Privacy and Security Solutions For Interoperable Health Information Exchange Presented by Linda Dimitropoulos, PhD RTI International Presented at AHRQ.

Slides:

Advertisements

Similar presentations

Manatt manatt | phelps | phillips New York State Health Information Technology Summit Initiative Overview and Update Rachel Block, Project Director United.

Advertisements

National HIT Agenda and HIE John W. Loonsk, M.D. Director of Interoperability and Standards Office of the National Coordinator Department of Health.

| Implications for Health Information Exchange – MetroChicago January 2011.

Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.

HISPC-Illinois II The Public-Private Partnership Moves Forward on Privacy and Security.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Davis Wright Tremaine LLP Non-HIPAA Governmental Regulation of Healthcare Privacy and Security Sixteenth HIPAA Summit/The Privacy Symposium August 21,

Beth DeLair, JD, RN DeLair Consulting, LLC. Discussion Topics Background Existing WI Requirements State Efforts to Change Law Senate Bill 487 Changes.

Legal Agreements and Policy Work Group Co-facilitators: Linda Attarian and Jill Moore Dial: Enter room#: * * (don’t forget the asterisks.

RTI International is a trade name of Research Triangle Institute 3040 Cornwallis Road ■ P.O. Box ■ Research Triangle Park, North Carolina, USA

Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

1 Joyce Sensmeier MS, RN, FHIMSS, HIMSS Glen Marshall, Siemens Healthcare Charles Parisot, GE Healthcare IHE's contribution to standards harmonization.

Minnesota Law and Health Information Exchange Oversight Activities James I. Golden, PhD State Government Health IT Coordinator Director, Health Policy.

Building Public Health / Clinical Health Information Exchanges: The Minnesota Experience Marty LaVenture, MPH, PhD Director, Center for Health Informatics.

Kansas Privacy and Security Update AHRQ Annual Research Meeting Washington, DC September 27, 2007 Robert F. St. Peter, M.D. President and CEO Kansas Health.

ONC HIT Policy Committee Interoperability and HIE Workgroup Panel 3: State/Federal Perspectives August 22, 2014 Jennifer Fritz, MPH Deputy Director Office.

A Robust Health Data Infrastructure P. Jon White, MD Director, Health IT Agency for Healthcare Research and Quality

Tackling the Policy Challenges of Health Information Exchange Carol Diamond, MD, MPH Managing Director, Markle Foundation.

Navigating Privacy and Security Issues for HIE: A Consumer Perspective Deven McGraw Chief Operating Officer National Partnership for Women & Families

Planning for a Vibrant Community. Introduction Planning is a process that involves: –Assessing current conditions; envisioning a desired future; charting.

New York Health Information Security and Privacy Collaboration (NY HISPC) AHRQ Annual Meeting September 27, 2007 Ellen Flink Project Director NYS DOH.

Sharing Low-Income Customer Information Water & Energy Utilities LIOB Meeting - January 2009 Seaneen M Wilson Division of Water & Audits.

Organizational and Legal Issues -- Developing organization and governance models for HIE Day 2 -Track 5 – FIRST SESSION – RHIO GOVERNANCE CONNECTING COMMUNITIES.

1 Health Information Security and Privacy Collaboration (HISPC) National Conference HISPC Contributions to Massachusetts HIE Privacy and Security Progress:

1 Creation of State Legislation to Protect and Facilitate Use and Exchange of Electronic Health Information Shelley Carter, RN, MCRP, MPH 1, Maggie Gunter,

The New Jersey Health Information Technology Act NJ HITC and Office for e-HIT by June 2010 must Deliver Report and make Recommendations to Governor and.

The 2009 HIMSS Security Survey: Insights into the Status of Healthcare Security Implementation sponsored by Symantec Meeting of the HIT Standards Committee,

Local Public Health System Assessment using the NPHPSP Local Instrument Essential Service 6 Enforce Laws and Regulations that Protect Health and Ensure.

State Alliance for e-Health Conference Meeting January 26, 2007.

EHI Blueprint for Change HealthTechNet November 16, 2007 Page 1 Transforming Care Delivery at the Point of Care: Barriers and Solutions Christine Bechtel.

State HIE Program Chris Muir Program Manager for Western/Mid-western States.

Crosswalk of Public Health Accreditation and the Public Health Code of Ethics Highlighted items relate to the Water Supply case studied discussed in the.

HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

Organizational and Legal Issues -- Developing organization and governance models for HIE Day 2 -Track 5 – SECOND SESSION – PRIVACY AND SECURITY CONNECTING.

Name Position Organisation Date. What is data integration? Dataset A Dataset B Integrated dataset Education data + EMPLOYMENT data = understanding education.

1 Health Information Security and Privacy Collaboration (HISPC): Calming the Waters Across State Lines Presented by Barbara L Massoudi, MPH, PhD RTI International.

United States Department of Justice Global Security Working Group Update Global Advisory Committee November 2, 2006 Washington, D.C.

ONC’s Proposed Strategy on Governance for the Nationwide Health Information Network Following Public Comments on RFI HIT Standards Committee Meeting September.

January 26, 2007 State Alliance for e-Health January 26, 2007 Robert M. Kolodner, MD Interim National Coordinator Office of the National Coordinator for.

Health Information Technology: Is Medicaid Keeping Pace? Michael Tutty, MHA Senior Project Director, Center for Health Policy and Research Instructor,

Health Information Technology Policy and The States State Coverage Initiatives Meeting Albuquerque, New Mexico Ree Sailors NGA, Center for Best Practices.

EHealth Progress Across the States in 2007 Results of a Survey of State Officials AcademyHealth National Health Policy Conference State Health Research.

1 DAS Annual Review June 2008 “Build to Share” Suzanne Acar, US DOIAdrian Gardner, US National Weather ServiceCo-Chair, Federal DAS

Kevin W. Ryan JD, MA Associate Director – ACHI Assistant Professor – UAMS COPH Rural TeleCon ’06 10th Annual Conference of the Rural Telecommunications.

Health Delivery Services May 29, Eastern Massachusetts Healthcare Initiative Policy Work Group Session 2 May 29, 2009.

Eurostat/UNSD Conference on International Outreach and Coordination in National Accounts for Sustainable Development and Growth 6-8 May, Luxembourg These.

1 PARCC Data Privacy & Security Policy December 2013.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

National Public Health Performance Standards Local Assessment Instrument Essential Service:6 Enforce Laws and Regulations that Protect Health and Ensure.

Moving the National Health Information Technology Agenda Forward The Fourth Health Information Technology Summit March 28, 2007 Robert M. Kolodner, MD.

HIT Policy Committee Meeting Nationwide Health Information Network Governance June 25, 2010 Mary Jo Deering, PhD ONC, Office of Policy and Planning NHIN.

TEXAS Health Information Technology Advisory Committee (HITAC) Track 1: Getting Started, Organization and Governance Tim Turner Tim Turner & Associates,

Medicaid/SCHIP Technical Assistance for Health IT/HIE 2008 AHRQ Annual Conference Presented by: Linda Dimitropoulos, RTI International.

State Alliance for e-Health Michelle Lim Warner, MPH Senior Policy Analyst NGA Center for Best Practices

Virtual Hearing of the Health IT Policy Committee Clinical, Technical, Organizational and Financial Barriers to Interoperability Task Force Friday, August.

1 Administrative Simplification: The Last Word National HIPAA Summit 8 Baltimore, MD March 9, 2004 William R. Braithwaite, MD, PhD “Doctor HIPAA”

Preparing to Implement HITECH A New Report from the State Alliance For E-Health Ree Sailors Kentucky e-Health Summit September 16, 2009.

Information Sharing for Integrated Care A 5 Step Blueprint.

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

HIMSS – Chicago – April, 2009 New Jersey - Health Information Technology – NJ HIT Act – Office for Health Information Technology Development - Recovery.

Health Information Exchange: Alaska’s Health Pipeline Alaska Bar Association Health Law Section February 2, 2012 Carolyn Heyman-Layne.

Governance and Institutional Arrangements What they have to do with Regional Water Planning (RWP)

Bridging the gap between the Individual Healthcare Plan (IHP) and the Individualized Educational Program (IEP) How Special Education and School Nurses.

Update from the Faster Payments Task Force

Information Sharing for Integrated care A 5 Step Blueprint

Health Information Security and Privacy Collaborative (HISPC) Overview

Health Information Exchange: Alaska’s Health Pipeline

VERMONT INFORMATION TECHNOLOGY LEADERS

Enforcement and Policy Challenges in Health Information Privacy

Presentation transcript:

Privacy and Security Solutions For Interoperable Health Information Exchange Presented by Linda Dimitropoulos, PhD RTI International Presented at AHRQ Annual Meeting September 27, 2007 RTI International is a trade name of Research Triangle Institute 3040 Cornwallis Road ■ P.O. Box ■ Research Triangle Park, NC Phone

Background Variation in privacy and security business practices, policies, and state laws creates a barrier to electronic clinical health information exchange Consumers, organizations, and state and federal entities share concerns related to maintaining the privacy and security of health information The existing paradigm for privacy and security protections does not fully accommodate active consumer participation in health information exchange

Assumptions Decisions about how to protect the privacy and security of health information should be made at the local level Stakeholders at the state and community levels, including patients and consumers, must be involved in identifying the challenges and developing solutions to achieve broad- based acceptance Discussions need to take place to develop an understanding of the current landscape and the variation that exists between organizations within each state, and ultimately across the nation

Methodology Community-based participatory research model where state teams identify and “own” the issues and outcomes Engaged broad range of stakeholders to identify challenges to privacy and security and develop solutions Followed a “core” methodology that framed discussions in terms of purposes for the exchange and the type of health information being exchanged within 9 domains of privacy and security

Stakeholder Participation in Assessment of Variation Total Participants3, Stakeholder Group NAVG Providers1,63048 Technology and Health Information Experts Consumers Other Government Public Health Agencies/Departments Employers Legal Counsel/Attorneys Medical & Public Health Schools/Research Payers Law Enforcement and Correctional Facilities 37 1 Foundations/Other Policy Consultants 4<1

Challenges/Solutions Challenge: Lack of awareness among stakeholders Stakeholders lack sufficient knowledge of HIT/HIE to understand implications for privacy and security; Consumers are unaware of legal protections under state law; Providers frequently do not understand state law requirements Solution: 14 states are developing model outreach and education programs Consumer and provider outreach and education State and multistate privacy and security summits Consumer advisory councils/committees Toolkits for educating stakeholders

Challenges/Solutions (continued) Challenge: Variation created by state privacy and security laws State law governing privacy and security is scattered, fragmented, sometimes inconsistent or contradictory within a state, and frequently does not apply sensibly to electronic exchange. Solution: 9 states implementing solutions related to state law Producing a catalog of existing relevant statutes and administrative regulations Developing a road map of current P&S laws/statutes Developing model legislation to harmonize on multistate issues such as consent Completing a legal analysis to determine what changes need to be made to ensure privacy and security Reforming state privacy laws to address electronic HIE Drafting legislation for 2008 session

Challenges/Solutions (continued) Challenge: Obtaining and Managing Patient Consent Broad variation in the requirements for obtaining and managing patient consent and authorization for information disclosures Solution: 8 states are working on reducing variation related to consent management Standardize patient consent process Harmonize consent language that addresses opt-in/opt-out issues across the state Implement consent management process; develop use cases that drive HIE transactions Create guiding principles for consent that can be used to update state law Model consent forms

Challenges/Solutions (continued) Challenge: Variation in Methods of Implementing 4 A’s Need for consensus on standards for authentication, authorization, access controls and information audits to reduce mistrust between entities Solution: 4 states are working on issues related to the 4A’s Defining minimum standards for authentication acceptable to individuals or entities participating in an HIE Defining P&S requirements for providers' role-based access and authentication Developing “solutions building block” i.e., trusted digital identities for authentication, authorization, access control, data integrity, and digital signatures

Challenges/Solutions (continued) Challenge: Privacy and Security Oversight Lack of state-level authoritative governing bodies to oversee the development, adoption and enforcement of common privacy policies and security practices for HIE Solution: 6 states working on governance and oversight Establish Governor’s eHealth taskforce on Privacy and Security Create a Privacy and Security Advisory Board Establish formal work group to formulate and review P&S policy Create an umbrella organization to operationalize P&S strategies and interact with Governor's HIE Commission and the state Health Policy Authority.

Moving Forward Moving to multi-state collaboration Enlisting the remaining states and territories into the process Providing the technical assistance needed to foster the multi-state collaborative work 2 nd National Meeting November 1-2 in Washington, DC

Thank You