Download presentation
Presentation is loading. Please wait.
1
The PRISM Privacy Tool: A User’s Guide
Speakers: Vicki Hohner, MBA, FOX Systems, Inc. Walter G. Suarez, MD, MPH, Institute for HIPAA/HIT Education and Research Presented at the 2008 PHIN Conference Monday, August 25, 2008 Atlanta, GA PHDSC Home Page PRISM Web Page
2
PRISM The Public Health Data Standards Consortium and the Privacy, Security and Data Exchange Committee
3
About the Consortium A national independent voluntary membership-based nonprofit confederation of federal, state and local health agencies, national and local professional associations and public and private sector organizations interested in public health data and data standards Started in 1998; established as an independent organization in 2003 Mission: Bringing a Common Voice from Public Health to the National Health Information Standardization Efforts Scope of activities, deliverables, timetable
4
About the Consortium Program Activities:
Participation and Representation National efforts (HITSP, HISPC, CCHIT, others) Standards Organizations (X12, HL7, IHE, others) Data Standards for Public Health Privacy and Security Public Health Informatics Education Role of Public Health in Health IT, HIEs and the NHIN Website – Participation – Everybody is welcome to join! Opportunities: New members, Board of Directors, Committees, Workgroups Scope of activities, deliverables, timetable
5
About the Privacy, Security and Data Exchange Committee
The PSDE Committee focuses on addressing individual and organizational privacy and security issues related to maintaining and sharing health information, particularly in electronic form, for public sector health programs and health services research purposes. Committee activities: Represent public health and the public sector in national privacy, security, and health care technology efforts Educate and communicate with public sector health agencies Provide products, tools and information to assist with public sector health privacy and security issues Scope of activities, deliverables, timetable
6
PART 1 PRISM Background and Overview
7
What is PRISM? A framework for understanding the basic legal privacy requirements for the use and disclosure of health information Created to help public sector health programs understand and apply state and federal privacy laws to their activities Scope of activities, deliverables, timetable
8
What is PRISM? An electronic, web-based ‘family of tools’
Set up as web tables to easily access and focus information relevant to a specific situation Multiple tables created to inform all the common public sector health functions
9
Purpose of PRISM Identify and define the baseline conditions and requirements that a government or other health entity must follow when using and disclosing specific types of health information Organize key privacy requirements related to uses and disclosures to provide direction to improve privacy policies, procedures, and compliance
10
Why was PRISM developed?
Address a gap in federal HIPAA privacy guidance HIPAA requirements do not always map to public sector health program activities Present King County case as handout
11
Why was PRISM developed?
Public sector health programs often combine multiple activities and functions, so rule application can be confusing Useful for most payer and provider entities, whether public or private
12
Who developed PRISM? Developed through the Public Health Data Standards Consortium (PHDSC) Funded by the National Center for Health Statistics (NCHS) and the DHHS Assistant Secretary for Planning and Evaluation (ASPE) Development oversight provided by the Consortium’s Privacy, Security, and Data Sharing Committee (PSDSC) Present King County case, short discussion of what was asked, what it covers
13
Who developed PRISM? (Cont’d)
Content developed by Consortium members: Walter Suarez, MD, PHDSC President Vicki Hohner, Co-Chair PSDE Committee Legal Reviewer: Joy Pritts, JD, Senior Policy Analyst and HIPAA Privacy expert, Georgetown University
14
PRISM: A Family of Privacy Tools
PRISM for Government Agencies Disclosures FROM PRISM for Public Health Authorities Disclosures TO PRISM LITE Summary of Disclosures FROM (2008) Summary of Disclosures TO Public Health (beyond 2008) Scope of activities, deliverables, timetable
15
PRISM: A Family of Privacy Tools
PRISM for Government Agencies (PRISM-GA) Completed in 2007 Focusing on Disclosures FROM Government Agencies Overall structure of Tool: Tool tables segregated by Agency’s Roles: Acting as Public Health Authority Acting as Health Care Providers Acting as Health Plan/Payer Within each Role, Tool tables structured by: Purpose of Disclosure (TPO, Public Health, Law Enforcement, etc) Type of Information Being Disclosed (vital statistics, immunizations, HIV, medical record information, etc) Scope of activities, deliverables, timetable
16
PRISM: A Family of Privacy Tools
PRISM for Public Health Authorities (PRISM-PH) Being completed in 2008 Focusing on Disclosures TO Public Health Overall structure of Tool Tables structured by: Purpose of Disclosures (Required by Law, Public Health, Health Oversight) Type of Information Being Disclosed (vital statistics, immunizations, HIV, medical record information, etc) Scope of activities, deliverables, timetable
17
PRISM: A Family of Privacy Tools
PRISM “LITE” Summary of the more comprehensive PRISM Tools: During 2008 – Start with a Summary of PRISM-GA (Disclosures FROM) Post-2008 – Incorporate a Summary of PRISM-PH (Disclosures TO) Summary to be presented in a ‘matrix’ format, with higher-level concepts, principles, and general rules Made available on the web Linking back to the more comprehensive source tables, for people to get more detailed information, as needed Scope of activities, deliverables, timetable
18
PRISM Family of Privacy Tools Project Component 4
-- Home Page -- Introduction to PRISM Under Development 2008 PRISM LITE -- High-level Review -- Hyperlinks to Tools Operational 2007 Under Development 2008 PRISM for Government Agencies ~ PRISM-GA ~ (Disclosures FROM Government Agencies) PRISM for Public Health Authorities ~ PRISM-PH ~ (Disclosures TO Public Health) Resource Materials (Definition of Terms, Sample Documents, Best Practice Guidelines, etc)
19
What Information is in PRISM Today?
PRISM for Government Agencies Uses the HIPAA privacy rule to set the basic framework Incorporates other federal privacy laws, such as 42 CFR pt. 2 and FERPA, where relevant References common provisions in state law Focuses on DISCLOSURES of health information done by public programs More detail on following slides
20
What Information is in PRISM Today?
Includes other laws or requirements that may have an impact Provides additional information on how the requirement may be interpreted or applied in public programs
21
How is PRISM structured?
Three separate tables for common public sector health-related functions: Public Health Authority Provider Payer Focus is on disclosures of specific types of identifiable health information Present King County case, short discussion of what was asked, what it covers
22
How is PRISM structured?
Tables organized by: Disclosure Purpose Treatment, Payment, Operations Required by law (public health, health oversight) Judicial/administrative proceedings, law enforcement
23
How is PRISM structured?
Tables organized by: Disclosure Purpose Type of Information HIV, immunizations, medical records Separate section for minors Separate table addressing who (as the individual) can control uses and disclosures and under what conditions
24
What information is in the PRISM tables?
Tables divided into cells that contain information about specific disclosures HIPAA citation Type of disclosure (required vs. permitted) Information related to the disclosure (conditions, special requirements)
25
What information is in the PRISM tables?
HIPAA requirements of the disclosure Whether consent/authorization is required Whether minimum necessary applies If an accounting of disclosure is required Additional general state law issues/ requirements that may apply
26
Where can I find PRISM? PHDSC Home Page: http://www.phdsc.org/
Present King County case, short discussion of what was asked, what it covers PHDSC Home Page: PRISM Web Page:
27
PRISM PART 2 PRISM in Action – Using the PRISM Toolkit to Address Privacy Issues
28
Introduction to PRISM Present King County case, short discussion of what was asked, what it covers Click on “Proceed to PRISM Privacy Tool” at bottom of this web page
29
Understanding and Using PRISM
Present King County case, short discussion of what was asked, what it covers Proceed down the page and click on “Government Entity Acting As….”
30
Understanding and Using PRISM
Present King County case, short discussion of what was asked, what it covers Proceed down the page and click on “Government Entity Acting As….”
31
Government Entity Acting As…
Present King County case, short discussion of what was asked, what it covers Proceed down the page and click on one of the Type of Disclosure tables
32
Government Entity Acting As…
Present King County case, short discussion of what was asked, what it covers
33
How do I use PRISM? Click on a specific functional table to access the actual table This takes you to the grid of disclosure purposes for that table by specific data type
34
How do I use PRISM? Click on a folder icon to access the content for a specific disclosure/data type This screen provides you with disclosure guidelines specific to this type of disclosure
35
Example #1 My program functions as a provider
I want to disclose information on children’s immunizations for public health purposes First click to access the Public Health Healthcare Provider table
36
Example #1 Then go to table 4, Disclosures Required by Law; for Public Health; etc., which covers disclosures for public health purposes
37
Example #1 Look along the top for the Public Health Activities column, then for Unemancipated minors information down the side, and click to open
38
Example #1 Using the information in the cell:
If an entity is performing public health activities as a provider, that disclosure is allowed without consent or authorization under HIPAA State laws define and control legal issues related to minors, but public health activities are normally not affected by these laws
39
Example #2 My program functions as a provider AND a public health authority I need to disclose HIV AIDS information for treatment purposes First click to access the Provider table
40
Example #2 Then go to table 2, Disclosures for Treatment, Payment, and Health Care Operations, which contains specific information for TPO purposes
41
Example #2 Look for the Treatment disclosures column, and the STD/AIDS row, and click on the cell to open
42
Example #2 Then go to the Government Acting as a Public Health Authority table
43
Example #2 Then go to table 2, Disclosures for Treatment, Payment, and Health Care Operations, which contains specific information for TPO purposes
44
Example #2 Look for the Treatment disclosures column, and the STD/AIDS row, and click on the cell to open
45
Example #2 7. Using the information in both cells:
If an entity is performing treatment activities as a provider, that disclosure is allowed without consent or authorization under HIPAA However, HIV information is often subject to stricter state protections, so state laws may require consent or authorization for some or all treatment activities If an entity is performing treatment activities as a public health authority, then that disclosure is not subject to the HIPAA requirements However, those treatment activities must be clearly identifiable as public health activities defined by law to qualify`
46
PRISM Privacy Definitions and Resources
`
47
PRISM Privacy Definitions and Resources
`
48
How can I provide feedback on PRISM?
Feedback/Comment form: Your comments are critical to future revisions and enhancements to this tool
49
How can I provide feedback on PRISM?
50
Upcoming PHDSC Privacy and Security Projects and Products
PRISM Upcoming PHDSC Privacy and Security Projects and Products
51
PHDSC Privacy and Security Projects and Products (2008)
PRISM II PRISM LITE® - Summary Principles of Privacy Practices for Public Health Professionals Disclosures TO Public Health Tool Interoperable Public Health Information Exchanges – A Review of State Privacy and Security Variations, Solutions and Implementation Plans Building upon the findings and reports from the HISPC Project Best Practices in Public Health Privacy and Security Review of a sample of States planning and implementing public health information exchanges
52
PHDSC Privacy and Security Projects and Products (2009)
Adding State-level Public Health Privacy and Security to PRISM Identification of a set of priority issues related to public health privacy and security Research and analysis on selected state-level laws related to the identified issues Documentation and reporting – incorporating state-level information into the PRISM Toolkit
53
For More Information About the Consortium and other Consortium products: Join and Participate in Consortium activities! Help produce more powerful and useful information tools
54
Contact Information Walter G. Suarez, MD President and CEO Institute for HIPAA/HIT Education and Research Phone: Vicki Hohner, MBA Senior Consultant Fox Systems, Inc. Phone:
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.