1 HIT Policy Committee HIT Standards Committee Privacy and Security Workgroup: Status Report Dixie Baker, SAIC July 16, 2009.

Slides:



Advertisements
Similar presentations
1 HIT Standards Committee Privacy and Security Workgroup: Reformatted Standards Recommendations & Implementation Guidance Dixie Baker, SAIC Steven Findlay,
Advertisements

NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Privacy, Security, Confidentiality, and Legal Issues
EHR Privacy & Security. Missouri’s Federally-designated Regional Extension Center  University of Missouri:  Department of Health Management and Informatics.
Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.
1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.
HITSP – enabling healthcare interoperability 1 enabling healthcare interoperability 1 Standards Harmonization HITSP’s efforts to address HIT-related provisions.
1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union July 21, 2009.
HITSP – enabling healthcare interoperability 1 enabling healthcare interoperability 1 Standards Harmonization HITSP’s efforts to address HIT-related provisions.
User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.
August 12, Meaningful Use *** UDOH Informatics Brown Bag Robert T Rolfs, MD, MPH.
Navigating Privacy and Security Issues for HIE: A Consumer Perspective Deven McGraw Chief Operating Officer National Partnership for Women & Families
Lecture 14 Policy, Legal, and Regulatory Issues in HIS (Chapters 18,19,20)
Electronic Health Records: A Teaching Tool Nancy Meehan, PhD, RN Roy Pargas, PhD Loren Klingman & Mandy Zint Teaching with Technology Symposium December.
HCCA HIPAA Readiness Survey Results Jody Noon Principal Deloitte & Touche Portland, OR November, 2002 John Steiner Esq. Chief Compliance Officer Cleveland.
HIT Standards Committee Privacy and Security Workgroup: Update Dixie Baker Dixie Baker, SAIC Steve Findlay Steve Findlay, Consumers Union December 18,
Health Information Technology Nationwide Activities and Issues Roy H. Wyman, Jr. May 7, 2009.
HIPAA COMPLIANCE WITH DELL
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Privacy and Security Tiger Team Recommendations Adopted by The Health IT Policy Committee Relevant to Consumer Empowerment May 24, 2013.
Privacy and Security Tiger Team Today’s Discussion: MU3 RFC Comments May 8, 2013.
HIT Standards Committee Privacy and Security Workgroup Recommendations on Certification of EHR Modules Dixie Baker, Chair Walter Suarez, Co-Chair December.
Update on Federal HIT Legislation Kirsten Beronio Mental Health America.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
Nationwide Health Information Network: Conditions for Trusted Exchange Request For Information (RFI) Steven Posnack, MHS, MS, CISSP Director, Federal Policy.
HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.
HIT Policy Committee Information Exchange Workgroup NwHIN Conditions for Trusted Exchange Request For Information (RFI) May 15,
HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair, Privacy and Security Workgroup Walter Suarez, Co-Chair, Privacy and Security.
Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Eliza de Guzman HTM 520 Health Information Exchange.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.
THE TENTH NATIONAL HIPPA SUMMIT ELECTRONIC HEALTH RECORDS NATIONAL HEALTH INFORMATION INFRASTRUCTURE LEGAL ISSUES APRIL 7, 2005 Paul T. Smith, Esq. Partner,
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
HIT Policy Committee Report from HIT Standards Committee Privacy and Security Workgroup Dixie Baker, SAIC December 15, 2009.
Working with HIT Systems
Component 11/Unit 2a Meaningful Use of the Electronic Health Record (EHR)
Component 8/Unit 6aHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 6a System Security Procedures.
Federal Advisory Committees Introducing Future Topics and Adding Workgroups Discussion Document October 2009 ** Pre-decisional Draft Do not Disclose **
Privacy, Security and Data Exchange Committee Annual Report 2009 PHDSC Home Page  PHDSC Annual Meeting November 12, 2009.
Health Information Technology EHR Meaningful Use Milestones for HIT Funding Michele Madison
HITECH and HIPAA Presented by Rhonda Anderson, RHIA Anderson Health Information Systems, Inc
HIT Standards Committee Overview and Progress Report March 17, 2010.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
1 Changes to Privacy Regulations under ARRA May 4, 2009 Melissa Goldstein, J.D. The George Washington University School of Public Health and Health Services.
Moving the National Health Information Technology Agenda Forward The Fourth Health Information Technology Summit March 28, 2007 Robert M. Kolodner, MD.
Privacy and Security Tiger Team Potential Questions for Request for Comment Meaningful Use Stage 3 October 3, 2012.
1 HIT Standards Committee Hearing on Health Information Technology Security Issues, Challenges, Threats, and Solutions - Introduction Dixie Baker, SAIC.
HIT Standards Committee Privacy and Security Workgroup Task Update: Standards and Certification Criteria for Certifying EHR Modules Dixie Baker, Chair.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
Office of the National Coordinator for Health Information Technology ONC Update for HITSP Board U.S. Department of Health and Human Services John W. Loonsk,
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
Kentucky e-Health Network Board Meeting August 5, 2009.
History of Health Information Technology in the U.S. The HITECH Act Lecture b – Meaningful Use, Health Information Exchange and Research This material.
Health Information Security and Privacy Collaborative (HISPC) Overview
Standards and the National HIT Agenda John W. Loonsk, MD
Final HIPAA Security Rule
American Health Information Management Association
HIPAA Security Standards Final Rule
Drew Hunt Network Security Analyst Valley Medical Center
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Presentation transcript:

1 HIT Policy Committee HIT Standards Committee Privacy and Security Workgroup: Status Report Dixie Baker, SAIC July 16, 2009

2 EHR Adoption Reimbursement Requirements In order to get reimbursed for adopting EHR, an eligible provider must meet two requirements: 1.Acquire a certified EHR product or service 2.Demonstrate that he/she is using that product/service “meaningfully” The Standards Committee needs to recommend both: 1.Criteria for certifying products 2.Criteria for demonstrating that an applicant is using that product meaningfully

3 EHR Adoption Reimbursement Requirements For privacy and security, certification that a defined function or service has been implemented in a product is not sufficient to demonstrate “meaningful use” (or even “use”) of that function or service The Privacy and Security Working Group has adopted an approach that addresses both the certification of products and the demonstration that a user is using the certified product “meaningfully”

4 “ARRA 8” Mapping Approach Referenced Standards Referenced Standards Referenced Standards ARRA Priority Areas of Focus 1… 2… 3… … 8 … Privacy & Security Services 1… 2… 3… … CCHIT Certification Criteria CCHIT Certification Criteria HITSP Constructs Mapping Gaps Adoption Readiness Product Certification P&S Services Cert Criteria Standards Meets? 1… 2… 3… … …

5 “ARRA 8” Mapping Approach … … Meets? Required to Use? … Referenced Standards Referenced Standards Referenced Standards ARRA Priority Areas of Focus 1… 2… 3… … 8 … Privacy & Security Services 1… 2… 3… … CCHIT Certification Criteria CCHIT Certification Criteria HITSP Constructs Mapping P&S Services Cert Criteria Standards Meets? 1… 2… 3… … … Product Certification Gaps Adoption Readiness Required Services are Configured Secure IT Infrastructure Secure Operations Current Risk Assessment Current Contingency Plan Other TBD “Meaningful Use” Demonstration

6 “ARRA 8” Derived Product Requirements (DRAFT) ARRA Priority Areas of FocusDerived Privacy & Security Services 1. Technologies that protect the privacy of health information and promote security in a qualified electronic health record, including for the segmentation and protection from disclosure of specific and sensitive individually identifiable health information Identity management User/entity authentication Access control (identity- and/or role-based for 2011; sensitivity-label based for 2015) Consent management (2015?) Encryption for transmission 2. NHIN[Request meeting with Policy Committee’s HIE Workgroup] 3. EHR Certification(all) 4. Technologies that as a part of a qualified electronic health record allow for an accounting of disclosures made by a covered entity Auditing Consistent time Inter-enterprise traceability (2013 or later) Non-repudiation

7 “ARRA 8” Derived Product Requirements (DRAFT) ARRA Priority Areas of FocusDerived Privacy & Security Services 5. The use of certified electronic health records to improve the quality of health care Document integrity protection Transmission integrity protection Non-repudiation Service reliability 6. Technologies that allow individually identifiable health information to be rendered unusable, unreadable, or indecipherable to unauthorized individuals Encryption Anonymization Pseudonymization Limited data set 7. Demographic DataN/A 8. Special populationsN/A

8 Concerns re Draft “Meaningful Use” Goals, Objectives, & Measures (provided to Policy Committee) Focused exclusively on privacy and confidentiality – need to include security protections essential for safe, quality care –Data integrity protection –Availability of required services and information Question “HIPAA compliance” as objective and measure for “meaningful use” – when in fact it is required by law –Excluding entities “under investigation” for HIPAA violations presumes guilt Need to address public health Need to accommodate small practices as well as large hospitals and integrated delivery networks

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.