Building Tools for Trust for Nationwide Health Information Exchange Copyright 2009. All Rights Reserved. 1.

Slides:



Advertisements
Similar presentations
National HIT Agenda and HIE John W. Loonsk, M.D. Director of Interoperability and Standards Office of the National Coordinator Department of Health.
Advertisements

Health Information Technology and Privacy: Is There a Path to Consensus? February 29, 2008 Jodi. G. Daniel, J.D., M.P.H. Director, Office of Policy and.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Texas Approach to Supporting Statewide Health Information Exchange January 2013.
NHIN Specifications Richard Kernan, NHIN Specification Lead (Contractor), Office of the National Coordinator for Health IT Karen Witting, Contractor to.
© Copyright 2011, Alembic Foundation. All Rights Reserved. Open Architectures for Health Open Source Conference February 11, 2011
A Primer on Healthcare Information Exchange John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.
Connecting Health and Care for the Nation: A Shared Nationwide Interoperability Roadmap – DRAFT Version 1.0 Joint FACA Meeting Chartese February 10, 2015.
Data Use and Reciprocal Support Agreement (DURSA) Briefing
Understanding and Leveraging MU2 Optional Transports Paul M. Tuten, PhD Senior Consultant, ONC Leader, Implementation Geographies Workgroup, Direct Project.
Minnesota Law and Health Information Exchange Oversight Activities James I. Golden, PhD State Government Health IT Coordinator Director, Health Policy.
Security and Privacy Requirements to Support the Exchange of Health Information June 30, 2009 Copyright All Rights Reserved.
ONC HIT Policy Committee Interoperability and HIE Workgroup Panel 3: State/Federal Perspectives August 22, 2014 Jennifer Fritz, MPH Deputy Director Office.
April 2, 2013 Longitudinal Data system Governance: Status Report Alan Phillips Deputy Director, Fiscal Affairs, Budgeting and IT Illinois Board of Higher.
Tackling the Policy Challenges of Health Information Exchange Carol Diamond, MD, MPH Managing Director, Markle Foundation.
OSIAM4HE Proposed org structure Authored by the strategy and organization team.
New York Health Information Security and Privacy Collaboration (NY HISPC) AHRQ Annual Meeting September 27, 2007 Ellen Flink Project Director NYS DOH.
Achieving Interoperability Doug Fridsma, MD, PhD, FACMI Director, Office of Standards & Interoperability, ONC 1.
RESTATEMENT I OF THE DATA USE AND RECIPROCAL SUPPORT AGREEMENT (DURSA) Nationwide Health Information Network Exchange May 19, 2011.
Health Information Technology Nationwide Activities and Issues Roy H. Wyman, Jr. May 7, 2009.
1 Get Ready to RHIO Health Information Exchanges and Emergency Preparedness Jeff Odell, Senior Vice President MedVirginia x227
HIT Policy Committee Nationwide Health Information Network Governance Workgroup Recommendations Accepted by the HITPC on 12/13/10 Nationwide Health Information.
Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.
Update on Federal HIT Legislation Kirsten Beronio Mental Health America.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
Nationwide Health Information Network: Conditions for Trusted Exchange Request For Information (RFI) Steven Posnack, MHS, MS, CISSP Director, Federal Policy.
1 Collaboration and Concept Exploration Nationwide Health Information Organization (NHIO) Gateway March 28, 2007.
TUESDAY, 4:00 – 4:20PM WEDNESDAY, 4:00 – 4:20PM Douglas Hill, NHIN Implementation Lead (Contractor), Office of the National Coordinator for Health IT Vanessa.
HIT Policy Committee Information Exchange Workgroup NwHIN Conditions for Trusted Exchange Request For Information (RFI) May 15,
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
ONCHIT – 3 NHIN Prototype and other Initiatives for Kentucky Kentucky e-Health Network Claudine Beron February 21, 2006.
State HIE Program Chris Muir Program Manager for Western/Mid-western States.
HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.
HIT Policy Committee Privacy & Security Tiger Team Update Deven McGraw, Co-Chair Center for Democracy & Technology Paul Egerman, Co-Chair June 25, 2010.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Privacy and Security Tiger Team Today’s Discussion: Query/Response Scenarios for Health Information Exchange February 21, 2013.
HIT Policy Committee Privacy & Security Workgroup Update Deven McGraw Center for Democracy & Technology Rachel Block Office of Health Information Technology.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
HIT Policy Committee Information Exchange Workgroup NwHIN Conditions for Trusted Exchange Request For Information (RFI) May 18,
Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.
Identity Proofing, Signatures, & Encryption in Direct esMD Author of Record Workgroup John Hall Coordinator, Direct Project June 13, 2012.
Health Delivery Services May 29, Eastern Massachusetts Healthcare Initiative Policy Work Group Session 2 May 29, 2009.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
Ensuring Conformance & Interoperability NHIN Testing Leslie Power, NHIN Testing Lead (Contractor) Office of the National Coordinator for Health IT WEDNESDAY,
Mariann Yeager, NHIN Policy and Governance Lead (Contractor) Office of the National Coordinator for Health IT David Riley, CONNECT Lead (Contractor) Federal.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
Health Management Information Systems Unit 3 Electronic Health Records Component 6/Unit31 Health IT Workforce Curriculum Version 1.0/Fall 2010.
1 Changes to Privacy Regulations under ARRA May 4, 2009 Melissa Goldstein, J.D. The George Washington University School of Public Health and Health Services.
Moving the National Health Information Technology Agenda Forward The Fourth Health Information Technology Summit March 28, 2007 Robert M. Kolodner, MD.
HIT Policy Committee Meeting Nationwide Health Information Network Governance June 25, 2010 Mary Jo Deering, PhD ONC, Office of Policy and Planning NHIN.
Connecting for Health Common Framework: the Model Contract for Health Information Exchange Gerry Hinkley com July 18, 2006 Davis Wright.
Office of the Secretary Office for Civil Rights (OCR) Enforcement and Policy Challenges in Health Information Privacy Linda Sanches HIPAA Summit Special.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.
Pennsylvania Health Information Exchange NJHIMSS - DVHIMSS Enabling Healthcare Transformation Through Information Technology September, 2010.
0 Healthcare Information Technology Standards Panel January 24, 2008 HITSP – NHIN Liaison Update.
Refuah Community Health Collaborative (RCHC) PPS
Disability Services Agencies Briefing On HIPAA
Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP
Enforcement and Policy Challenges in Health Information Privacy
HIPAA Policy & Procedure Strategies
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
Presentation transcript:

Building Tools for Trust for Nationwide Health Information Exchange Copyright All Rights Reserved. 1

OFFICE OF THE National Coordinator PANEL Ashley Corbin, CMS Steve Gravely, Troutman Sanders Stephania Putt, VA Mariann Yeager, ONC Copyright All Rights Reserved. 2

Discussion Topics Trust Considerations Case Study: Nationwide Health Information Network Trust Perspectives Copyright All Rights Reserved. 3

Building Tools for Trust for Nationwide Health Information Exchange Trust Considerations Copyright All Rights Reserved. 4

Tools for Trust Needed to Support Nationwide Health Information Exchange Built upon a foundation of policies Implemented in legal agreements Architected to support trust technically Validated and tested Controlled access among trusted participants Accountability through oversight Copyright All Rights Reserved. 5

Considerations for Trust 6 Copyright All Rights Reserved. Recognize diverse range of organizational structures Establish common agreement on essential policies Balance complex web of various federal, state and local laws and regulations Define rules of engagement for exchanging information on wide-scale basis Determine accountability measures and roles and responsibilities –Breaches –Disputes –Oversight Identify approaches that work in current environment with flexibility to adapt

Building Tools for Trust for Nationwide Health Information Exchange Case Study: Nationwide Health Information Network (NHIN) Copyright All Rights Reserved. 7

What is the NHIN A set of protocols and standards that run on existing internet infrastructure and provides the capability to connect diverse entities needing to exchange health information. Participants are entities that facilitate information exchange with a broad set of users, systems, geography or community Enables valid, trusted entities to participate Membership required: Tested for conformance and interoperability Signed trust agreement that allocates responsibilities and accountability to protect information exchanged Digital credentials issued to permit only approved “participants” to exchange data with other members Copyright All Rights Reserved. 8

Federal Entity Health Community Regional Health Exchange PHR Pharmacy Network Integrated Delivery Network NHIN Network Gateway NHIN Architecture Participants support a gateway that conforms to NHIN requirements and enables its connected users/systems/networks/communities to exchange information among other NHIN participants. Participants are registered in a “directory” so other members of the NHIN know the types of messages supported and where to direct requests Copyright All Rights Reserved. 9

NHIN Cooperative Participants Private HIEsState-Level HIEs Provider Organizations / IDNs Federal Entities CareSpark Delaware Health Information Network Cleveland ClinicCDC Community Health Information Collaborative New York eHealth CollaborativeKaiserCMS HealthLINC (Bloomington) North Carolina Health Care Information and Communications Alliance (NCHICA) DoD HealthBridge IHS Indiana (Regenstrief Institute) West Virginia Health Information Network (WVHIN) NCI Long Beach Network for Health NDMS Lovelace Clinic Foundation (LCF) SAMHSA MedVirginia SSA Wright State University VA Copyright All Rights Reserved. 10

Limited Production Controlled rollout of production exchange of identifiable health information Initial NHIN production participants Others joining … 11 Copyright All Rights Reserved.

What Does the NHIN Enable? More efficient and timely availability of health records for Social Security disability benefits determination Began Q Biosurveillance reporting between state departments of health and CDC Q Exchange of summary patient records for continuity of care Q Other functionality will be prioritized by NHIN interim governance process Copyright All Rights Reserved. 12

NHIN Trust Fabric Built upon a foundation of policies Implemented in legal agreement, called Data Use and Reciprocal Support Agreement (DURSA) Architected to support trust technically Validated and tested as a condition of membership Controlled access among trusted participants Accountability through interim governance mechanisms 13 Copyright All Rights Reserved.

Initial Set of NHIN Tools for Trust Articulated expectations for privacy and security –White paper –Operating policies and procedures –Participant security obligations Data Use and Reciprocal Support Agreement (DURSA) Technical services and Data Content - Specification Factory Management of digital certificates and service registry Validation and testing –Testing Team – develop testing artifacts –NIST – develop and support testing infrastructure Interim Governance Process –Addressed through NHIN Technical Board, Coordinating Committee and Communications groups –ONC as the convener and facilitator Copyright All Rights Reserved. 14

Building Tools for Trust for Nationwide Health Information Exchange NHIN Trust Agreement Copyright All Rights Reserved. 15

Data Use and Reciprocal Support Agreement (DURSA) Developed as part of ongoing NHIN activities –Test Data DURSA – September 2008 –Initial Draft Production DURSA – December 2008 –Draft Production DURSA – limited production – June 2009 Large, multi-stakeholder team assembled –Contracts –Grants –Federal Participants Copyright All Rights Reserved. 16

DURSA Team Representation Agreement developed by NHIN DURSA Team Consensus process with legal, privacy, security and program representatives from diverse group: Private entities State entities Federal entities Federal participants actively engaged in development Coordinated with and obtained input from: –NHIN Technical Teams (specifications and architecture) –ONC Office of Policy and Research –HHS, Office of the General Counsel –HHS, Office for Civil Rights 17 Copyright All Rights Reserved.

DURSA Multiparty agreement Assumes participants in production Establishes authority for interim governance –NHIN Coordinating Committee –NHIN Technical Board Establishes accountability –Participant breach notification –Mandatory non-binding dispute resolution –Allocation of liability risk Copyright All Rights Reserved. 18

NHIN DURSA Status Test Data DURSA Applies to “test data” (not PHI) for Trial Implementations Executed by all participants in Trial Implementations in September 2008 Production DURSA Applies to exchange of PHI in limited production Undergoing Federal clearance Comments due mid-July 2009 Revised executable DURSA - September nd round of Federal clearance (if needed) - October / November 2009 Copyright All Rights Reserved. 19

Building Tools for Trust for Nationwide Health Information Exchange Panel Discussion: NHIN Trust Perspectives Copyright All Rights Reserved. 20

Applicable Law The DURSA reaffirms each Participant’s obligation to comply with “Applicable Law.” As defined in the DURSA, “Applicable Law” is the law of the jurisdiction in which the Participant operates. –For non-Federal Participants, this means the law in the state(s) in which the Participant operates and any applicable Federal law. –For Federal Participants, this means applicable Federal law. 21 Copyright All Rights Reserved.

Privacy and Security Obligations To the extent that each Participant has existing privacy and security obligations under applicable law (e.g. HIPAA or other state or federal privacy and security statutes and regulations), the Participant is required to continue complying with these obligations. Participants, which are neither HIPAA covered entities, HIPAA business associates nor governmental agencies, are obligated to comply with specified HIPAA Privacy and Security provisions as a contractual standard of performance. Copyright All Rights Reserved. 22

Requests for Data Based on Permitted Purposes Participant’s end users may only request data through the NHIN for “Permitted Purposes,” which include treatment, payment, limited health care operations with respect to the patient that is the subject of the data request, specific public health activities, quality reporting for “meaningful use” and disclosures based on an authorization from the individual. Copyright All Rights Reserved. 23

Duty to Respond Participants that allow their respective end users to seek data for treatment purposes have a duty to respond to requests for data for treatment purposes. This duty to respond means that if actual data is not sent in response, the Participant will at a minimum send a standardized response to the requesting Participant. Participants are permitted, but not required, to respond to all other (non- treatment) requests. The DURSA does not require a Participant to disclose data when such a disclosure would conflict with Applicable Law. Copyright All Rights Reserved. 24

Future Use of Data Received Through the NHIN Once the Participant or Participant’s end user receives data from a responding Participant (i.e. a copy of the responding Participant’s records), the recipient may incorporate that data into its records and retain that information in accordance with the recipient’s record retention policies and procedures. The recipient can re-use and re-disclose that data in accordance with all applicable law and the agreements between a Participant and its end users. Copyright All Rights Reserved. 25

NHIN Participant Obligations Each Participant can apply its own local access policies before requesting data from other Participants or releasing data to other Participants. Responding Participants are responsible meeting all legal requirements before disclosing the data as required by their applicable law, including obtaining an individual’s consent or authorization for treatment purposes. HIPAA Privacy and Security Rules are minimum requirements. When a request is based on a purpose for which authorization is required under HIPAA (e.g. for SSA benefits determination), the requesting Participant must send a copy of the authorization with the request for data. Copyright All Rights Reserved. 26

Copyright All Rights Reserved. 27 CONNECT Seminar Presentations are Available for Download Online at For more information:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.