Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 HIT Policy Committee HIT Standards Committee Privacy and Security Workgroup: Status Report Dixie Baker, SAIC July 16, 2009.

Published byMartin Lyons Modified over 9 years ago

Similar presentations

Presentation on theme: "1 HIT Policy Committee HIT Standards Committee Privacy and Security Workgroup: Status Report Dixie Baker, SAIC July 16, 2009."— Presentation transcript:

1 1 HIT Policy Committee HIT Standards Committee Privacy and Security Workgroup: Status Report Dixie Baker, SAIC July 16, 2009

2 2 EHR Adoption Reimbursement Requirements In order to get reimbursed for adopting EHR, an eligible provider must meet two requirements: 1.Acquire a certified EHR product or service 2.Demonstrate that he/she is using that product/service “meaningfully” The Standards Committee needs to recommend both: 1.Criteria for certifying products 2.Criteria for demonstrating that an applicant is using that product meaningfully

3 3 EHR Adoption Reimbursement Requirements For privacy and security, certification that a defined function or service has been implemented in a product is not sufficient to demonstrate “meaningful use” (or even “use”) of that function or service The Privacy and Security Working Group has adopted an approach that addresses both the certification of products and the demonstration that a user is using the certified product “meaningfully”

4 4 “ARRA 8” Mapping Approach Referenced Standards Referenced Standards Referenced Standards ARRA Priority Areas of Focus 1… 2… 3… … 8 … Privacy & Security Services 1… 2… 3… … CCHIT Certification Criteria CCHIT Certification Criteria HITSP Constructs Mapping Gaps Adoption Readiness Product Certification P&S Services Cert Criteria Standards Meets? 1… 2… 3… … …

5 5 “ARRA 8” Mapping Approach … … Meets? Required to Use? … Referenced Standards Referenced Standards Referenced Standards ARRA Priority Areas of Focus 1… 2… 3… … 8 … Privacy & Security Services 1… 2… 3… … CCHIT Certification Criteria CCHIT Certification Criteria HITSP Constructs Mapping P&S Services Cert Criteria Standards Meets? 1… 2… 3… … … Product Certification Gaps Adoption Readiness Required Services are Configured Secure IT Infrastructure Secure Operations Current Risk Assessment Current Contingency Plan Other TBD “Meaningful Use” Demonstration

6 6 “ARRA 8” Derived Product Requirements (DRAFT) ARRA Priority Areas of FocusDerived Privacy & Security Services 1. Technologies that protect the privacy of health information and promote security in a qualified electronic health record, including for the segmentation and protection from disclosure of specific and sensitive individually identifiable health information Identity management User/entity authentication Access control (identity- and/or role-based for 2011; sensitivity-label based for 2015) Consent management (2015?) Encryption for transmission 2. NHIN[Request meeting with Policy Committee’s HIE Workgroup] 3. EHR Certification(all) 4. Technologies that as a part of a qualified electronic health record allow for an accounting of disclosures made by a covered entity Auditing Consistent time Inter-enterprise traceability (2013 or later) Non-repudiation

7 7 “ARRA 8” Derived Product Requirements (DRAFT) ARRA Priority Areas of FocusDerived Privacy & Security Services 5. The use of certified electronic health records to improve the quality of health care Document integrity protection Transmission integrity protection Non-repudiation Service reliability 6. Technologies that allow individually identifiable health information to be rendered unusable, unreadable, or indecipherable to unauthorized individuals Encryption Anonymization Pseudonymization Limited data set 7. Demographic DataN/A 8. Special populationsN/A

8 8 Concerns re Draft “Meaningful Use” Goals, Objectives, & Measures (provided to Policy Committee) Focused exclusively on privacy and confidentiality – need to include security protections essential for safe, quality care –Data integrity protection –Availability of required services and information Question “HIPAA compliance” as objective and measure for “meaningful use” – when in fact it is required by law –Excluding entities “under investigation” for HIPAA violations presumes guilt Need to address public health Need to accommodate small practices as well as large hospitals and integrated delivery networks

Download ppt "1 HIT Policy Committee HIT Standards Committee Privacy and Security Workgroup: Status Report Dixie Baker, SAIC July 16, 2009."

Similar presentations

1 HIT Standards Committee Privacy and Security Workgroup: Reformatted Standards Recommendations & Implementation Guidance Dixie Baker, SAIC Steven Findlay,

1 HIT Standards Committee Privacy and Security Workgroup: Reformatted Standards Recommendations & Implementation Guidance Dixie Baker, SAIC Steven Findlay,
NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.

NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.

Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Privacy, Security, Confidentiality, and Legal Issues

Privacy, Security, Confidentiality, and Legal Issues
EHR Privacy & Security. Missouri’s Federally-designated Regional Extension Center  University of Missouri:  Department of Health Management and Informatics.

EHR Privacy & Security. Missouri’s Federally-designated Regional Extension Center  University of Missouri:  Department of Health Management and Informatics.
Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.

Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.

Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.
1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.

1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.
HITSP – enabling healthcare interoperability 1 enabling healthcare interoperability 1 Standards Harmonization HITSP’s efforts to address HIT-related provisions.

HITSP – enabling healthcare interoperability 1 enabling healthcare interoperability 1 Standards Harmonization HITSP’s efforts to address HIT-related provisions.
1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union July 21, 2009.

1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union July 21, 2009.
HITSP – enabling healthcare interoperability 1 enabling healthcare interoperability 1 Standards Harmonization HITSP’s efforts to address HIT-related provisions.

HITSP – enabling healthcare interoperability 1 enabling healthcare interoperability 1 Standards Harmonization HITSP’s efforts to address HIT-related provisions.
User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.

User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.
August 12, 20151 Meaningful Use *** UDOH Informatics Brown Bag Robert T Rolfs, MD, MPH.

August 12, Meaningful Use *** UDOH Informatics Brown Bag Robert T Rolfs, MD, MPH.
Navigating Privacy and Security Issues for HIE: A Consumer Perspective Deven McGraw Chief Operating Officer National Partnership for Women & Families www.nationalpartnership.org.

Navigating Privacy and Security Issues for HIE: A Consumer Perspective Deven McGraw Chief Operating Officer National Partnership for Women & Families
Lecture 14 Policy, Legal, and Regulatory Issues in HIS (Chapters 18,19,20)

Lecture 14 Policy, Legal, and Regulatory Issues in HIS (Chapters 18,19,20)
Electronic Health Records: A Teaching Tool Nancy Meehan, PhD, RN Roy Pargas, PhD Loren Klingman & Mandy Zint Teaching with Technology Symposium December.

Electronic Health Records: A Teaching Tool Nancy Meehan, PhD, RN Roy Pargas, PhD Loren Klingman & Mandy Zint Teaching with Technology Symposium December.
HCCA HIPAA Readiness Survey Results Jody Noon Principal Deloitte & Touche Portland, OR November, 2002 John Steiner Esq. Chief Compliance Officer Cleveland.

HCCA HIPAA Readiness Survey Results Jody Noon Principal Deloitte & Touche Portland, OR November, 2002 John Steiner Esq. Chief Compliance Officer Cleveland.
HIT Standards Committee Privacy and Security Workgroup: Update Dixie Baker Dixie Baker, SAIC Steve Findlay Steve Findlay, Consumers Union December 18,

HIT Standards Committee Privacy and Security Workgroup: Update Dixie Baker Dixie Baker, SAIC Steve Findlay Steve Findlay, Consumers Union December 18,

Similar presentations

Ads by Google