Health Information Security & Privacy February 9, 2014 ONC Policy HIT Policy Committee Privacy and Security Workgroup Denise Anthony Sociology and ISTS.

Slides:

Advertisements

Similar presentations

Privacy: Who Owns What and Who Gets Access? Allen Fremont, M.D., Ph.D. RAND Corporation Annual Meeting of AcademyHealth Sunday, June, 25 th 2006 Seattle,

Advertisements

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

NAU HIPAA Awareness Training

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

Informed Consent.

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Confidentiality, Ethics, Privacy, and Access REPORT FROM CONFIDENTIALITY, ETHICS, PRIVACY AND ACCESS Group B.

2 The Use of Health Information Technology in Physician Practices.

Privacy and Security Workgroup: Big Data Public Hearing December 8, 2014 Deven McGraw, chair Stan Crosley, co-chair.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

Contemporary Issues in Canadian Health Care Nola M. Ries, MPA, LLM Adjunct Assistant Professor, University of Victoria Research Associate, Health Law Institute,

Navigating Privacy and Security Issues for HIE: A Consumer Perspective Deven McGraw Chief Operating Officer National Partnership for Women & Families

© 2009 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Career Education Computers in the Medical Office Chapter 2: Information Technology.

Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,

Protected Health Information (PHI). Privileged Communication An exchange of information between two individuals in a confidential relationship. (Examples:

The Use of Health Information Technology in Physician Practices

Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.

HIPAA EFFECTS OF HEALTH CARE LEGISLATION. Evaluation of the influences of HIPAA  How it affected health care system  How it works as a law  Changes.

2012 Audits of Covered Entity Compliance with HIPAA Privacy, Security and Breach Notification Rules Initial Analysis February 2013.

Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web 1 Component 4/Unit 2Health IT Workforce Curriculum.

Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.

Making IT Meaningful Christine Bechtel Vice President National Partnership for Women & Families Making IT Meaningful: How Consumers Value and Trust Health.

Utilizing the CMS Security Risk Assessment Tool Liz Hansen, PCMH CEC, ICD-10 PMC Special Consultant, GA-HITEC Member Manager, GaHIN

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

HIT Policy Committee Privacy & Security Workgroup Update Deven McGraw Center for Democracy & Technology Rachel Block Office of Health Information Technology.

Securing Patient-Related Data: The Impact of HIPAA Module VI NUR 603 Russ McGuire.

Health Insurance Portability and Accountability Act (HIPAA) CCAC.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.

June 24, 2003 Health Communications Progress Review Focus Area 11.

10/29/2000 Internet2 Health Sciences Security Working Group Planning Jere Retzer,

Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

HIPAA A Sea of Confusion, A Wave of the future and A High Tide of Confidentiality.

Creating an Interoperable Learning Health System for a Healthy Nation Jon White, M.D. Acting Deputy National Coordinator Office of the National Coordinator.

HIT Policy Committee Meeting Nationwide Health Information Network Governance June 25, 2010 Mary Jo Deering, PhD ONC, Office of Policy and Planning NHIN.

PHDSC Privacy, Security, and Data Sharing Committee Letter to Governors.

HIPAA HEALTH INSURANCE PORTABILITY ACOUNTABILITY ACT.

HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.

CH 10. Confidentiality A. Confidentiality about sensitive medical information is necessary to preserve the patient’s dignity. B. In order to receive payment.

Human Subjects Update E. Wethington, Chair, UCHS.

Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.

Office of the Secretary Office for Civil Rights (OCR) Enforcement and Policy Challenges in Health Information Privacy Linda Sanches HIPAA Summit Special.

Principles of medical ethics Lecture (4) Dr. HANA OMER.

WHAT GUARDIANSHIP ATTORNEYS SHOULD KNOW BY RACHEL ANNE BROOKS MARCH 15, 2016 Health Care Privacy.

The Medical College of Georgia HIPAA Privacy Rule Orientation.

The real reason why physicians must comply with HIPAA. What the government does not tell you? © CureMD Healthcare.

Health Insurance Portability and Accountability Act (HIPAA) © 2013 Project Lead The Way, Inc.Principles of Biomedical Science.

New Hire HIPAA Orientation. HIPAA Overview HIPAA is an acronym that stands for the Health Insurance Portability and Accountability Act of HIPAA.

Slide No. Topic 3 Introduction 4 Definition 5-8 Process and Procedures 9-10 Benefits 11 Suitability and Safety Technology to be Used I C T.

Health Insurance Portability and Accountability Act

What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.

Information networks: Is the public ready?

Health Insurance Portability and Accountability Act

Healthcare Privacy: The Perspective of a Privacy Advocate

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

Objectives Describe the purposes of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 Explore how the HITECH Act.

Presentation transcript:

Health Information Security & Privacy February 9, 2014 ONC Policy HIT Policy Committee Privacy and Security Workgroup Denise Anthony Sociology and ISTS Dartmouth College

Acknowledgements Some of the work reported here was supported by NSF grant (CNS ) on Trustworthy Information Systems in Healthcare (TISH), and the SHARPS project, under award HHS 90TR0003/01 from U.S. Department of Health & Human Services. The statements, findings, conclusions, and recommendations are those of the author and do not necessarily reflect the views of the National Science Foundation, or U.S. Department of Health & Human Services. Thanks to many colleagues who are collaborators on some of the work described here: Ajit Appari, Celeste Campos-Castillo, Carl Gunter, Eric Johnson, David Kotz, Sean Smith, Timothy Stablein.

EHRs and Privacy, Trust, & Transparency  Many patients value EHRs for themselves and their providers  Positive correlation between EHR use and patient perceptions of quality of care  BUT controlling for quality, patients more likely to withhold information because of concerns about privacy with providers who use an EHR (Campos-Castillo & Anthony 2014)  Particular groups (e.g., those at risk of health-related or other social stigma)  have less trust in physician confidentiality generally  express concerns about disclosure of PHI when EHRs in use (though also see benefits of EHRs) (Teixeira et al 2011; Stablein & Anthony 2012)  willing to disclose when have trusting relationship with a provider Dartmouth

 Implications:  EHRs increase patient concerns about information flows (who has access to what; why access), particularly among some groups (e.g., those at risk of stigma)  Doctors and other health care providers can facilitate communication and trust by acknowledging patient privacy concerns and discussing commitment to confidentiality* as part of doctor/provider-patient relationship  Recommendation:  Promote transparency about information flows and commitment to confidentiality through provider communication – more than simply Notice of Privacy Practices EHRs and Privacy, Trust, & Transparency * confidentiality: expectation that personal information is protected and used appropriately; a set of rules that governs access to and use of information. Dartmouth

 2014 national random probability sample of continental US residential population of adults, n=784 Sample CharacteristicsWeighted Mean or Percentage %Female51.1 %Race/ethnicity White82.9 Black7.7 Hispanic5.6 Other4.2 %U.S. Immigrant9.1 Mean household income (dollars)85,304 %Education High school or less14.9 Some college28.2 College35.9 Graduate21.0 % Employed67.8 Mean age48.3 % Private Health insurance79.4 %Made health care visit past year87.1 %Has regular provider77.5 %Provider uses EHR60.2 Dartmouth What are consumer expectations about disclosure of PHI?

What do consumers think about EHRs? Agree Strongly Agree TOTAL Agree It is important for my doctor to have an electronic record of me. 37%22%59% Doctors and other health care providers should be able to share my medical info electronically. 32%22%54% It is important for me to be able to get my medical information electronically. 37%35%72% Dartmouth

What do consumers expect about transparency of PHI disclosure? Agree Strongly Agree TOTAL Agree It is important for me to find out who has looked at my medical records. 44%22%66% I should be able to find out who my doctor discloses my medical information to. 42%49%91% Dartmouth

Very Confident Somewhat Confident Not Confident I have some say in who is allowed to collect, use, and share my medical information. 33%49%18% I have some say in whether my medical information is shared with anyone other than my doctor/provider. 36%45%19% Safeguards (including the use of technology) are in place to protect my medical records from being seen by people who aren’t authorized to see them 31%52%17% How confident are consumers in control over and protection of their PHI? Dartmouth

 Implications:  Patients expect that they can find out who looks at their medical records, and to whom their doctor discloses their PHI  At least some patients feel confident that they have some say over disclosure of their PHI, and that safeguards are in place to protect PHI from unauthorized access  Recommendation:  Promote transparency about information flows by facilitating patients’ right to receive an accounting of disclosures  Provide information/tools for how to do so  Follow basic FIPPs and Security & Privacy “by design” principles to build on foundation of patient expectations and promote trust in system through increased transparency Patient expectations about disclosure of PHI Dartmouth

Note: HIPAA = Health Insurance Portability and Accountability Act. * Non-federal, acute care hospitals with 50 or more beds. † For-profit hospitals are significantly more likely than Non-Profit hospitals to be in compliance with the mandatory HIPAA Privacy Rule. ‡ For-profit hospitals are significantly less likely than Non-Profit hospitals to be in compliance with the voluntary (in 2003) HIPAA Security Rule. WHY DO HOSPITALS COMPLY WITH HIPAA REGULATIONS AND WHAT DOES IT MEAN FOR US HEALTH CARE? DOI: / Hospitals comply with HIPAA regulations: At different rates In different ways For different reasons Denise L. Anthony, Ajit Appari, M. Eric Johnson Journal of Health & Social Behavior.

 Implications:  Despite ongoing regulatory efforts and incentives, IT systems and resources vary significantly across hospitals and other health care providers  Providers implement and follow regulations in different ways, so patients experience IT and information flows differently across providers  Recommendation:  FIPPs, and Security & Privacy “by design” principles provide common baseline despite variation in applications, systems, devices, as well as provider structures and practices Health IT, security and regulation Dartmouth

Thoughts on “big” data and mobile data  Delivery of health care (versus medical research) unlikely to require sharing of “big” data  Major advances possible from research using “big” data, and combining multiple types of data, but unlikely need to be in real time  Delivery of health care may soon require (or at least benefit from) sharing mobile health data  Consumers will continue to demand access to medical records, and ability to combine medical records with personal health data  Access to and use of mobile health devices and data varies across population  Essential to require FIPPs principles in mobile apps/devices Dartmouth