HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair October 20, 2010 1.

Slides:

Advertisements

Similar presentations

1 HIT Standards Committee Privacy and Security Workgroup: Reformatted Standards Recommendations & Implementation Guidance Dixie Baker, SAIC Steven Findlay,

Advertisements

Manatt manatt | phelps | phillips New York State Health Information Technology Summit Initiative Overview and Update Rachel Block, Project Director United.

Opportunities & Dangers: Consumers and Electronic Health Records Paul Feldman, Health Privacy Project Deven McGraw, National Partnership for Women & Families.

Strategy and Innovation Workgroup October 21, 2014 David Lansky, chair Jennifer Covich, co-chair.

NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.

VISION FOR MEANINGFUL USE. 2 Meaningful Use Workgroup Co-Chairs: Paul Tang, Palo Alto Medical Foundation Farzad Mostashari, New York City Health Department.

HIT Policy Committee Meaningful Use Workgroup Update Paul Tang Palo Alto Medical Foundation George Hripcsak Columbia University December 15, 2009.

HIT Policy Committee Information Exchange Workgroup Proposed Next Steps Micky Tripathi, Chair David Lansky, Co-Chair August 19, 2010.

1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.

HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair Certificate Authority- Provider Authentication Recommendations.

HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair August 19,

Privacy and Security Workgroup October 14, 2014 Deven McGraw, chair Stan Crosley, co-chair.

A Primer on Healthcare Information Exchange John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.

HIT Policy Committee Meaningful Use Workgroup Presentation Paul Tang, Chair Palo Alto Medical Foundation George Hripcsak. Co-Chair Columbia University.

HIT Standards Committee Privacy and Security Workgroup: Standards for Consumer Engagement Dixie Baker, SAIC Steve Findlay, Consumers Union May 26, 2010.

Privacy and Security Tiger Team Meeting Recommendations regarding a framework of security protections for EHRs December 7, 2011.

Privacy & Security Tiger Team: Accounting of Disclosures Recommendations December 4, 2013.

First Annual Summary of Privacy and Security Tiger Team Activities July 1, 2010 through September 30, 2013 Joy Pritts, Chief Privacy Officer.

Privacy and Security Tiger Team Comparison of Stage 2 Proposed Rules w/Health IT Policy Committee previous privacy & security recommendations Preliminary.

HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair Provider Authentication Recommendations November 19, 2010.

Tackling the Policy Challenges of Health Information Exchange Carol Diamond, MD, MPH Managing Director, Markle Foundation.

Navigating Privacy and Security Issues for HIE: A Consumer Perspective Deven McGraw Chief Operating Officer National Partnership for Women & Families

HIT Policy Committee Strategic Plan Workgroup Paul Tang, Chair Palo Alto Medical Foundation Jodi Daniel, Co-Chair ONC December 15, 2009.

HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair August 3,

Privacy and Security Tiger Team Subgroup Discussion: MU3 RFC July 29, 2013.

HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair Summary of 12/9 Hearing on Patient Matching December 13,

Privacy and Security Tiger Team Recommendations Adopted by The Health IT Policy Committee Relevant to Consumer Empowerment May 24, 2013.

HIT Policy Committee Nationwide Health Information Network Governance Workgroup Recommendations Accepted by the HITPC on 12/13/10 Nationwide Health Information.

HIT Standards Committee Privacy and Security Workgroup: Standards for Consumer Engagement Dixie Baker, SAIC Steve Findlay, Consumers Union April 28, 2009.

HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair September 14,

HIT Policy Committee Strategic Plan Workgroup Strategic Framework Paul Tang, Chair Palo Alto Medical Foundation Jodi Daniel, Co-Chair ONC March 17, 2010.

Privacy and Security Tiger Team Trusted Identity of Providers in Cyberspace Follow-Up Recommendations September 6, 2012.

HIT Policy Committee Governance Workgroup Update John Lumpkin, Robert Wood Johnson Foundation, Chair September 14, 2010.

HIT Policy Committee NHIN Workgroup Introductory Remarks David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of Commerce,

State Alliance for e-Health Conference Meeting January 26, 2007.

HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.

State HIE Program Chris Muir Program Manager for Western/Mid-western States.

HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.

Privacy in Healthcare Challenges Associated with Implementing Privacy in an Electronic Health Records Environment John P. Houston, J.D. Vice President,

HIT Policy Committee Privacy & Security Tiger Team Update Deven McGraw, Co-Chair Center for Democracy & Technology Paul Egerman, Co-Chair June 25, 2010.

Certification and Adoption Workgroup – Policy Committee Update on the ONC Standards and Certification NPRM Marc Probst, workgroup co-chair Larry Wolf,

HIT Policy Committee Privacy & Security Workgroup Update Deven McGraw Center for Democracy & Technology Rachel Block Office of Health Information Technology.

HIT Standards Committee Privacy and Security Workgroup: Privacy and Security Workgroup: Update Dixie Baker, SAIC Steve Findlay, Consumers Union March 24,

HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair Patient Matching Recommendations February 2,

Recommendations to the HIT Policy Committee on ONC Standards and Certification NPRM May 2, 2012 Certification and Adoption Workgroup Marc Probst, Intermountain.

HIT Policy Committee Meaningful Use Workgroup Paul Tang, Chair George Hripcsak, Co-Chair June 25, 2010.

Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.

HIT Standards Committee NHIN Workgroup Introductory Remarks Farzad Mostashari Office of the National Coordinator for Health IT Douglas Fridsma Office of.

HIT Standards Committee Meaningful Use Workgroup Presentation to HIT Policy Committee on July 16, 2009 As Presented by:Paul Tang, Chair Palo Alto Medical.

Information Exchange Workgroup Recommendations to HIT Policy Committee October 3, 2012 Micky Tripathi, Larry Garber.

HIT Policy Committee Adoption Certification Workgroup Proposed Next Steps Paul Egerman, Chair Marc Probst, Co-Chair July 21, 2010.

HIT Policy Committee Privacy & Security Policy Workgroup Deven McGraw, Chair Center for Democracy & Technology Rachel Block, Co-Chair NYS Department of.

HIT Standards Committee Clinical Operations Workgroup Jamie Ferguson, Kaiser Permanente John Halamka, Harvard Medical School June 23, 2009.

HIT Standards Committee Implementation Workgroup Judy Murphy, Aurora Health Care, Co-Chair Liz Johnson, Tenet Healthcare, Co-Chair June 22, 2011.

Privacy and Security Tiger Team Trusted Identity of Patients in Cyberspace Initial Impressions on November 29 Hearing December 5, 2012.

HIT Policy Committee Meaningful Use Workgroup Update Paul Tang Palo Alto Medical Foundation George Hripcsak Columbia University January 13, 2010.

HIT Policy Committee Health Information Exchange Workgroup Deven McGraw, Center for Democracy & Technology Micky Tripathi, Massachusetts eHealth Collaborative.

HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair July 21, 2010.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

1 Overview of HIT Policy Committee’s Privacy Hearing Jodi Daniel, JD, MPH Director, Office of Policy and Research Office of the National Coordinator for.

Health Management Information Systems Unit 3 Electronic Health Records Component 6/Unit31 Health IT Workforce Curriculum Version 1.0/Fall 2010.

Privacy and Security Tiger Team Potential Questions for Request for Comment Meaningful Use Stage 3 October 3, 2012.

First Annual Summary of Privacy and Security Tiger Team Activities July 1, 2010 through September 30, 2013 Joy Pritts, Chief Privacy Officer.

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

HIT Policy Committee Privacy & Security Workgroup Update Deven McGraw Center for Democracy & Technology Rachel Block Office of Health Information Technology.

HIT Standards Committee NwHIN Power Team Dixie Baker, Chair July 20,

Health IT Policy Committee’s Workgroup Updates June 16, 2009 Meeting

American Health Information Management Association

Healthcare Privacy: The Perspective of a Privacy Advocate

Data and Interoperability:

Presentation transcript:

HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair October 20,

Tiger Team Members Deven McGraw, Chair, Center for Democracy & Technology Paul Egerman, Co-Chair, Dixie Baker, SAIC Christine Bechtel, National Partnership for Women & Families Rachel Block, NYS Department of Health Carol Diamond, Markle Foundation Judy Faulkner, EPIC Systems Corp. Leslie Francis, University of Utah; NCVHS Gayle Harrell, Consumer Representative/Florida John Houston, University of Pittsburgh Medical Center David Lansky, Pacific Business Group on Health David McCallie, Cerner Corp. Wes Rishel, Gartner Latanya Sweeney, Carnegie Mellon University Micky Tripathi, Massachusetts eHealth Collaborative Adam Greene, Office of Civil Rights Joy Pritts, ONC Judy Sparrow, ONC 2

Tiger Team Approach Work intended to flesh out a comprehensive privacy and security framework, guided by fair information practices (ONC’s Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information) –Copy of working document provided to Committee –Updated to include August recommendations Today’s update provides an initial set of recommendations on the principle of openness and transparency 3

Core Values Patients should not be surprised to learn what happens to their health information. The provider-patient relationship is the foundation for trust in health information exchange. Providers are responsible for ensuring the privacy and security of patient information but may delegate functions to business associates if done in a trustworthy manner. about or harmed by collections, uses, or disclosures of their information. 4

Core Values NEW core value: Transparency about information exchange practices is a necessary component of establishing credibility with patients. In achieving greater openness and transparency for patients, we need to balance the need to give patients complete information on how their information is shared while at the same time providing information in a form that is manageable for patients to read and understand. 5

Key Challenge & Solution Challenge: How can we have complete information exchange transparency, without creating a notice that is unmanageable for patients and without creating undue burden on providers? Solution: Implement a tiered (“layered”) approach to transparency. Applied to three contexts: –The HIPAA Notice of Privacy Practices (NPP) (required of all providers) –“Indirect” Exchange (exchange that triggers meaningful consent per August recommendations) –Organized Health Care Arrangements and other integrated delivery networks (OHCAs) 6

Transparency Recommendations Providers should provide the HIPAA NPP as a layered notice –Short summary of sharing policies and activities –A detailed notice for interested patients –Plain English & at an appropriate reading level –Current & anticipated exchange activities, not just what the law permits 7

Transparency Recommendations Where there is an “indirect exchange” that triggers consent, notice to patients should –not be buried in the NPP, but easily distinguishable, –be layered, providing a brief summary of the model (including purposes for which information can be accessed/shared), with more detailed information available, and –be provided in advance, per August recommendations With respect to OHCAs –All patients should receive summary information; this notice should be distinct & not buried in the NPP. –Patients should have the ability to obtain more detailed information, including list of all participants. 8

Transparency Recommendations ONC should require federally funded HIOs and Regional Extension Centers to develop and implement public education plans regarding their information sharing policies and practices. The Tiger Team also developed examples of summary notices for situations in which Health Information Organizations (HIO) and Organized Health Care Arrangements (OHCA) are involved. 9

Example Notice: HIO We send an electronic copy of your medical record to the state health Information organization, which makes your data available to other healthcare professionals. We also use a gateway for electronic submission of prescriptions, which keeps a copy of your medications profile. If you want to learn more details about how we perform electronic exchange of data, you may request a copy of our Detailed Information Exchange Description, which can also be found at this web- site: 10