Presentation is loading. Please wait.

Presentation is loading. Please wait.

Building Tools for Trust for Nationwide Health Information Exchange Copyright 2009. All Rights Reserved. 1.

Published byLetitia Welch Modified over 8 years ago

Similar presentations

Presentation on theme: "Building Tools for Trust for Nationwide Health Information Exchange Copyright 2009. All Rights Reserved. 1."— Presentation transcript:

1 Building Tools for Trust for Nationwide Health Information Exchange Copyright 2009. All Rights Reserved. 1

2 OFFICE OF THE National Coordinator PANEL Ashley Corbin, CMS Steve Gravely, Troutman Sanders Stephania Putt, VA Mariann Yeager, ONC Copyright 2009. All Rights Reserved. 2

3 Discussion Topics Trust Considerations Case Study: Nationwide Health Information Network Trust Perspectives Copyright 2009. All Rights Reserved. 3

4 Building Tools for Trust for Nationwide Health Information Exchange Trust Considerations Copyright 2009. All Rights Reserved. 4

5 Tools for Trust Needed to Support Nationwide Health Information Exchange Built upon a foundation of policies Implemented in legal agreements Architected to support trust technically Validated and tested Controlled access among trusted participants Accountability through oversight Copyright 2009. All Rights Reserved. 5

6 Considerations for Trust 6 Copyright 2009. All Rights Reserved. Recognize diverse range of organizational structures Establish common agreement on essential policies Balance complex web of various federal, state and local laws and regulations Define rules of engagement for exchanging information on wide-scale basis Determine accountability measures and roles and responsibilities –Breaches –Disputes –Oversight Identify approaches that work in current environment with flexibility to adapt

7 Building Tools for Trust for Nationwide Health Information Exchange Case Study: Nationwide Health Information Network (NHIN) Copyright 2009. All Rights Reserved. 7

8 What is the NHIN A set of protocols and standards that run on existing internet infrastructure and provides the capability to connect diverse entities needing to exchange health information. Participants are entities that facilitate information exchange with a broad set of users, systems, geography or community Enables valid, trusted entities to participate Membership required: Tested for conformance and interoperability Signed trust agreement that allocates responsibilities and accountability to protect information exchanged Digital credentials issued to permit only approved “participants” to exchange data with other members Copyright 2009. All Rights Reserved. 8

9 Federal Entity Health Community Regional Health Exchange PHR Pharmacy Network Integrated Delivery Network NHIN Network Gateway NHIN Architecture Participants support a gateway that conforms to NHIN requirements and enables its connected users/systems/networks/communities to exchange information among other NHIN participants. Participants are registered in a “directory” so other members of the NHIN know the types of messages supported and where to direct requests Copyright 2009. All Rights Reserved. 9

10 NHIN Cooperative Participants Private HIEsState-Level HIEs Provider Organizations / IDNs Federal Entities CareSpark Delaware Health Information Network Cleveland ClinicCDC Community Health Information Collaborative New York eHealth CollaborativeKaiserCMS HealthLINC (Bloomington) North Carolina Health Care Information and Communications Alliance (NCHICA) DoD HealthBridge IHS Indiana (Regenstrief Institute) West Virginia Health Information Network (WVHIN) NCI Long Beach Network for Health NDMS Lovelace Clinic Foundation (LCF) SAMHSA MedVirginia SSA Wright State University VA Copyright 2009. All Rights Reserved. 10

11 Limited Production Controlled rollout of production exchange of identifiable health information Initial NHIN production participants Others joining … 11 Copyright 2009. All Rights Reserved.

12 What Does the NHIN Enable? More efficient and timely availability of health records for Social Security disability benefits determination Began Q1 2009 Biosurveillance reporting between state departments of health and CDC Q4 2009 Exchange of summary patient records for continuity of care Q4 2009 Other functionality will be prioritized by NHIN interim governance process Copyright 2009. All Rights Reserved. 12

13 NHIN Trust Fabric Built upon a foundation of policies Implemented in legal agreement, called Data Use and Reciprocal Support Agreement (DURSA) Architected to support trust technically Validated and tested as a condition of membership Controlled access among trusted participants Accountability through interim governance mechanisms 13 Copyright 2009. All Rights Reserved.

14 Initial Set of NHIN Tools for Trust Articulated expectations for privacy and security –White paper –Operating policies and procedures –Participant security obligations Data Use and Reciprocal Support Agreement (DURSA) Technical services and Data Content - Specification Factory Management of digital certificates and service registry Validation and testing –Testing Team – develop testing artifacts –NIST – develop and support testing infrastructure Interim Governance Process –Addressed through NHIN Technical Board, Coordinating Committee and Communications groups –ONC as the convener and facilitator Copyright 2009. All Rights Reserved. 14

15 Building Tools for Trust for Nationwide Health Information Exchange NHIN Trust Agreement Copyright 2009. All Rights Reserved. 15

16 Data Use and Reciprocal Support Agreement (DURSA) Developed as part of ongoing NHIN activities –Test Data DURSA – September 2008 –Initial Draft Production DURSA – December 2008 –Draft Production DURSA – limited production – June 2009 Large, multi-stakeholder team assembled –Contracts –Grants –Federal Participants Copyright 2009. All Rights Reserved. 16

17 DURSA Team Representation Agreement developed by NHIN DURSA Team Consensus process with legal, privacy, security and program representatives from diverse group: Private entities State entities Federal entities Federal participants actively engaged in development Coordinated with and obtained input from: –NHIN Technical Teams (specifications and architecture) –ONC Office of Policy and Research –HHS, Office of the General Counsel –HHS, Office for Civil Rights 17 Copyright 2009. All Rights Reserved.

18 DURSA Multiparty agreement Assumes participants in production Establishes authority for interim governance –NHIN Coordinating Committee –NHIN Technical Board Establishes accountability –Participant breach notification –Mandatory non-binding dispute resolution –Allocation of liability risk Copyright 2009. All Rights Reserved. 18

19 NHIN DURSA Status Test Data DURSA Applies to “test data” (not PHI) for Trial Implementations Executed by all participants in Trial Implementations in September 2008 Production DURSA Applies to exchange of PHI in limited production Undergoing Federal clearance Comments due mid-July 2009 Revised executable DURSA - September 2009 2nd round of Federal clearance (if needed) - October / November 2009 Copyright 2009. All Rights Reserved. 19

20 Building Tools for Trust for Nationwide Health Information Exchange Panel Discussion: NHIN Trust Perspectives Copyright 2009. All Rights Reserved. 20

21 Applicable Law The DURSA reaffirms each Participant’s obligation to comply with “Applicable Law.” As defined in the DURSA, “Applicable Law” is the law of the jurisdiction in which the Participant operates. –For non-Federal Participants, this means the law in the state(s) in which the Participant operates and any applicable Federal law. –For Federal Participants, this means applicable Federal law. 21 Copyright 2009. All Rights Reserved.

22 Privacy and Security Obligations To the extent that each Participant has existing privacy and security obligations under applicable law (e.g. HIPAA or other state or federal privacy and security statutes and regulations), the Participant is required to continue complying with these obligations. Participants, which are neither HIPAA covered entities, HIPAA business associates nor governmental agencies, are obligated to comply with specified HIPAA Privacy and Security provisions as a contractual standard of performance. Copyright 2009. All Rights Reserved. 22

23 Requests for Data Based on Permitted Purposes Participant’s end users may only request data through the NHIN for “Permitted Purposes,” which include treatment, payment, limited health care operations with respect to the patient that is the subject of the data request, specific public health activities, quality reporting for “meaningful use” and disclosures based on an authorization from the individual. Copyright 2009. All Rights Reserved. 23

24 Duty to Respond Participants that allow their respective end users to seek data for treatment purposes have a duty to respond to requests for data for treatment purposes. This duty to respond means that if actual data is not sent in response, the Participant will at a minimum send a standardized response to the requesting Participant. Participants are permitted, but not required, to respond to all other (non- treatment) requests. The DURSA does not require a Participant to disclose data when such a disclosure would conflict with Applicable Law. Copyright 2009. All Rights Reserved. 24

25 Future Use of Data Received Through the NHIN Once the Participant or Participant’s end user receives data from a responding Participant (i.e. a copy of the responding Participant’s records), the recipient may incorporate that data into its records and retain that information in accordance with the recipient’s record retention policies and procedures. The recipient can re-use and re-disclose that data in accordance with all applicable law and the agreements between a Participant and its end users. Copyright 2009. All Rights Reserved. 25

26 NHIN Participant Obligations Each Participant can apply its own local access policies before requesting data from other Participants or releasing data to other Participants. Responding Participants are responsible meeting all legal requirements before disclosing the data as required by their applicable law, including obtaining an individual’s consent or authorization for treatment purposes. HIPAA Privacy and Security Rules are minimum requirements. When a request is based on a purpose for which authorization is required under HIPAA (e.g. for SSA benefits determination), the requesting Participant must send a copy of the authorization with the request for data. Copyright 2009. All Rights Reserved. 26

27 Copyright 2009. All Rights Reserved. 27 CONNECT Seminar Presentations are Available for Download Online at http://www.connectopensource.org For more information: http://www.hhs.gov/healthit/healthnetwork/resources http://www.hhs.gov/healthit/healthnetwork/resources

Download ppt "Building Tools for Trust for Nationwide Health Information Exchange Copyright 2009. All Rights Reserved. 1."

Similar presentations

National HIT Agenda and HIE - 2007 John W. Loonsk, M.D. Director of Interoperability and Standards Office of the National Coordinator Department of Health.

National HIT Agenda and HIE John W. Loonsk, M.D. Director of Interoperability and Standards Office of the National Coordinator Department of Health.
Health Information Technology and Privacy: Is There a Path to Consensus? February 29, 2008 Jodi. G. Daniel, J.D., M.P.H. Director, Office of Policy and.

Health Information Technology and Privacy: Is There a Path to Consensus? February 29, 2008 Jodi. G. Daniel, J.D., M.P.H. Director, Office of Policy and.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)

Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.

Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Texas Approach to Supporting Statewide Health Information Exchange January 2013.

Texas Approach to Supporting Statewide Health Information Exchange January 2013.
NHIN Specifications Richard Kernan, NHIN Specification Lead (Contractor), Office of the National Coordinator for Health IT Karen Witting, Contractor to.

NHIN Specifications Richard Kernan, NHIN Specification Lead (Contractor), Office of the National Coordinator for Health IT Karen Witting, Contractor to.
© Copyright 2011, Alembic Foundation. All Rights Reserved. Open Architectures for Health Open Source Conference February 11, 2011

© Copyright 2011, Alembic Foundation. All Rights Reserved. Open Architectures for Health Open Source Conference February 11, 2011
A Primer on Healthcare Information Exchange John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.

A Primer on Healthcare Information Exchange John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.
Connecting Health and Care for the Nation: A Shared Nationwide Interoperability Roadmap – DRAFT Version 1.0 Joint FACA Meeting Chartese February 10, 2015.

Connecting Health and Care for the Nation: A Shared Nationwide Interoperability Roadmap – DRAFT Version 1.0 Joint FACA Meeting Chartese February 10, 2015.
Data Use and Reciprocal Support Agreement (DURSA) Briefing

Data Use and Reciprocal Support Agreement (DURSA) Briefing
Understanding and Leveraging MU2 Optional Transports Paul M. Tuten, PhD Senior Consultant, ONC Leader, Implementation Geographies Workgroup, Direct Project.

Understanding and Leveraging MU2 Optional Transports Paul M. Tuten, PhD Senior Consultant, ONC Leader, Implementation Geographies Workgroup, Direct Project.
Minnesota Law and Health Information Exchange Oversight Activities James I. Golden, PhD State Government Health IT Coordinator Director, Health Policy.

Minnesota Law and Health Information Exchange Oversight Activities James I. Golden, PhD State Government Health IT Coordinator Director, Health Policy.
Security and Privacy Requirements to Support the Exchange of Health Information June 30, 2009 Copyright 2009. All Rights Reserved.

Security and Privacy Requirements to Support the Exchange of Health Information June 30, 2009 Copyright All Rights Reserved.

Similar presentations

Ads by Google