Presentation is loading. Please wait.

Presentation is loading. Please wait.

Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.

Published byNestor Goslee Modified over 9 years ago

Similar presentations

Presentation on theme: "Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health."— Presentation transcript:

1 Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health IT, HHS HIT Policy Committee Meeting September 18, 2009

2 2 HITPC 9/18/2009 Health IT Privacy and Security Success of health information technology and exchange rests on consumer and provider confidence in privacy and security protections Privacy and security are fundamental building blocks for Meaningful Use Leverage technology to improve protections

3 3 HITPC 9/18/2009 ARRA Builds On Privacy and Security Foundation Federal Privacy Laws State Privacy Laws Guidance Policy Development Efforts

4 ARRA Changes the Game

5 5 HITPC 9/18/2009 ARRA Privacy and Security Related Provisions Business Associates (OCR) –Certain HIPAA Privacy & Security Rule requirements apply to business associates (BAs) –Entity that provides data transmission of personal health information (PHI) to a covered entity (CE) or BA, and requires routine access, and vendor that provides PHR as part of an EHR, must have a BA agreement New breach notification requirements –For covered entities and business associates (OCR) –For vendors of PHRs and other non-covered entities (FTC) –Guidance on technologies/methodologies for rendering PHI unusable, unreadable, or indecipherable (ONC/OCR)

6 6 HITPC 9/18/2009 ARRA Privacy and Security Related Provisions Provides individual right to restrict disclosures to a health plan for payment or health operations or for items and services paid “out of pocket” Requires CE to limit use, disclosure and requests for PHI to limited data sets, as possible, or minimum necessary –Guidance on minimum necessary CEs and BAs to provide accounting of disclosures through EHRs for for treatment, payment, operations CE must provide copy of PHI in electronic format to individual or other designees if CE has an EHR

7 7 HITPC 9/18/2009 ARRA Privacy and Security Related Provisions Prohibits CE/BA from remuneration for PHI without authorization (with some exceptions for exchanges) Limits other CE/BA communication about products or services when entity received remuneration Regulations to require clear opt-out for CE fundraising communication with individual Study and recommendations to Congress for privacy and security (P&S) requirements for non-CE PHR vendors (ONC/FTC)

8 8 HITPC 9/18/2009 ARRA Privacy and Security Related Provisions Enforcement: –Extends HIPAA civil and criminal penalties to BAs –Changes civil penalty structure –Provides State Attorneys General (AGs) with authority to enforce HIPAA –Provides that employees/individuals can be criminally liable –Requires periodic audits to ensure compliance

9 9 HITPC 9/18/2009 ARRA Privacy and Security Related Provisions Studies and reports: –Annual report on compliance with HIPAA Rules (OCR) –Report on protections for non-HIPAA CEs (ONC) –Report on best practices related to the disclosure among health care providers of PHI for treatment (Comptroller General) –Guidance on implementation of de-identification provisions (OCR/ONC) –Study definition of “psychotherapy notes” (SAMHSA) Education –Regional privacy advisors to provide education (OCR) –National outreach and education (OCR/ONC)

10 10 HITPC 9/18/2009 HHS Regulations to Implement ARRA Privacy Provisions Breach Notification –RFI in April 2009 –IFR published in August 2009 –Effective September 23, 2009 –Comment period ends October 23, 2009 Enforcement HIPAA Modifications Effective Dates vary: –February 2010 for most provisions –Enforcement February 2009

11 11 HITPC 9/18/2009 ARRA P&S Topics for HITPC Technologies that protect the privacy of health information and promote security in an EHR, including: –Segmentation and protection from disclosure of specific and sensitive IIHI with the goal of minimizing the reluctance of patients to seek care –Use and disclosure of limited data sets Infrastructure that allows for accurate exchange Technologies for an accounting of TPO disclosures Technologies that allow IIHI to be rendered unusable, unreadable, or indecipherable to unauthorized individuals Methods to facilitate security access to PHI by an individual or person assisting in care

12 12 HITPC 9/18/2009 Role of Privacy and Security Standards Enablers to protect information Must be part of a comprehensive approach

13 13 HITPC 9/18/2009 HIT Standards Committee: Privacy and Security Recommendations Product Standards – domains 1.Access control 2.Encryption and decryption 3.Accounting and audit 4.Authentication 5.Consent management 6.Consumer EHR 7.HIPAA de-identification 8.Data integrity 9.Transmission Security Infrastructure Standards – areas 1.Consistent time 2.Document exchange 3.Service access 4.Domain name service 5.Directory access

14 P&S Policy Input and Guidance Beyond ARRA Reports on State laws Privacy white papers Further development of Nationwide Privacy and Security Framework 14 HITPC 9/18/2009

15 Today’s Hearing

Download ppt "Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health."

Similar presentations

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.
“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.

“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.
Headaches and Pitfalls in Business Associate Contract Management © 2013 Christiansen IT Law American Bar Association Health Law Section eHealth, Privacy.

Headaches and Pitfalls in Business Associate Contract Management © 2013 Christiansen IT Law American Bar Association Health Law Section eHealth, Privacy.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 Navigating the Privacy and Security Issues: HITECH Overview Rebecca L. Williams, RN, JD Partner Co-chair of HIT/HIPAA Practice Davis Wright Tremaine.

1 Navigating the Privacy and Security Issues: HITECH Overview Rebecca L. Williams, RN, JD Partner Co-chair of HIT/HIPAA Practice Davis Wright Tremaine.
HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.
Thank You For Your Participation Kansas City   Omaha  Overland Park St. Louis  Jefferson City www.spencerfane.com www.UBAbenefits.com This Employer.

Thank You For Your Participation Kansas City   Omaha  Overland Park St. Louis  Jefferson City This Employer.
Davis Wright Tremaine LLP Non-HIPAA Governmental Regulation of Healthcare Privacy and Security Sixteenth HIPAA Summit/The Privacy Symposium August 21,

Davis Wright Tremaine LLP Non-HIPAA Governmental Regulation of Healthcare Privacy and Security Sixteenth HIPAA Summit/The Privacy Symposium August 21,
HIPAA Update: So what’s new with HIPAA?? And, what does it have to do with you? Ellen Cannon, WV DHHR HIPAA Privacy Officer WV Attorney General’s Office.

HIPAA Update: So what’s new with HIPAA?? And, what does it have to do with you? Ellen Cannon, WV DHHR HIPAA Privacy Officer WV Attorney General’s Office.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.

NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.
To improve the quality and efficiency of health care for all stakeholders in the Santa Cruz community. To deliver technology assistance, guidance and.

To improve the quality and efficiency of health care for all stakeholders in the Santa Cruz community. To deliver technology assistance, guidance and.
Health Insurance Portability & Accountability Act (HIPAA)

Health Insurance Portability & Accountability Act (HIPAA)
1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.

1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.

Similar presentations

Ads by Google