCC Pilot Overview Mirth Mail Medicity INexx Direct Gateway RNS Trust Broker PCP User at La Clinica (Gorge) Cardiologist at UCSDMC (SD Beacon) RNS Access Server RNS Trust Graph Service Policy Authority PCC Pilot Overview HTTP/S (with APIs) Trust Network RNS Internal RNS SAML API DIRECT Protocol Trust Service Connector for ActiveHealth CareEngine® RNS Credential Syndicate ActiveHealth Care Engine Web Service Trust Services (IDP, Discovery, ZK, etc) User Directories (Beacon / Gorge) Third Party Authentication / Authorization Services

Office of the National Coordinator for Health Information Technology Current Status The Direct gateway has been prototyped & preliminarily tested. The ActiveHealth integration is being prototyped now. Agreements in place for use of directories, attribute providers & the eReferral tools. 12/30/2017 Office of the National Coordinator for Health Information Technology

Snapshot of OCPO Research Snapshot of OCPO Research & Internal Initiatives Data Segmentation for Privacy Initiative Mobile Device Security Resources Privacy and Security Educational and Training Materials Snapshot of OCPO Research 12/30/2017 Office of the National Coordinator for Health Information Technology 10 10

Data Segmentation for Privacy: HITECH Mandate Public Health Service Act Sec. 3002 (2) The HIT Policy Committee shall make recommendations for at least the following areas: ‘‘(i) Technologies that protect the privacy of health information and promote security in a qualified electronic health record, including for the segmentation and protection from disclosure of specific and sensitive individually identifiable health information with the goal of minimizing the reluctance of patients to seek care (or disclose information about a condition) because of privacy concerns, in accordance with applicable law.” 12/30/2017 Office of the National Coordinator for Health Information Technology

HITPC Prior Proceedings Tiger Team hearing on technology in Summer 2010 Recommendations September 2010 Technology is promising but in early stages Need to further experience and stimulate innovation for granular consent ONC should make it a priority to further explore Find evidence (such as through pilots) for models that have been implemented successfully ONC gave HITPC last update Fall 2012 12/30/2017 Office of the National Coordinator for Health Information Technology

Data Segmentation for Privacy Initiative Standards and Interoperability Initiative Strong Community Participation 306 Participating Individuals 100 Committed Members 94 participating Organizations Completed Use Case available for review at: http://wiki.siframework.org/Data+Segmentation+WG+Consensus Includes 6 scenarios that demonstrate need for: Push and pull transactions Protection of substance abuse, HIV, and Sickle-Cell Anemia treatment information (as defined by 42 CFR Part 2 and 38 U.S.C. § 7552) Electronic implementation of HITECH modification of HIPAA that allows patient to withhold information from payers when paying out of pocket for their care 12/30/2017 Office of the National Coordinator for Health Information Technology 13 13

Initiative Accomplishments Data Segmentation for Privacy Use Case document. Uses include electronically implementing existing laws including: 42 CFR Part 2: Federal Confidentiality of Alcohol and Drug Abuse Patient Records regulations protect specific health information from exchange without patient consent. Recipient may not re-disclose without patient consent. Title 38, Section 7332, USC : Laws protecting certain types of health data coming from covered Department of Veterans Affairs facilities and programs. Types of data include sickle cell anemia, HIV, and substance abuse information. 12/30/2017 Office of the National Coordinator for Health Information Technology 14

Initiative Accomplishments Implementation Guide describing recommended standards for privacy metadata, organized by transport mechanism: SOAP: Provides support for NwHIN / eHealth Exchange. SMTP: Provides support for DIRECT ( REST: HL7 hData Record Format or IHE Mobile Access to Health Documents (MHD) Profile. Analysis of HITSC recommendations for privacy metadata supporting the PCAST vision for tagged data elements. Executive Summary Document (Community Draft) DS4P Implementation GuideTest Procedures 12/30/2017 Office of the National Coordinator for Health Information Technology

Layered Approach for Privacy Metadata Technical Approach Layered Approach for Privacy Metadata “Russian doll” concept of applying metadata with decreasing specificity as layers are added to the clinical data. Privacy metadata uses standards to convey: Confidentiality of data in clinical payload Obligations of receiving system Allowed purpose of use 12/30/2017 Office of the National Coordinator for Health Information Technology 16

DS4P Pilot Status Pilot Name Development Status Data Types/ Policies Use Case Scenarios Scalability VA/ SAMHSA Testing Complete Title 38 Section 7332 -Sickle cell anemia -HIV related information -Substance abuse information As of May 2013 pilot has tested all applicable parts of the DS4P IG Direct and Exchange, incl. Break Glass Capabilities being integrated into iEHR and eHealth Exchange Intended to be offered as enterprise access control service Software & Technology Vendors Association SATVA Requirements Development /Technical Testing 42 CFR Part 2, NY HIV (planned) Production in 2013 Direct and Exchange incl. Break Glass Anasazi Exchange and HEALTHeLink agreed to pilot to Anasazi providers NETSMART Testing with Tampa 2-1-1 system 42 CFR Part 2 HIV Status (Public Health) Pilot evaluation results Sep/Oct 2013 Direct and Exchange Plans to work with Illinois HIE, Kansas Health Network and Tampa Bay Network to pilot JERICHO/ University of Texas Requirements Development (Early Stages) Dec 2013 HIE/Exchange Scenarios A provider and government agency are considering participation Greater New Orleans HIE GNOHIE Completing Sprints, Developing Test Cases Records for approx 215K patients from 10 organizations and 21 clinics DS4P Pilot Status 17

Mobile Device Security Resource Center Mobile Device Security Resource Center for Providers and Professionals Mobile Device Security Resource Center Tips and information providers and professionals can use to: Protect and secure health information when using a mobile device Understand their organization’s mobile device policies and procedures Five steps organizations can take to manage mobile devices

Materials Available Online Materials available for download on HealthIT.gov/mobiledevices include: Fact sheets Posters Brochures Postcard Materials Available Online

Training Materials: Security Video Game Released We are working on other activities to assist providers… 20 20 20

Helping Providers Integrate Privacy & Security Into Their Culture Helping Providers Integrate Privacy and Security into Their Culture Helping Providers Integrate Privacy & Security Into Their Culture Designed to help health care practitioners and practice staff understand the importance of privacy and security of health information at various implementation stages Developed with assistance from the American Health Information Management Association (AHIMA) Foundation, with input from OCR and OGC Being updated to reflect HITECH changes *OCPO developed this guide with assistance from an ONC cooperative agreement partner, the American Health Information Management Association (AHIMA) Foundation. We recently released a Guide to Privacy and Security of Health Information, Designed to help health care practitioners and practice staff better understand the important role privacy and security in the use of EHRs and how to conduct the best practices to safeguard health information Privacy and security are key components to building the trust required to realize the potential benefits of electronic health information exchange. Protecting the privacy and security of health information must be a primary goal of health care providers and organizations. It’s also a vital part of Meaningful Use.  We issued the guide to give providers/organizations with a useful tool to help them integrate privacy and security into their medical practices (including HIPAA and Meaningful Use requirements). Overall goal of the goal of the guide is to help ensure the privacy and security of health information, including information in electronic health records (EHR) and mobile devices.  Instructional guide designed to help healthcare practitioners, staff, and other professionals better understand the important role privacy and security play in the use of electronic health records (EHRs) and Meaningful Use. 21 21

Office of the National Coordinator for Health Information Technology The End 12/30/2017 Office of the National Coordinator for Health Information Technology 22 22

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.