Presentation is loading. Please wait.

Presentation is loading. Please wait.

The PRISM Privacy Tool: A User’s Guide

Published byDrusilla McKenzie Modified over 5 years ago

Similar presentations

Presentation on theme: "The PRISM Privacy Tool: A User’s Guide"— Presentation transcript:

1 The PRISM Privacy Tool: A User’s Guide
Speakers: Vicki Hohner, MBA, FOX Systems, Inc. Walter G. Suarez, MD, MPH, Institute for HIPAA/HIT Education and Research Presented at the 2008 PHIN Conference Monday, August 25, 2008 Atlanta, GA PHDSC Home Page  PRISM Web Page 

2 PRISM The Public Health Data Standards Consortium and the Privacy, Security and Data Exchange Committee

3 About the Consortium A national independent voluntary membership-based nonprofit confederation of federal, state and local health agencies, national and local professional associations and public and private sector organizations interested in public health data and data standards Started in 1998; established as an independent organization in 2003 Mission: Bringing a Common Voice from Public Health to the National Health Information Standardization Efforts Scope of activities, deliverables, timetable

4 About the Consortium Program Activities:
Participation and Representation National efforts (HITSP, HISPC, CCHIT, others) Standards Organizations (X12, HL7, IHE, others) Data Standards for Public Health Privacy and Security Public Health Informatics Education Role of Public Health in Health IT, HIEs and the NHIN Website – Participation – Everybody is welcome to join! Opportunities: New members, Board of Directors, Committees, Workgroups Scope of activities, deliverables, timetable

5 About the Privacy, Security and Data Exchange Committee
The PSDE Committee focuses on addressing individual and organizational privacy and security issues related to maintaining and sharing health information, particularly in electronic form, for public sector health programs and health services research purposes. Committee activities: Represent public health and the public sector in national privacy, security, and health care technology efforts Educate and communicate with public sector health agencies Provide products, tools and information to assist with public sector health privacy and security issues Scope of activities, deliverables, timetable

6 PART 1 PRISM Background and Overview

7 What is PRISM? A framework for understanding the basic legal privacy requirements for the use and disclosure of health information Created to help public sector health programs understand and apply state and federal privacy laws to their activities Scope of activities, deliverables, timetable

8 What is PRISM? An electronic, web-based ‘family of tools’
Set up as web tables to easily access and focus information relevant to a specific situation Multiple tables created to inform all the common public sector health functions

9 Purpose of PRISM Identify and define the baseline conditions and requirements that a government or other health entity must follow when using and disclosing specific types of health information Organize key privacy requirements related to uses and disclosures to provide direction to improve privacy policies, procedures, and compliance

10 Why was PRISM developed?
Address a gap in federal HIPAA privacy guidance HIPAA requirements do not always map to public sector health program activities Present King County case as handout

11 Why was PRISM developed?
Public sector health programs often combine multiple activities and functions, so rule application can be confusing Useful for most payer and provider entities, whether public or private

12 Who developed PRISM? Developed through the Public Health Data Standards Consortium (PHDSC) Funded by the National Center for Health Statistics (NCHS) and the DHHS Assistant Secretary for Planning and Evaluation (ASPE) Development oversight provided by the Consortium’s Privacy, Security, and Data Sharing Committee (PSDSC) Present King County case, short discussion of what was asked, what it covers

13 Who developed PRISM? (Cont’d)
Content developed by Consortium members: Walter Suarez, MD, PHDSC President Vicki Hohner, Co-Chair PSDE Committee Legal Reviewer: Joy Pritts, JD, Senior Policy Analyst and HIPAA Privacy expert, Georgetown University

14 PRISM: A Family of Privacy Tools
PRISM for Government Agencies Disclosures FROM PRISM for Public Health Authorities Disclosures TO PRISM LITE Summary of Disclosures FROM (2008) Summary of Disclosures TO Public Health (beyond 2008) Scope of activities, deliverables, timetable

15 PRISM: A Family of Privacy Tools
PRISM for Government Agencies (PRISM-GA) Completed in 2007 Focusing on Disclosures FROM Government Agencies Overall structure of Tool: Tool tables segregated by Agency’s Roles: Acting as Public Health Authority Acting as Health Care Providers Acting as Health Plan/Payer Within each Role, Tool tables structured by: Purpose of Disclosure (TPO, Public Health, Law Enforcement, etc) Type of Information Being Disclosed (vital statistics, immunizations, HIV, medical record information, etc) Scope of activities, deliverables, timetable

16 PRISM: A Family of Privacy Tools
PRISM for Public Health Authorities (PRISM-PH) Being completed in 2008 Focusing on Disclosures TO Public Health Overall structure of Tool Tables structured by: Purpose of Disclosures (Required by Law, Public Health, Health Oversight) Type of Information Being Disclosed (vital statistics, immunizations, HIV, medical record information, etc) Scope of activities, deliverables, timetable

17 PRISM: A Family of Privacy Tools
PRISM “LITE” Summary of the more comprehensive PRISM Tools: During 2008 – Start with a Summary of PRISM-GA (Disclosures FROM) Post-2008 – Incorporate a Summary of PRISM-PH (Disclosures TO) Summary to be presented in a ‘matrix’ format, with higher-level concepts, principles, and general rules Made available on the web Linking back to the more comprehensive source tables, for people to get more detailed information, as needed Scope of activities, deliverables, timetable

18 PRISM Family of Privacy Tools Project Component 4
-- Home Page -- Introduction to PRISM Under Development 2008 PRISM LITE -- High-level Review -- Hyperlinks to Tools Operational 2007 Under Development 2008 PRISM for Government Agencies ~ PRISM-GA ~ (Disclosures FROM Government Agencies) PRISM for Public Health Authorities ~ PRISM-PH ~ (Disclosures TO Public Health) Resource Materials (Definition of Terms, Sample Documents, Best Practice Guidelines, etc)

19 What Information is in PRISM Today?
PRISM for Government Agencies Uses the HIPAA privacy rule to set the basic framework Incorporates other federal privacy laws, such as 42 CFR pt. 2 and FERPA, where relevant References common provisions in state law Focuses on DISCLOSURES of health information done by public programs More detail on following slides

20 What Information is in PRISM Today?
Includes other laws or requirements that may have an impact Provides additional information on how the requirement may be interpreted or applied in public programs

21 How is PRISM structured?
Three separate tables for common public sector health-related functions: Public Health Authority Provider Payer Focus is on disclosures of specific types of identifiable health information Present King County case, short discussion of what was asked, what it covers

22 How is PRISM structured?
Tables organized by: Disclosure Purpose Treatment, Payment, Operations Required by law (public health, health oversight) Judicial/administrative proceedings, law enforcement

23 How is PRISM structured?
Tables organized by: Disclosure Purpose Type of Information HIV, immunizations, medical records Separate section for minors Separate table addressing who (as the individual) can control uses and disclosures and under what conditions

24 What information is in the PRISM tables?
Tables divided into cells that contain information about specific disclosures HIPAA citation Type of disclosure (required vs. permitted) Information related to the disclosure (conditions, special requirements)

25 What information is in the PRISM tables?
HIPAA requirements of the disclosure Whether consent/authorization is required Whether minimum necessary applies If an accounting of disclosure is required Additional general state law issues/ requirements that may apply

26 Where can I find PRISM? PHDSC Home Page: http://www.phdsc.org/
Present King County case, short discussion of what was asked, what it covers PHDSC Home Page: PRISM Web Page:

27 PRISM PART 2 PRISM in Action – Using the PRISM Toolkit to Address Privacy Issues

28 Introduction to PRISM Present King County case, short discussion of what was asked, what it covers Click on “Proceed to PRISM Privacy Tool” at bottom of this web page

29 Understanding and Using PRISM
Present King County case, short discussion of what was asked, what it covers Proceed down the page and click on “Government Entity Acting As….”

30 Understanding and Using PRISM
Present King County case, short discussion of what was asked, what it covers Proceed down the page and click on “Government Entity Acting As….”

31 Government Entity Acting As…
Present King County case, short discussion of what was asked, what it covers Proceed down the page and click on one of the Type of Disclosure tables

32 Government Entity Acting As…
Present King County case, short discussion of what was asked, what it covers

33 How do I use PRISM? Click on a specific functional table to access the actual table This takes you to the grid of disclosure purposes for that table by specific data type

34 How do I use PRISM? Click on a folder icon to access the content for a specific disclosure/data type This screen provides you with disclosure guidelines specific to this type of disclosure

35 Example #1 My program functions as a provider
I want to disclose information on children’s immunizations for public health purposes First click to access the Public Health Healthcare Provider table

36 Example #1 Then go to table 4, Disclosures Required by Law; for Public Health; etc., which covers disclosures for public health purposes

37 Example #1 Look along the top for the Public Health Activities column, then for Unemancipated minors information down the side, and click to open

38 Example #1 Using the information in the cell:
If an entity is performing public health activities as a provider, that disclosure is allowed without consent or authorization under HIPAA State laws define and control legal issues related to minors, but public health activities are normally not affected by these laws

39 Example #2 My program functions as a provider AND a public health authority I need to disclose HIV AIDS information for treatment purposes First click to access the Provider table

40 Example #2 Then go to table 2, Disclosures for Treatment, Payment, and Health Care Operations, which contains specific information for TPO purposes

41 Example #2 Look for the Treatment disclosures column, and the STD/AIDS row, and click on the cell to open

42 Example #2 Then go to the Government Acting as a Public Health Authority table

43 Example #2 Then go to table 2, Disclosures for Treatment, Payment, and Health Care Operations, which contains specific information for TPO purposes

44 Example #2 Look for the Treatment disclosures column, and the STD/AIDS row, and click on the cell to open

45 Example #2 7. Using the information in both cells:
If an entity is performing treatment activities as a provider, that disclosure is allowed without consent or authorization under HIPAA However, HIV information is often subject to stricter state protections, so state laws may require consent or authorization for some or all treatment activities If an entity is performing treatment activities as a public health authority, then that disclosure is not subject to the HIPAA requirements However, those treatment activities must be clearly identifiable as public health activities defined by law to qualify`

46 PRISM Privacy Definitions and Resources
`

47 PRISM Privacy Definitions and Resources
`

48 How can I provide feedback on PRISM?
Feedback/Comment form: Your comments are critical to future revisions and enhancements to this tool

49 How can I provide feedback on PRISM?

50 Upcoming PHDSC Privacy and Security Projects and Products
PRISM Upcoming PHDSC Privacy and Security Projects and Products

51 PHDSC Privacy and Security Projects and Products (2008)
PRISM II PRISM LITE® - Summary Principles of Privacy Practices for Public Health Professionals Disclosures TO Public Health Tool Interoperable Public Health Information Exchanges – A Review of State Privacy and Security Variations, Solutions and Implementation Plans Building upon the findings and reports from the HISPC Project Best Practices in Public Health Privacy and Security Review of a sample of States planning and implementing public health information exchanges

52 PHDSC Privacy and Security Projects and Products (2009)
Adding State-level Public Health Privacy and Security to PRISM Identification of a set of priority issues related to public health privacy and security Research and analysis on selected state-level laws related to the identified issues Documentation and reporting – incorporating state-level information into the PRISM Toolkit

53 For More Information About the Consortium and other Consortium products: Join and Participate in Consortium activities! Help produce more powerful and useful information tools

54 Contact Information Walter G. Suarez, MD President and CEO Institute for HIPAA/HIT Education and Research Phone: Vicki Hohner, MBA Senior Consultant Fox Systems, Inc. Phone:

Download ppt "The PRISM Privacy Tool: A User’s Guide"

Similar presentations

Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.

Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA)
Beth DeLair, JD, RN DeLair Consulting, LLC. Discussion Topics Background Existing WI Requirements State Efforts to Change Law Senate Bill 487 Changes.

Beth DeLair, JD, RN DeLair Consulting, LLC. Discussion Topics Background Existing WI Requirements State Efforts to Change Law Senate Bill 487 Changes.
August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.

August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.
Version 6.0 Approved by HIPAA Implementation Team April 14, 2003 1 HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.

CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.
Informed Consent and HIPAA Tim Noe Coordinating Center.

Informed Consent and HIPAA Tim Noe Coordinating Center.
2 H. Westley Clark, M.D., J.D., M.P.H., CAS, FASAM Director Center for Substance Abuse Treatment Substance Abuse Mental Health Services Administration.

2 H. Westley Clark, M.D., J.D., M.P.H., CAS, FASAM Director Center for Substance Abuse Treatment Substance Abuse Mental Health Services Administration.
1 Health Information Security and Privacy Collaboration (HISPC) National Conference HISPC Contributions to Massachusetts HIE Privacy and Security Progress:

1 Health Information Security and Privacy Collaboration (HISPC) National Conference HISPC Contributions to Massachusetts HIE Privacy and Security Progress:
Colorado Children and Youth Information Sharing (CCYIS) Educational Stability Summit April 10, 2015.

Colorado Children and Youth Information Sharing (CCYIS) Educational Stability Summit April 10, 2015.
Privacy, Confidentiality and Data Sharing Committee March 18, 2004.

Privacy, Confidentiality and Data Sharing Committee March 18, 2004.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.

Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
Public Health Data Standards Consortium

Public Health Data Standards Consortium
The PRISM Privacy Tool: A User’s Guide PHDSC Home Page  PRISM Web Page 

The PRISM Privacy Tool: A User’s Guide PHDSC Home Page  PRISM Web Page 
Utilizing the CMS Security Risk Assessment Tool Liz Hansen, PCMH CEC, ICD-10 PMC Special Consultant, GA-HITEC Member Manager, GaHIN 678.640.4752.

Utilizing the CMS Security Risk Assessment Tool Liz Hansen, PCMH CEC, ICD-10 PMC Special Consultant, GA-HITEC Member Manager, GaHIN
H I P A A T R A I N I N G Self Directed Module 7 Research Disclosures For Data Custodians START Click to begin…

H I P A A T R A I N I N G Self Directed Module 7 Research Disclosures For Data Custodians START Click to begin…
Organizational and Legal Issues -- Developing organization and governance models for HIE Day 2 -Track 5 – SECOND SESSION – PRIVACY AND SECURITY CONNECTING.

Organizational and Legal Issues -- Developing organization and governance models for HIE Day 2 -Track 5 – SECOND SESSION – PRIVACY AND SECURITY CONNECTING.

Similar presentations

Ads by Google