NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.

Slides:



Advertisements
Similar presentations
Ann Johnson IRB Administrator, IRB Member. Objectives 1. Identify the components necessary for management and oversight of tissue repositories used for.
Advertisements

Open Library June 4, 2004 Informed Consent Process and Federal Regulations That Must Be Met to Waive Informed Consent Tracey Craddock Regulatory Compliance.
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
RESEARCH COMPLIANCE Agenda 1. No Destruction of local research documents after scanning 2. Training for shipping biological samples/specimens 3. Regulatory.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Informed consent requirements
Protecting the Privacy of Family Members in Survey and Pedigree Research Jeffrey R. Botkin, MD, MPH University of Utah.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.
1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.
CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.
Health Data Flows: Where PETs Can Help PORTIA Workshop on Sensitive Data July 8, 2004 Anna Slomovic, PhD Electronic Privacy Information Center.
Informed Consent and HIPAA Tim Noe Coordinating Center.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
Minnesota Law and Health Information Exchange Oversight Activities James I. Golden, PhD State Government Health IT Coordinator Director, Health Policy.
“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January.
HIPAA PRIVACY AND SECURITY AWARENESS.
ORO Reviews: Frequent Findings Related to IRBs Bob Brooks Associate Director Research Compliance Education and Policy VHA Office of Research Oversight.
Confidentiality and Security Issues in ART & MTCT Clinical Monitoring Systems Meade Morgan and Xen Santas Informatics Team Surveillance and Infrastructure.
1 Healthcare Privacy and Security: Concepts and Challenges Dixie B. Baker, Ph.D. Chair, HIMSS Privacy and Security Advocacy Task Force.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.
Office of the Secretary Office for Civil Rights (OCR) The HITECH NPRM: Overview of Research Comments October 19, 2010 Christina Heide, JD HHS Office for.
HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.
Privacy in Healthcare Challenges Associated with Implementing Privacy in an Electronic Health Records Environment John P. Houston, J.D. Vice President,
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
HIT Policy Committee Privacy & Security Workgroup Update Deven McGraw Center for Democracy & Technology Rachel Block Office of Health Information Technology.
HIPAA SURVIVAL SKILLS: An Update University of Miami1 Marisabel Davalos, M.S.Ed., CIP Associate Director of Educational Initiatives November, 2008.
Privacy and Confidentiality. Definitions n Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally,
Draft – discussion only Advanced Health Models and Meaningful Use Workgroup June 23, 2015 Paul Tang, chair Joe Kimura, co-chair.
PSWG Hearing: Big Data for Community Health Initiatives Leslie P. Francis Distinguished Alfred C. Emery Professor of Law Distinguished Professor of Philosophy.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.
The Paradox in HIPAA Deven McGraw, JD, MPH, LLM Partner Manatt, Phelps & Phillips, LLP December 8, 2014.
Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.
Integrating a Federated Healthcare Data Query Platform With Electronic IRB Information Systems Shan He IPHIE 2010.
TISSUE REPOSITORIES: THE COMMON RULE and THE HIPAA PRIVACY RULE Mark A. Rothstein, J.D. Herbert F. Boehl Chair of Law and Medicine Director, Institute.
Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.
Health Big Data Discussion Privacy and Security Workgroup Deven McGraw, Chair Stanley Crosley, Co-chair June 8, 2015.
HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair October 20,
HIPAA and Human Subjects Research IRB Member CE May 2014 Slideshow by Sean Horkheimer.
Case Studies: Puzzles in Human Research Kevin L. Nellis, M.S., M.T. (A.S.C.P.) Program Analyst, Program for Research Integrity Development and Education.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
1 Changes to Privacy Regulations under ARRA May 4, 2009 Melissa Goldstein, J.D. The George Washington University School of Public Health and Health Services.
Overview of ONC Report to Congress on Health Information Blocking Presented to the Health IT Policy Committee, Task Force on Clinical, Technical, Organizational,
HIT Policy Committee Meeting Nationwide Health Information Network Governance June 25, 2010 Mary Jo Deering, PhD ONC, Office of Policy and Planning NHIN.
Roundtable on Privacy in Transition: Is Privacy Policy Working in the Healthcare Sector?
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
HIPAA Privacy Rule Positive Changes Affecting Hospitals’ Implementation of the Rule.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
Office of the Secretary Office for Civil Rights (OCR) Enforcement and Policy Challenges in Health Information Privacy Linda Sanches HIPAA Summit Special.
COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,
Final HIPAA Privacy Rule: The Research Provisions Julie Kaneshiro DHHS Office for Human Research Protections Phone: Fax:
Christine Yalda, J.D., Ph.D. Chair, Human Research Review Committee Grand Valley State University.
The HIPAA Privacy Rule: Implications for Medical Research
HIPAA Administrative Simplification
Health Information Security and Privacy Collaborative (HISPC) Overview
Disability Services Agencies Briefing On HIPAA
The HIPAA Privacy Rule and Research
American Health Information Management Association
Healthcare Privacy: The Perspective of a Privacy Advocate
Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP
National Congress on Health Care Compliance
Enforcement and Policy Challenges in Health Information Privacy
Making Your IRBs and Clinical Investigators HIPAA-Ready
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
HIPAA Privacy and Security Update - 5 Years After Implementation
Presentation transcript:

NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University of Utah Co-Chair, NCVHS, Privacy, Confidentiality & Security Subcte.

Goals Outline important NCVHS initiatives with respect to privacy and confidentiality – NHIN and HIEs – Personal Health Records – Secondary Uses and Data Stewardship Reports Consider two current, complex issues of privacy and confidentiality – Syndromic surveillance – Secondary uses of health data in research

NCHVS Initiatives: NHIN and HIE Privacy and Confidentiality in the NHIN (June 2006 letter) Update to Privacy Laws and Regulations Needed to Accommodate NHIN Data Sharing (June 2007 letter) Individual Control of Sensitive Health Information Accessible via the NHIN for Purposes of Treatment (February 2008 letter)

Privacy and Confidentiality in the NHIN June 2006 letter: touchstone treatment of these issues, before its time but of its time 26 recommendations, including – flexibility for providers in how to maintain records – patient choice concerning participation in HIE – study of individual control of sensitive information – role-based access to records – Implementation of fair information practices principles

Privacy and Confidentiality in the NHIN Further recommendations – Transparency – Congruence between state and federal law Federal law needed to establish uniformity State law may vary, consistently with needs for interchange and fundamental privacy protections Harmonization between NHIN and HIPAA – Uniform and rigorous enforcement – Education and research

Update to Privacy Laws and Regulations June 2007 letter, with one powerful recommendation “HHS and the Congress should move expeditiously to establish laws and regulations that will ensure that all entities that create, compile, store, transmit, or use personally identifiable health information are covered by a federal privacy law. This is necessary to assure the public that the NHIN, and all of its components, are deserving of their trust.”

Protecting Sensitive Information February 2008 letter Recommendations: – NHIN design should permit sequestration of sensitive data types – Open and transparent process for identifying categories – Break the glass feature, with audit and ongoing privacy protections – Continuing study of categories, clinical decision support, segmentation technologies

Personal Health Records Personal Health Records and Personal Health Information Systems (2006 Report Recommendation) Protection of the Privacy and Security of Individual Health Information in Personal Health Records (2009 Letter)

PHR Recommendations Benefits of PHRs: record accessibility, record integration, patient self-management tools Need for security and privacy protections adequate to protect trust Importance for consumers of transparency and choice Need for interoperability and transferability of data Need for consumer education

Secondary Uses of Data Enhanced Protections for Secondary Uses: A Stewardship Framework (2007 Report); 2008 Stewardship Framework Necessary protections – Attention to HIPAA requirements – Importance of good stewardship practices – Different concerns raised by specific categories of uses Research Quality measurement, reporting, improvement Public health Commercialization

Data Stewardship Principles Accountability and chain of trust Transparency about uses Adherence to fair information practices Data quality and integrity Security and audit capabilities For uses outside of HIPAA protection, required consumer authorization, especially when data are used commercially

Data Stewardship: specific identified concerns in 2007 Report Need for clarification of permissible uses for health care operations Need for clarification of business associate responsibilities and chain of trust Need for transparency about data uses for public health purposes Need for consistency in principles governing the use of data for research Need for an overarching set of federal privacy protections Importance of enforcement of anti-discrimination laws

Major Achievements of these Letters Extension by Congress of HIPAA protections to business associates Further definition of health care operations and limitations on data used for these purposes Ongoing study of segmentation technologies for HIE – ONC Policy Committee (today!) – NCVHS forthcoming letter defining sensitive information categories Congressionally mandated study of extension of privacy protections to non-HIPAA covered entities Enhanced enforcement by OCR Efforts to develop transparent consent processes for consumers Announced study of governance by ONC

Syndromic Surveillance Identification of a pattern of occurrences of potential public health significance Critical to early identification of potentially pandemic infectious disease and to bioterrorism surveillance Capacity may be required for compliance with the World Health Regulations (in force 2007) Requires large data sets, possibility of using de-identified data Little possibility for consent in advance, as the significance of data are only recognized after the pattern is identified Consumer risks: stigmatization, “witch” hunts, discrimination against members of groups identified with disease

Use of Data in Research With patient registries, biobanks, it may be difficult to identify in advance likely research strategies De-identified data may be inadequate for research purposes HIPAA/Common Rule disconnect and recommendations to address this July NPRM proposals – Allow compound authorization for cases in which research-related treatment is contingent on use of data but research-related treatment is not contingent on participation in data or tissue bank – Seeks comment on whether requirement that authorization state specific purpose is impeding research

HIPAA/Common Rule Disconnect HIPAA does not permit compound authorizations where research- related treatment is conditioned on participation in the research but not on allowing tissue to be banked HIPAA authorization requires a specification of “each purpose” of the requested use or disclosure of PHI Common Rule permits an IRB to waive consent requirement or alter consent element if it finds and documents that: (1) Research involves no more than minimal risk; (2) Rights and welfare of subjects will not be adversely affected; (3) Research could not be practicably be carried out without waiver or alteration; and (4) When appropriate, the subjects will be provided pertinent information after participation.

Surveillance and Research: Common Ethical Concerns Difficulty of obtaining meaningful informed consent Need for public discussion, education, and oversight Importance of transparency about data uses to foster trust, avoid surprise Need for meaningful anti-discrimination legislation and enforcement Special attention to risks of group harms (e.g. Havasupai case)

More work for NCVHS! And we look forward to doing it....

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.