Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security and Privacy in Electronic Health Records Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Hospital Wireless Conference.

Similar presentations


Presentation on theme: "Security and Privacy in Electronic Health Records Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Hospital Wireless Conference."— Presentation transcript:

1 Security and Privacy in Electronic Health Records Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Hospital Wireless Conference July 25, 2005

2 The Schedule Shift Today Privacy meeting today with Homeland Security Secretary Chertoff Privacy meeting today with Homeland Security Secretary Chertoff Planned privacy meeting with HHS Secretary Leavitt Planned privacy meeting with HHS Secretary Leavitt Privacy and security as strategic issues for top leadership Privacy and security as strategic issues for top leadership

3 Our Puzzle for Today Health IT Must Improve Considerably Health IT Must Improve Considerably Often a decade or more behind other sectors Often a decade or more behind other sectors Manila folders behind the nurses station Manila folders behind the nurses station Other sectors – banks, travel, retail?Other sectors – banks, travel, retail? Inconceivable in todays marketInconceivable in todays market Perhaps a federal law – manila folders banned from health care providers? Perhaps a federal law – manila folders banned from health care providers? The Gingrich version: paper kills The Gingrich version: paper kills

4 Our Puzzle Health IT is HARD to Improve Health IT is HARD to Improve Reimbursement reasons Reimbursement reasons Medicare, insurers usually do not pay more for good ITMedicare, insurers usually do not pay more for good IT Customers dont discipline providers on health IT, the way they would banks or travel providersCustomers dont discipline providers on health IT, the way they would banks or travel providers Quality-of-care ROI is usually easier to show than financial ROI for health ITQuality-of-care ROI is usually easier to show than financial ROI for health IT

5 Our Puzzle Health IT is HARD to Improve Health IT is HARD to Improve Privacy and security reasons Privacy and security reasons Recent Westin/AHRQ poll Recent Westin/AHRQ poll More respondents worried about privacy & security than favored new use of electronic health recordsMore respondents worried about privacy & security than favored new use of electronic health records Polls and focus groups Polls and focus groups Risks are top-of-mind to consumersRisks are top-of-mind to consumers Benefits are much less evidentBenefits are much less evident

6 Overview HIPAA and my background HIPAA and my background Electronic Medical Records, Connecting for Health & David Brailer Electronic Medical Records, Connecting for Health & David Brailer National health IDs vs. a linking approach National health IDs vs. a linking approach IT progress together with security and privacy IT progress together with security and privacy

7 I. HIPAA and Health IT HIPAA statute in 1996 HIPAA statute in 1996 The political engine was transactions The political engine was transactions Early 1990s and no agreement on standards Early 1990s and no agreement on standards One HIPAA client paid in > 2000 formats One HIPAA client paid in > 2000 formats Statute said standards for electronic payments Statute said standards for electronic payments My sense – improvement, but harder to get standard implementation than was hoped My sense – improvement, but harder to get standard implementation than was hoped

8 HIPAA and Health IT Privacy and security came with new health IT Privacy and security came with new health IT Political realization that patient records would be electronic for payment purposes Political realization that patient records would be electronic for payment purposes HIPAA statute said build in privacy and security at the same time as ramp up the level of electronic payments HIPAA statute said build in privacy and security at the same time as ramp up the level of electronic payments That makes sense – upgrade (for transactions) easiest time to upgrade for security and privacy That makes sense – upgrade (for transactions) easiest time to upgrade for security and privacy

9 HIPAA Privacy Congress gave itself until summer, 1999 to write a medical privacy statute Congress gave itself until summer, 1999 to write a medical privacy statute When it couldnt, Administration required to issue a privacy rule When it couldnt, Administration required to issue a privacy rule WH Coordinator for Oct. 99 proposed rule WH Coordinator for Oct. 99 proposed rule 53,000 public comments 53,000 public comments Final privacy rule Dec Final privacy rule Dec. 2000

10 HIPAA Privacy After 2000 After Jan. 2001, political effort to cancel HIPAA privacy After Jan. 2001, political effort to cancel HIPAA privacy President Bush overruled his advisors, and kept it President Bush overruled his advisors, and kept it 2002 final privacy rule mostly the same as 2000 privacy rule 2002 final privacy rule mostly the same as 2000 privacy rule HIPAA security was delayed, but now in place HIPAA security was delayed, but now in place

11 Looking Back on HIPAA Much of it good practices that had not necessarily been built in previously Much of it good practices that had not necessarily been built in previously Some was bureaucratic overkill Some was bureaucratic overkill One criticism since 2001 – much less outreach and guidance than planned One criticism since 2001 – much less outreach and guidance than planned Another criticism – no enforcement yet, with risk that those who comply will lose faith in the system Another criticism – no enforcement yet, with risk that those who comply will lose faith in the system

12 II. EMRs, Markle & Brailer Next, beyond electronic transactions to electronic medical records (EMRs) Next, beyond electronic transactions to electronic medical records (EMRs) A great resource – Markle Foundations Connecting for Health Project A great resource – Markle Foundations Connecting for Health Project Roadmap & other docs Roadmap & other docs Ive been involved in 3 working groups of it Ive been involved in 3 working groups of it Currently, my focus is on authentication for patients and system users Currently, my focus is on authentication for patients and system users

13 Markle & HHS Spring, 2004 – Pres. Bush announces Dr. David Brailer as Health IT Czar Spring, 2004 – Pres. Bush announces Dr. David Brailer as Health IT Czar Brailer had been chair of a Markle committee Brailer had been chair of a Markle committee Great background on health care economics, health IT Great background on health care economics, health IT New HHS Sec. Leavitt was on Markle committee, is making health IT one of his signature issues New HHS Sec. Leavitt was on Markle committee, is making health IT one of his signature issues

14 Where We Are Today Markle and numerous stakeholders Markle and numerous stakeholders HHS – Leavitt & Brailer HHS – Leavitt & Brailer Congress – Newt and Hillary become best friends Congress – Newt and Hillary become best friends BUT, some health care stakeholders are unconvinced: BUT, some health care stakeholders are unconvinced: Doctors, reimbursement & data input challenges Doctors, reimbursement & data input challenges Consumers and fears on privacy/security Consumers and fears on privacy/security Interconnection challenges and fear that early adopters wont get paid for their efforts Interconnection challenges and fear that early adopters wont get paid for their efforts

15 III. Health ID v. Linking A key issue in EMRs is whether to have a national health ID A key issue in EMRs is whether to have a national health ID Most doctors and techies initially assume that it is appropriate and necessary Most doctors and techies initially assume that it is appropriate and necessary My argument here is that it is a bad idea and that a linking or record locator service approach is feasible and better policy My argument here is that it is a bad idea and that a linking or record locator service approach is feasible and better policy

16 National Health IDs The attraction is the idea that records from home, work, and travel all can be matched by tagging them with a unique identifier for each patient The attraction is the idea that records from home, work, and travel all can be matched by tagging them with a unique identifier for each patient Most providers use a unique identifier, such as SSN, in their own system – why not use it across systems? Most providers use a unique identifier, such as SSN, in their own system – why not use it across systems? Most plans have envisioned national ID and a central EMR repository Most plans have envisioned national ID and a central EMR repository

17 The Politics of Health IDs Unique patient IDs were actually required in the 1996 HIPAA statute Unique patient IDs were actually required in the 1996 HIPAA statute Supported by many vendors and system owners Supported by many vendors and system owners By 1998, Clinton Administration said no health IDs unless strong privacy & security in place By 1998, Clinton Administration said no health IDs unless strong privacy & security in place Bush Administration has confirmed that there will be no such IDs for patients Bush Administration has confirmed that there will be no such IDs for patients Moral – huge political opposition to the idea Moral – huge political opposition to the idea Waiting for health IDs means to wait a long time Waiting for health IDs means to wait a long time

18 The Markle Linking Alternative Create a Record Locator Service (RLS), not an EMR central database Create a Record Locator Service (RLS), not an EMR central database The RLS authenticates based on demographic, not clinical, data The RLS authenticates based on demographic, not clinical, data Federated – decision at the edges whether a record is listed on the RLS Federated – decision at the edges whether a record is listed on the RLS E.g., substance abuse & HIV may not be listedE.g., substance abuse & HIV may not be listed

19 Advantages of RLS Approach Avoids single point of failure of central EMR database – the data breach problem Avoids single point of failure of central EMR database – the data breach problem Control at edges Control at edges Patients can opt out Patients can opt out Providers can decide what (not) to link Providers can decide what (not) to link Graceful transition from current system Graceful transition from current system No required new data field for health IDs No required new data field for health IDs No rip and replace No rip and replace In sum, privacy & security built in In sum, privacy & security built in

20 The State of Play on RLS Current Markle work on Current Markle work on Model contract for participants (RHIOs) and their participants (such as small practice groups) Model contract for participants (RHIOs) and their participants (such as small practice groups) Policies and procedures – the big picture for communities who are interested Policies and procedures – the big picture for communities who are interested FAQs for deeper technical dives on hard issues FAQs for deeper technical dives on hard issues E.g., scoring & procedures for authenticationE.g., scoring & procedures for authentication Test interchange: Indiana and Boston Test interchange: Indiana and Boston

21 IV. Privacy, Security & EMRs Must be credible on privacy & security or the benefits of EMRs will be undermined Must be credible on privacy & security or the benefits of EMRs will be undermined The architecture must be secure The architecture must be secure Centralized databases, even for sophisticated financial data, have been publicly breached Centralized databases, even for sophisticated financial data, have been publicly breached Health care is unlikely to be (or to be seen as) doing better than banks, who have centuries of practice in guarding the money Health care is unlikely to be (or to be seen as) doing better than banks, who have centuries of practice in guarding the money Many consider medical data more sensitive than financial data Many consider medical data more sensitive than financial data

22 Some Privacy Basics Goal should be to improve patient privacy & security in shift to EMRs Goal should be to improve patient privacy & security in shift to EMRs Safeguards must be explainable to public Safeguards must be explainable to public Patient access to linking system (whats in the system?) and means to correct (those arent my records) Patient access to linking system (whats in the system?) and means to correct (those arent my records) Access in HIPAA and FCRA Access in HIPAA and FCRA Patient opt-out from the system, working with providers Patient opt-out from the system, working with providers

23 Mission Creep & EMRs Many stakeholders will push for access to linked identities and records: Many stakeholders will push for access to linked identities and records: Health quality measurements Health quality measurements Cost controls Cost controls Bioterrorism & law enforcement Bioterrorism & law enforcement Medical research Medical research Marketing research Marketing research Not all those who want the data should get it Not all those who want the data should get it Model contract for linking will address these issues Model contract for linking will address these issues

24 Enforcement Looking ahead, I believe that enforcement against bad actors should occur, while good faith efforts by data holders should not receive enforcement Looking ahead, I believe that enforcement against bad actors should occur, while good faith efforts by data holders should not receive enforcement To date, 0 civil enforcement actions for 13,000 complaints to the Office of Civil Rights To date, 0 civil enforcement actions for 13,000 complaints to the Office of Civil Rights Recently, DOJ opinion that criminal laws do not apply to most employees of covered entities Recently, DOJ opinion that criminal laws do not apply to most employees of covered entities The right level of enforcement is not zero The right level of enforcement is not zero The system should be credible, without chilling much- needed sharing of EMRs for legitimate uses The system should be credible, without chilling much- needed sharing of EMRs for legitimate uses

25 Conclusion EMRs as the health IT challenge for the next decade, following the ten-year cycle since HIPAA was enacted EMRs as the health IT challenge for the next decade, following the ten-year cycle since HIPAA was enacted Privacy & security concerns for consumers often outweigh the perceived benefits Privacy & security concerns for consumers often outweigh the perceived benefits Strategic challenge for health IT professionals and the entire sector on how to use health IT consistent with the publics concerns Strategic challenge for health IT professionals and the entire sector on how to use health IT consistent with the publics concerns

26 In Closing As you build your health IT systems, imagine your own records and those of your family being in the infrastructure As you build your health IT systems, imagine your own records and those of your family being in the infrastructure Can you say with confidence to your family that their records are secure and confidential? Can you say with confidence to your family that their records are secure and confidential? For substance abuse, psychiatric records, HIV, and other extra-sensitive data? For substance abuse, psychiatric records, HIV, and other extra-sensitive data? Thats the standard we should apply to our systems – that each patients data is held the way we want out own data to be treated Thats the standard we should apply to our systems – that each patients data is held the way we want out own data to be treated

27 In Closing Thats the high-tech version of the Golden Rule Thats the high-tech version of the Golden Rule Do unto others data as you would have them do unto you Do unto others data as you would have them do unto you Thank you. Thank you.

28 Contact Information Peter P. Swire Peter P. Swire Consultant, Morrison & Foerster, LLP Consultant, Morrison & Foerster, LLP Phone: (240) Phone: (240) Web: Web:


Download ppt "Security and Privacy in Electronic Health Records Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Hospital Wireless Conference."

Similar presentations


Ads by Google