Averting the Collision: Privacy Doctrine & Health Information Exchange Katherine L. Ball, MD, MSc William A. Yasnoff, MD, PhD, FACMI e-Health Initiative.

Slides:

Advertisements

Similar presentations

National HIT Agenda and HIE John W. Loonsk, M.D. Director of Interoperability and Standards Office of the National Coordinator Department of Health.

Advertisements

Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.

1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.

Information Sharing and Cross-System Collaboration John Petrila, J.D., LL.M. Professor, University of South Florida

Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.

Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.

Rationale for Independent Health Record Banks William A. Yasnoff, MD, PhD, FACMI Managing Partner, NHII Advisors William A. Yasnoff, MD, PhD, FACMI Managing.

Health Record Banks Enable Secondary Data Use with Privacy Protection William A. Yasnoff, MD, PhD, FACMI CEO, Health Record Banking Alliance William A.

Health Record Banks: A Financially Sustainable Model for Health Information Exchange William A. Yasnoff, MD, PhD, FACMI Managing Partner, NHII Advisors.

Edward H. Shortliffe, MD, PhD Chairman, Advisory Board Health Record Banking Alliance (HRBA) Panel on Privacy - III Defragmenting.

2 HIPAA, HITECH, and Medical Records. Learning Outcomes When you finish this chapter, you will be able to: 2.1Discuss the importance of medical records.

A New Patient-centric and Sustainable Path to Achieving Health Information Infrastructure William A. Yasnoff, MD, PhD, FACMI Managing Partner, NHII Advisors.

2 H. Westley Clark, M.D., J.D., M.P.H., CAS, FASAM Director Center for Substance Abuse Treatment Substance Abuse Mental Health Services Administration.

Minnesota Law and Health Information Exchange Oversight Activities James I. Golden, PhD State Government Health IT Coordinator Director, Health Policy.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University

Health Information Technology: Where are the Opportunities? William A. Yasnoff, MD, PhD, FACMI Managing Partner, NHII Advisors Healthcare in 2009 New York,

How to Develop a Sustainable Community Health Information Infrastructure William A. Yasnoff, MD, PhD, FACMI Managing Partner, NHII Advisors Founder and.

Introduction to Health Record Banks William A. Yasnoff, MD, PhD, FACMIHarvard University. Cambridge, MA. October 15, 2012.

Sharing Low-Income Customer Information Water & Energy Utilities LIOB Meeting - January 2009 Seaneen M Wilson Division of Water & Audits.

The Use of Health Information Technology in Physician Practices

HIPAA Revisions! Section 1104 THE PATIENT PROTECTION AND AFFORDABLE CARE ACT February 17, Nachimson Advisors, LLC.

A Paradigm Shift for Sharing Health Information: the Health and Prevention Promotion Initiative (HAPPI) William A. Yasnoff, MD, PhD, FACMI Managing Partner,

Health Insurance Portability and Accountability Act (HIPAA)

1 Healthcare Privacy and Security: Concepts and Challenges Dixie B. Baker, Ph.D. Chair, HIMSS Privacy and Security Advocacy Task Force.

Update on Federal HIT Legislation Kirsten Beronio Mental Health America.

Health Record Banks: Sustainable Health Information Infrastructure AND Privacy William A. Yasnoff, MD, PhD, FACMI Managing Partner, NHII Advisors World.

Nationwide Health Information Network: Conditions for Trusted Exchange Request For Information (RFI) Steven Posnack, MHS, MS, CISSP Director, Federal Policy.

1 Today’s Presentation Sarbanes Oxley and Financial Reporting An NSTAR Perspective.

Beyond the EMR – Exchanging Health Information Outside of Your Organization John W. Loonsk, MD, FACMI Office of the National Coordinator for Health Information.

Developing National Health Information Infrastructure (NHII) in the U.S. William A. Yasnoff, MD, PhD, FACMI Senior Advisor National Health Information.

© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.

Privacy and Security Tiger Team Today’s Discussion: Query/Response Scenarios for Health Information Exchange February 21, 2013.

Health Information Infrastructure: What, Why, and How William A. Yasnoff, MD, PhD, FACMI Managing Partner, NHII Advisors William A. Yasnoff, MD, PhD, FACMI.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.

A Feasible Path to Sustainable Community Health Information Infrastructure William A. Yasnoff, MD, PhD, FACMI CEO, Health Record Banking Association William.

January 26, 2007 State Alliance for e-Health January 26, 2007 Robert M. Kolodner, MD Interim National Coordinator Office of the National Coordinator for.

Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.

HIPAA Privacy The Morning After Panel What do we do now? William R. Braithwaite, MD, PhD (moderator) Washington, DC Ross Hallberg, Corporate Compliance.

Privacy and Security Solutions For Interoperable Health Information Exchange Presented by Linda Dimitropoulos, PhD RTI International Presented at AHRQ.

HIPAA Health Insurance Portability and Accountability Act of 1996.

Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.

A New Patient-centric and Sustainable Path to Achieving Health Information Infrastructure William A. Yasnoff, MD, PhD, FACMI Managing Partner, NHII Advisors.

HIPAA and Human Subjects Research IRB Member CE May 2014 Slideshow by Sean Horkheimer.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

HIPAA Training Workshop #1 Council of Community Clinics – San Diego February 7, 2003 by Kaye L. Rankin Rankin Healthcare Consultants, Inc.

1 Changes to Privacy Regulations under ARRA May 4, 2009 Melissa Goldstein, J.D. The George Washington University School of Public Health and Health Services.

©2002 by the National Committee for Quality Assurance NCQA: HIPAA Business Associate Presentation to the 6th National HIPAA Summit March 28, 2003 Patricia.

HIT Policy Committee Meeting Nationwide Health Information Network Governance June 25, 2010 Mary Jo Deering, PhD ONC, Office of Policy and Planning NHIN.

Roundtable on Privacy in Transition: Is Privacy Policy Working in the Healthcare Sector?

TASFAA 2016 Legacy of Leadership. TASFAA 2016 Legacy of Leadership Family Educational Rights and Privacy Act (FERPA) An Overview Molly Thompson Associate.

COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.

FERPA Family Educational Rights and Privacy Act

The HIPAA Privacy Rule: Implications for Medical Research

Standards and the National HIT Agenda John W. Loonsk, MD

SHARING CLINICAL DATA: Legal and Privacy Issues

HIMSS Advocacy Day Washington, DC April 1, 2004

Healthcare Privacy: The Perspective of a Privacy Advocate

manatt | phelps | phillips

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

HIPAA Privacy and Security Update - 5 Years After Implementation

Presentation transcript:

Averting the Collision: Privacy Doctrine & Health Information Exchange Katherine L. Ball, MD, MSc William A. Yasnoff, MD, PhD, FACMI e-Health Initiative Washington, DC December 5, 2008 © 2008 NH I I ADVISORS

2 2 © 2008 NH I I ADVISORS Dangers of Electronic Records “ Anything you do to make information more accessible for good, laudable purposes will simultaneously make it more accessible for evil, nefarious purposes ” - William A. Yasnoff, New York Times, 2/18/07 (p. 16) Therefore, privacy is a much greater concern as more health records are electronic.

3 3 © 2008 NH I I ADVISORS Consumers and Health Privacy n Surveys of “information hiding” l 2006: 13% of consumers l 2007: 17% of consumers n Consumers already control information in their records n Without control, too many will opt out OR politically force system shut down n Choices are today’s system or consumer control -- complete information without consent is not (and should not be) a viable option n Patient control essential

4 4 © 2008 NH I I ADVISORS HIPAA Does NOT Assure Privacy n Information may be released WITHOUT consent for Treatment, Payment, or Operations (TPO) n TPO is determined solely by holder of information l No notification to patient l No review or appeal of TPO decision n No records of TPO disclosures required l No opportunity to review compliance l Trust without verification --> mistrust n Privacy depends on good behavior of covered entities l No enforcement possible

5 5 © 2008 NH I I ADVISORS PHR Privacy Assured by Federal ECPA Law n ECPA = Electronic Communications Privacy Act of 1986 (U.S. Code Title 18, Part I, Chapter 121, § ) n Applies to operators of publicly-available remote computing services (e.g. PHRs) n Operator may not release any subscriber information to any private party without consent of the subscriber l No exceptions n Does not apply to “non-public” systems n Much stronger protection than HIPAA n Extending HIPAA to PHRs would eliminate ECPA protection

6 6 © 2008 NH I I ADVISORS Independent Privacy Certification is Needed n Consumers need assurance that their privacy is protected n Privacy policies difficult for consumers to understand l Monitoring for changes is impractical for consumers n Certification addresses inherent conflict-of- interest between organization holding data and consumer n Certification must be independent of data organizations n Certification is information equivalent of financial auditing

7 7 © 2008 NH I I ADVISORS Privacy Certification Process n Establish auditing criteria (focus on policy) l Clear privacy policy l All access requires consumer consent l Audit trails accessible to consumers l No targeting or profiling without consent n Security is prerequisite l But not adequate to protect privacy n Careful review of audit criteria l In operational environment l Cannot be applied to system “in the box” n Independent evaluation of audit results l Avoids conflict of auditors and “auditees” n Compliance monitoring & annual recertification

8 8 © 2008 NH I I ADVISORS Health Record Banks (HRB) Can Protect Privacy n Secure community-based repository of complete health records n Access to records completely controlled by patients (or designee) n “Electronic safe deposit boxes” n Information about care deposited once when created l Required by HIPAA n Allows EHR incentives to physicians to make outpatient records electronic n Operation simple and inexpensive

9 9 © 2008 NH I I ADVISORS Clinical Encounter Health Record Bank Clinician EHR System Encounter Data Entered in EHR Encounter Data sent to Health Record Bank Patient Permission? NO DATA NOT SENT Clinician Inquiry Patient data delivered to Clinician YES optional payment Clinician’s Bank Secure patient health data files Health Record Bank Operation

10 © 2008 NH I I ADVISORS HRB Rationale n Operationally simple l Records immediately available l Deposit new records when created l Enables value-added services l Enables research queries n Patient control --> l Trust & privacy l Stakeholder cooperation (HIPAA) n Low cost facilitates business model n Creates EHR incentive options l Pay for deposits l Provide Internet-accessible EHRs

11 © 2008 NH I I ADVISORS Health Record Bank Organization Customer Support Marketing Operations HRB Operator Board of Directors Management Health Record Bank Operator (for-profit) regulate via contract % of revenue RESPONSIBLE FOR: Policy Governance Oversight RESPONSIBLE FOR: Obtaining Capital Operating HRB Executive Director Other Staff(Optional) Community Non-profits Community Board of Directors Many communities use single HRB

12 © 2008 NH I I ADVISORS Questions? For more information: William A. Yasnoff, MD, PhD, FACMI 703/ Katherine L. Ball, MD, MS