Download presentation
Presentation is loading. Please wait.
Published byAlisha Barrett Modified over 9 years ago
1
Health Big Data Discussion Privacy and Security Workgroup Deven McGraw, Chair Stanley Crosley, Co-chair June 8, 2015
2
Agenda Health Big Data Discussion – Review Straw Recommendations 1
3
PSWG Big Data Work plan 2 MeetingsTask May 18, 2015 Recap: Presentation to the HITPC Review draft big data workplan Review draft big data report June 8, 2015 Begin review of straw recommendations June 22, 2015 Continue review of straw recommendations Finalize recommendations HITPC Meeting July 14, 2015 Goal: Present Health Big Data Recommendations
4
Section 6 – Draft Solutions and Recommendations 3 § 6.1 - Addressing Harm, Including Discriminatory Practices Call on effort that explores the following: Encourage ONC and other federal stakeholders to promote more public inquiry to fully understand the scope of the problem Call on policymakers to continue to monitor the use of health data to identify gaps in law and regulation; identify areas for further inquiry Improve trust through algorithmic transparency; Consider applying the FCRA approaches to promote trust algorithmic transparency
5
Section 6 – Draft Solutions and Recommendations § 6.2 – Address Uneven Policy Environment Leverage most recent recommendations by the PSWG on better educating consumers about the privacy and security laws and uses of data both within and outside of the HIPAA environment* Congressional action: FIPPs-based protections for data outside of HIPAA – For now, voluntarily adopted codes of conduct can be enforced by FTC – HHS should partner with other agencies to help develop “rules of the road” = build trust – Codes should emphasize transparency, individual access, accountability, and use limitations Re-evaluate existing rules: – Rules governing data use that contribute to a learning health system and re- use for generalizable knowledge – Rules governing research, making it more efficient (risk-based, avoid disincentives to research uses, use of data enclaves or entities that follow HIPAA and/or FIPPs)** Strengthen existing rules on patient access to data (both within HIPAA and as part of any legislation covering the non-HIPAA space) *May 22, 2015 HITPC meeting. http://www.healthit.gov/facas/sites/faca/files/HITPC_PSWG_Meeting_Slides_2015-05-22_Final.pdfhttp://www.healthit.gov/facas/sites/faca/files/HITPC_PSWG_Meeting_Slides_2015-05-22_Final.pdf **October 18, 2011 HITPC Transmittal Letter. http://www.healthit.gov/sites/default/files/pdf/HITPC_Privacy_and_Security_Transmittal_Letter_10_18_11.pdfhttp://www.healthit.gov/sites/default/files/pdf/HITPC_Privacy_and_Security_Transmittal_Letter_10_18_11.pdf
6
Section 6 – Draft Solutions and Recommendations 5 § 6.3 – Protect Health Information by Improving Trust in De-Identification Methodologies and Reducing the Risk of Re-Identification Call on OCR to be a better “steward” of HIPAA de-identification standards and conduct. – Conduct ongoing review of the methodologies and policies – Seek assistance from third-party experts, such as NIST Consider the following recommendations from the hearings: – Limit use of safe harbor (data = random sample of a population) – Re-evaluate de-identification status of a dataset when context changes – Develop programs to objectively evaluate statistical methodologies; consider granting safe harbor status to methodologies proven to be effective in particular context – Call on Congress to address accountability for re-identification Consider the risk-based de-identification requirements when risk is low (e.g., data enclaves or data repositories with HIPAA security rules)
7
Section 6 – Draft Solutions and Recommendations 6 § 6.4 – Supporting Secure Use of Data for Learning Call on policymakers to enact comprehensive legislation that includes security requirements for non-HIPAA covered entities Call on policy makers to provide incentives for entities to use privacy- enhancing technologies and architectures (e.g., secure data enclaves, secure distributed data systems) Re-endorse prior Tiger Team recommendations* – Security policy for entities collecting, storing and sharing electronic health information needs to be responsive to innovation and changes in the marketplace – Security policy needs to be flexible and scalable – Providers need education and guidance on how to comply with security policy requirements – HHS should have a consistent and dynamic process for updating security policies and rapid dissemination of new rules and guidance to all affected * 12/14/2011 HITPC Transmittal Letter. http://www.healthit.gov/sites/faca/files/hitpc_transmit_ttdec2011.pdfhttp://www.healthit.gov/sites/faca/files/hitpc_transmit_ttdec2011.pdf
8
7
9
Backup Slides 8
10
Big Data Report 9 Draft Table of Contents 1.Executive Summary 2.Background 3.Scope 4.Expert Testimony 5.Detailed Problem Statements 6.Solutions and Recommendations 7.Bibliography
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.