HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.

Slides:



Advertisements
Similar presentations
Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Advertisements

1 HIT Standards Committee Privacy and Security Workgroup: Reformatted Standards Recommendations & Implementation Guidance Dixie Baker, SAIC Steven Findlay,
NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.
HIT Policy Committee Federal Health IT Strategic Plan April 13, 2011 Jodi Daniel, ONC Seth Pazinski, ONC.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Series 1: “Meaningful Use” for Behavioral Health Providers 9/2013 From the CIHS Video Series “Ten Minutes at a Time” Module 10: HIPAA Privacy & Security.
NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.
Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.
1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.
HITSP – enabling healthcare interoperability 1 enabling healthcare interoperability 1 Standards Harmonization HITSP’s efforts to address HIT-related provisions.
Interoperability Roadmap Comments Package Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair February 24, 2015.
Security Controls – What Works
Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.
HITSP – enabling healthcare interoperability 1 enabling healthcare interoperability 1 Standards Harmonization HITSP’s efforts to address HIT-related provisions.
User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.
ONC Policy and Program Update Health IT Standards Committee Meeting July 17, 2013 Jodi Daniel Director, Office of Policy and Planning, ONC 0.
Minnesota Law and Health Information Exchange Oversight Activities James I. Golden, PhD State Government Health IT Coordinator Director, Health Policy.
August 12, Meaningful Use *** UDOH Informatics Brown Bag Robert T Rolfs, MD, MPH.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+
1 HIT Policy Committee HIT Standards Committee Privacy and Security Workgroup: Status Report Dixie Baker, SAIC July 16, 2009.
HIT Standards Committee Hearing on Trusted Identity of Patients in Cyberspace November 29, 2012 Jointly sponsored by HITPC Privacy and Security Tiger Team.
Privacy and Security Tiger Team Subgroup Discussion: MU3 RFC July 29, 2013.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
HIT Standards Committee Privacy and Security Workgroup: Standards for Consumer Engagement Dixie Baker, SAIC Steve Findlay, Consumers Union April 28, 2009.
Privacy and Security Tiger Team Today’s Discussion: MU3 RFC Comments May 8, 2013.
Update on Interoperability Roadmap Comments Sections G, F and E Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.
Update on Federal HIT Legislation Kirsten Beronio Mental Health America.
Nationwide Health Information Network: Conditions for Trusted Exchange Request For Information (RFI) Steven Posnack, MHS, MS, CISSP Director, Federal Policy.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.
HIT Policy Committee Privacy & Security Workgroup Update Deven McGraw Center for Democracy & Technology Rachel Block Office of Health Information Technology.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
HIT Standards Committee Privacy and Security Workgroup: Privacy and Security Workgroup: Update Dixie Baker, SAIC Steve Findlay, Consumers Union March 24,
Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.
The Paradox in HIPAA Deven McGraw, JD, MPH, LLM Partner Manatt, Phelps & Phillips, LLP December 8, 2014.
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
HIT Policy Committee Report from HIT Standards Committee Privacy and Security Workgroup Dixie Baker, SAIC December 15, 2009.
Working with HIT Systems
Health Information Technology EHR Meaningful Use Milestones for HIT Funding Michele Madison
HIT Standards Committee Overview and Progress Report March 17, 2010.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
1 Changes to Privacy Regulations under ARRA May 4, 2009 Melissa Goldstein, J.D. The George Washington University School of Public Health and Health Services.
Moving the National Health Information Technology Agenda Forward The Fourth Health Information Technology Summit March 28, 2007 Robert M. Kolodner, MD.
HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Overview of ONC Report to Congress on Health Information Blocking Presented to the Health IT Policy Committee, Task Force on Clinical, Technical, Organizational,
Privacy and Security Tiger Team Potential Questions for Request for Comment Meaningful Use Stage 3 October 3, 2012.
HIT Policy Committee Meeting Nationwide Health Information Network Governance June 25, 2010 Mary Jo Deering, PhD ONC, Office of Policy and Planning NHIN.
HIT Standards Committee Privacy and Security Workgroup Task Update: Standards and Certification Criteria for Certifying EHR Modules Dixie Baker, Chair.
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
Office of the National Coordinator for Health Information Technology ONC Update for HITSP Board U.S. Department of Health and Human Services John W. Loonsk,
ACWG Charge Make recommendations to the Health IT Policy Committee on how HHS policies and programs can advance the evolution of a health IT infrastructure.
HIT Policy Committee Privacy & Security Workgroup Update Deven McGraw Center for Democracy & Technology Rachel Block Office of Health Information Technology.
HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
Presenter Gene Geiger, A-LIGN Partner -HITRUST Practitioner -CPA -CISSP -CCSK -QSA -PCIP -ISO 27K LA.
Standards and the National HIT Agenda John W. Loonsk, MD
Health IT Policy Committee Workgroup Evolution
American Health Information Management Association
Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Privacy in Nationwide Health IT
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Biosurveillance and the National Health IT Agenda
ONC Update for HITSP Board
Presentation transcript:

HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009

2 Workflow 1.Review and comment on the Privacy and Security policy priority in the meaningful-use matrix, focusing on Goals, 2011 Objectives, and 2011 Measures –Present recommendations to HIT Standards Committee for conveyance to HIT Policy Committee 2.Map 2011 measures into specific features and functions within three categories: 1)Products that can be purchased (certified by CCHIT outside the real-life setting) 2)IT infrastructure necessary to enable the product to be meaningfully used 3)Operational environment in which the product will be used meaningfully

3 Workflow (continued) 3.Map features and functions to standards and certification criteria –Use Privacy and Security worksheet provided by ONC as starting point for EHR standards and certification criteria (category #1) –For categories #2 and #3, use HITSP TN900 as primary resource –Identify additional industry standards as needed 4.Recommend standards and certification criteria to ONC

Privacy and Security Policy Matrix - Goals GOALS (current) Ensure privacy and security protections for confidential information through operating policies, procedures, and technologies and compliance with applicable law Provide transparency of data sharing to patient GOALS (recommended) Protect individual privacy, care quality, patient safety, and population health Ensure privacy and security protections for Protect confidential information and essential EHR services through operating policies, procedures, and technologies, and compliance with applicable law Provide transparency of data sharing to patient

Privacy and Security Policy Matrix - Objectives 2011 OBJECTIVES (current) Compliance with HIPAA Privacy and Security Rules and state laws Compliance with fair data sharing practices set forth in the Nationwide Privacy and Security Framework 2011 OBJECTIVES (recommended) Compliance with HIPAA Privacy and Security Rules, ARRA privacy and security provisions, and state laws Compliance with fair data sharing practices set forth in the Nationwide Privacy and Security Framework Assure that EHR services and information are available when needed at the point of care

Privacy and Security Policy Matrix - Objectives 2011 OBJECTIVES (current) Compliance with HIPAA Privacy and Security Rules and state laws Compliance with fair data sharing practices set forth in the Nationwide Privacy and Security Framework 2011 OBJECTIVES (recommended - continued) Enable EHR data to be used for population health purposes, while minimizing privacy risks to individuals Assure that measures are attainable by small practices as well as large hospitals and integrated delivery networks

Privacy and Security Policy Matrix - Measures 2011 MEASURES (current) Full compliance with HIPAA Privacy and Security Rules An entity under investigation for a HIPAA privacy or security violation cannot achieve meaningful use until the entity is cleared by the investigating authority Conduct or update a security risk assessment and implement security updates as necessary 2011 MEASURES (recommended) Full compliance with HIPAA Privacy and Security Rules An entity under investigation by the HHS Office of Civil Rights for a HIPAA privacy or security violation cannot achieve meaningful use until the entity is cleared by the investigating authority a plan has been put in place to correct the fault and address the harm caused

Privacy and Security Policy Matrix - Measures 2011 MEASURES (current) Full compliance with HIPAA Privacy and Security Rules An entity under investigation for a HIPAA privacy or security violation cannot achieve meaningful use until the entity is cleared by the investigating authority Conduct or update a security risk assessment and implement security updates as necessary 2011 MEASURES (recommended - continued) Conduct or update a security risk assessment and implement security updates as necessary and as appropriate for the size of the enterprise Provide measures to assure the timely availability of services and information required for safe care delivery

Privacy and Security Policy Matrix - Measures 2011 MEASURES (current) Full compliance with HIPAA Privacy and Security Rules An entity under investigation for a HIPAA privacy or security violation cannot achieve meaningful use until the entity is cleared by the investigating authority Conduct or update a security risk assessment and implement security updates as necessary 2011 MEASURES (recommended - continued) Provide anonymized or pseudonymized health data to public health agencies

Next Step – Map Measures to Features & Functions Segment into three categories: 1)Products that can be purchased –Certified by CCHIT outside the real-life setting –e.g., user and entity authentication, access control, audit 2)IT infrastructure necessary to enable the product to be meaningfully used –e.g., identity management, secure , system backup 3)Operational environment in which the product will be used meaningfully –e.g., authorization policies, audit review

From Measures to Standards & Certification 2011 Measures –E.g., Full compliance with HIPAA P&S Rules 2011 Features & Functions 1.EHR Products (CCHIT Criteria) 2.IT Infrastructure 3.Operations Standards –HITSP –NIST –ISO –OASIS –etc. Certification Criteria –HHS Criteria for EHR Reimbursement