Health Information Security and Privacy Collaborative (HISPC) Overview

Slides:

Advertisements

Similar presentations

National HIT Agenda and HIE John W. Loonsk, M.D. Director of Interoperability and Standards Office of the National Coordinator Department of Health.

Advertisements

Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.

HISPC-Illinois II The Public-Private Partnership Moves Forward on Privacy and Security.

Longitudinal Coordination of Care (LCC) Workgroup (WG)

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

NAU HIPAA Awareness Training

NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.

1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.

Beth DeLair, JD, RN DeLair Consulting, LLC. Discussion Topics Background Existing WI Requirements State Efforts to Change Law Senate Bill 487 Changes.

RTI International is a trade name of Research Triangle Institute 3040 Cornwallis Road ■ P.O. Box ■ Research Triangle Park, North Carolina, USA

The Patient as Steward of Healthcare Data Managing Consent Preferences John D. Halamka MD Louis Sullivan Lecture.

Minnesota Law and Health Information Exchange Oversight Activities James I. Golden, PhD State Government Health IT Coordinator Director, Health Policy.

Principles of medical ethics Lecture (4) Dr. rawhia Dogham.

HIT Policy Committee Accountable Care Workgroup – Kickoff Meeting May 17, :00 – 2:00 PM Eastern.

HIE Implementation in Michigan for Improved Health As approved by the Michigan Health Information Technology Commission on March 4, 2009.

1 Health Information Security and Privacy Collaboration (HISPC) National Conference HISPC Contributions to Massachusetts HIE Privacy and Security Progress:

1 Identity and Transparency ( Bridging the GAPS of Governance Bridging the GAPS of Governance in eGov Initiatives in eGov Initiatives )‏ Badri Sriraman.

1 Creation of State Legislation to Protect and Facilitate Use and Exchange of Electronic Health Information Shelley Carter, RN, MCRP, MPH 1, Maggie Gunter,

State Alliance for e-Health Conference Meeting January 26, 2007.

Steps for Success in EHR Planning Bill French, VP eHealth Strategies Wisconsin Office of Rural Health HIT Implementation Workshop Stevens Point, WI August.

Health Information Technology The Texas Landscape Presentation to TASSCC 2010 Nora Belcher Texas e-Health Alliance August 3, 2010.

ONCHIT – 3 NHIN Prototype and other Initiatives for Kentucky Kentucky e-Health Network Claudine Beron February 21, 2006.

State HIE Program Chris Muir Program Manager for Western/Mid-western States.

HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.

Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013.

HIT Policy Committee Privacy & Security Workgroup Update Deven McGraw Center for Democracy & Technology Rachel Block Office of Health Information Technology.

© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.

Assessing Quality of Care AHRQ State Healthcare Quality Improvement Workshop January 17, 2008 Rhonda Jaster Prevention Specialist.

Ecosystem Subcommittee Welcome Lynda Martel James Christiansen Gary Gordon Co-chairs Kickoff Meeting April 15, 2011.

Privacy and Security Solutions For Interoperable Health Information Exchange Presented by Linda Dimitropoulos, PhD RTI International Presented at AHRQ.

Kevin W. Ryan JD, MA Associate Director – ACHI Assistant Professor – UAMS COPH Rural TeleCon ’06 10th Annual Conference of the Rural Telecommunications.

HIT Standards Committee Overview and Progress Report March 17, 2010.

Moving the National Health Information Technology Agenda Forward The Fourth Health Information Technology Summit March 28, 2007 Robert M. Kolodner, MD.

HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Overview of ONC Report to Congress on Health Information Blocking Presented to the Health IT Policy Committee, Task Force on Clinical, Technical, Organizational,

HIT Policy Committee Meeting Nationwide Health Information Network Governance June 25, 2010 Mary Jo Deering, PhD ONC, Office of Policy and Planning NHIN.

PHDSC Privacy, Security, and Data Sharing Committee Letter to Governors.

State Alliance for e-Health Michelle Lim Warner, MPH Senior Policy Analyst NGA Center for Best Practices

Virtual Hearing of the Health IT Policy Committee Clinical, Technical, Organizational and Financial Barriers to Interoperability Task Force Friday, August.

1 An Overview of Process and Procedures for Health IT Collaboration GSA Office of Citizen Services and Communications Intergovernmental Solutions Division.

EHealth Initiative Business and Clinical Motivator Work Group January 21, :00 p.m. EDT.

HIMSS – Chicago – April, 2009 New Jersey - Health Information Technology – NJ HIT Act – Office for Health Information Technology Development - Recovery.

1 Vermont Health Information Technology Plan (VHITP) Workgroup Meeting April 11, 2007 VERMONT INFORMATION TECHNOLOGY LEADERS.

Health Information Exchange: Alaska’s Health Pipeline Alaska Bar Association Health Law Section February 2, 2012 Carolyn Heyman-Layne.

1 Vermont Health Information Technology Plan (VHITP) Workgroup Meeting March 14, 2007 VERMONT INFORMATION TECHNOLOGY LEADERS.

Incorporating Privacy Into Systems Development Methodology Phil Moleski Director Corporate Information Technology Branch Saskatchewan Health

VERMONT INFORMATION TECHNOLOGY LEADERS

Just In Time Project Management: Electronic Health Record in 8 Weeks

Health Technology Assessment

Update from the Faster Payments Task Force

Position Descriptions for Public Health Informaticians

Standards and the National HIT Agenda John W. Loonsk, MD

Health Information Exchange: Alaska’s Health Pipeline

VERMONT INFORMATION TECHNOLOGY LEADERS

SHARING CLINICAL DATA: Legal and Privacy Issues

Health IT Policy Committee Workgroup Evolution

UNLV Data Governance Executive Sponsors Meeting

HIMSS Advocacy Day Washington, DC April 1, 2004

American Health Information Management Association

AGREEMENT FOR TRANSPARENCY The Case of Mexico

Presentation to The Fourth National HIPAA Summit

Making Your IRBs and Clinical Investigators HIPAA-Ready

The Health Insurance Portability and Accountability Act

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Vermont Health Information Technology Plan (VHITP) Progress Update

Privacy in Nationwide Health IT

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

HLN Consulting, LLC® November 8, 2006

THE ENVIRONMENT THAT INFLUENCES NURSING CARE

Presentation transcript:

Health Information Security and Privacy Collaborative (HISPC) Overview John K. Evans Mike Berry VHITP Workgroup Call – April 4, 2007

Health Information Security and Privacy Collaboration Initiative HISPC’s Goals for the Privacy and Security Assessment Project 1. Identify and develop best practices to: Resolve barriers to health information exchange Propose solutions to address identified challenges 2. Get stakeholders involved, participating and contributing Seek consensus-based solutions and implementation plans in communities to increase local expertise about health information privacy and security protection 3. Support collaboration within and among states to: Foster stakeholder participation Maximize knowledge exchange Identify common solutions

Stakeholder Groups Pharmacies Clinicians Long-term care facilities Nursing homes Homecare and hospice Correctional facilities Professional associations and societies Medical and public health schools State government entities Clinicians Physician groups Federal health facilities Hospitals Payers (including employers that sponsor health plans) Public health agencies Community clinics Labs Individual consumers and consumer organizations

Consumer Focus Groups What is consumers' level of knowledge and assumptions about what is currently happening with PHI and health information exchange (HIE)? How do they feel about the benefits of HIE vs. the risk that the information could be misused? What are their thresholds for and views about authentication, audit, and access control? What needs to be in place (i.e., protections) in order for consumers to feel comfortable about their PHI being shared? If their PHI were available to them electronically, would they make use of it themselves, and how? What is the best way for them to learn/be educated about PHI and HIE? In short, what are their concerns and what are solutions?

HISPC Tasks 1. Assess variation in organization-level business policies and state laws Interim assessment of variation report 2. Formulate interim solutions and implementation plan Interim analysis of solutions report Interim implementation plan report

Major Themes: Variations Infrastructure needed to support interoperability greatly lacking. Infrastructure needed to support intraoperability greatly lacking. Entity authentication procedures are highly variable and are not reliable. Redundancy and inconsistency of consent between entities to exchange health information to treat patient.

Major Themes: Variations There is a wide variation in the ways in which payers interface with health care entities. IRB oversight includes a review of how information will be stored, but not necessarily exchanged. There is some disagreement among stakeholders that they would or would not obtain PHI under specific scenarios.

Major Themes: Variations HR departments are dealing with issues of access control, security of physical plant and packaging of PHI as it relates to employee records, specifically related to ADA compliance, Family Leave and return to work related laws and policies. The granularity, complexity and thoroughness of privacy and security measures is related to the amount of PHI that is exchanged and/or the sensitive nature of the health conditions. Under urgent circumstances PHI is shared more readily without patient consent.

Solutions  Implementation Plan State-proposed solutions Education Infrastructure Framework for Privacy & Security Technology Requirements Solutions for Role-based Access Control Patient Control “Break the Glass” National-level recommendations Correlating Patient Records Patient Consent

Implementation Deliverables Identify barrier Provide solution overview Summary of effective practices Planning assumptions and decision Implementation scope: Ownership and responsibilities Identification of required tasks Timeline and milestones Projected costs and required resources Possible barriers Impact on affected stakeholders Means of tracking, measuring and reporting progress

HIE Commission Concept Concept of an independent entity raised in 4 solutions Consistent with HIT Plan VHITP Principles: I: Vermonters will be confident that their health care information is secure and private and accessed appropriately. 32: Plan as a Living, Evolving Document

Next Steps Final Solutions Report Meet with VITL Executive Committee Final Implementation Report Questions or Comments Welcome