Presentation on theme: "HIPAA Privacy Compliance for E-Health Sites"— Presentation transcript:
1 HIPAA Privacy Compliance for E-Health Sites Michael Rozen, MDChief Privacy OfficerVP, Consumer AffairsWellMed, Inc.11:30 Enhancing the Doctor/Patient Relationship Using Online Health ToolsWith patients able to track billing and claims submittal online, research healthcare providers, and have access to their own records, they are becoming more active participants in the disease management process. Are we seeing a consumer revolution changing the healthcare paradigm and driving the future of healthcare? What changes need to be implemented to adapt to the new consumer? This session directly explores how the necessary tools for E-health empowerment can be used to enhance the doctor/patient relationship. Specifically you will hear:· How the changing healthcare paradigm promotes the doctor/patient relationship· Overcoming the challenges that arise in establishing interactive health communication· Understanding how Web-based strategies will raise the bar beyond customization and personalization· Identifying more opportunities for improving patient satisfaction numbersMichael J. Rozen, M.D. Vice President Consumer Affairs and Director of Health Record Security, WELLMED, INC.
2 Howard BellWriter, Healthcase InformaticsFeb, 2000“We are in the very early stages of health care informatics—just climbing out of the primordial cyber soup to blink like kids at the future and all its potential.”
3 Who Is On The Web Chronically Ill Recently Diagnosed Friends & Family US Adults on Web114 Million86 % looking for healthWho Is On The WebHarris Interactive2000Chronically IllRecently DiagnosedFriends & FamilyWorried WellHealth SavantConsumers, Patients, End Users, Visitors• The chronically ill —Seek greater control over their illnesses through knowledge. Immobility may bringabout need for instant, at-home access to condition-specific news and treatment updates.• The recently diagnosed —Concerned and wanting as much information as possible about their condition, what they can do to improve it and the resources available to assist them.• Friends, family—Predominately mothers, years old, married, working at least part-time, at least one child and one aging parent, middle income or higher, some college education, Internet savvy, worried about unhealthy or chronically ill children or loved ones, or wanting simply to take a more proactive approach to their family's health. Also, grown children of elderly parents and concerned friends and acquaintances who want to be helpful.• Worried well—People looking for reassurance, that they are not likely candidates for disease, for instance, or that their benign symptoms are not an indication of serious illness.• Health savant—Vigorously healthy, self-improvers seeking ever greater health. May be looking for the latest dietary news, latest studiesExamples of a person managing diabetes and another person
4 New Patient - New Attitude Better educatedTechnology-savvySelf-directedExpect quality serviceLess loyalHigher expectationsWe are seeing a fundamental shift in the way people are managing their lives. Looking at it in business terms, there is a higher degree of an entrepreneurial spirit This shift in attitude and action can be seen in many facets of life and on many levels. The Internet has been a major catalyst in .Let’s first take a look at the financial services industry:The skeptics in the financial services industry were blown away with the hoards of people who went online to trade. (Schwab and ML)Households paying bills via the web will grow from 1.8M in ‘98 to over 20 M by (Jupiter, FSO)Web-banking households will grow for 3.8 M in 1998 to >26M by 2003 (25% of all banking households in the US)Jupiter forecasts that by 2003, of all stock-owning households, 41% will be online trading householdsRevenues will grow more modestly from 240M to over 1B by 2003 cementing online banking less as a driver of revenue than one of cost savings, customer retention, and geographic expansion___________Consumers can go online today to: Book travel, comparison shop for home electronics, conduct sophisticated financial transactions (find the most competitive mortgages, life insurance and even manage their retirement funds) and even buy a lear jet ($40M dollars)They want to be able to go to the web and easily find reliable, relevant information, evaluate a doctor, a health plan a treatment option or even a procedure.Some people in the ehealth industry are amazed by the poor performance of their public currencies. Most complain about an inability to monitize their traffic, people are unwilling to pay for health information etc… I would suggest that they have not delivered a strong value proposition lets think about Amazon.com for a bit.***May or may not discuss*** Couple of facts – 7 years ago a technology futurist spoke to the ABA about the emergence of the Internet as a commercial platform. He indicated that someone had an opportunity to create a national presence for a fraction of the cost of Barnes & Noble etc, he also indicated that in his opinion it would be someone from outside their industry that would execute on the big idea as they were too busy solving real day-to-day challenges.When amazon started they were a simple bookstore offering a broad array of titles undercutting the traditional booksellers on both price and availabiltiy. Using technology they have focused on delivering an outstanding customer experience;they use personalization to deliver recommended titlesafter I place an order, I immediately receive a confirmationwhen the product ships I receive a second letting me know when it will arrivethe product is on my doorstep almost without fail (often times they actually ship ahead of schedule and even upgrade my shipping preference)Then they send me an informing me of new releases from my favorite authors, special sales etcAmazon has set the bar for quality, anything less than this is unacceptable. (It has taken them 5+ years and billions of dollars but they have set the bar)
5 New Patient – New Needs - Harris Interactive Now lets look at health WHAT ARE THEY LOOKING FOR:Information/news: People expect to find reliable, personalized healthcare information (30K sites make it nearly impossible)Physician communication: Many want to communicate and/or schedule an appointment with their doctor (almost impossible),Online benefit management: Most want to receive their benefit information online (completely impossible)Interactive health programsPlan and physician report cardsCommunityPersonal medical recordsWHERE ARE THEY LOOKING?You would hope that the new consumer would look to their health provider first, but instead they find most of their health information through online services.(One group we were talking to has over 5M members, and are receiving 20,000 unique visitors on a monthly basis – No repeat traffic)WHERE WOULD THEY LOOK? … they WOULD come to you!“Patients also distrust many online health information sources. A survey released by LaurusHealth.com shows that over two-thirds of patients found the websites recommended by their doctor most credible while 56 percent trusted sites affiliated with doctors and hospitals. Commercial sites barely scored in the credibility stakes. Where consumers' health is concerned, they still rely on the traditional trusted sources of information and advice.”- Harris Interactive
6 The Opportunity 64% looked for health information online 50% want information from doctor’s office46% would use a site offered by a health plan42% welcome information from a hospital site- CyberDialog, Cybercitizen HealthIst build: 64% have looked for health information online within 6 months…BUT patients distrust many online health information sources. A survey by LaurusHealth.com shows that over two-thirds of patients found the websites recommended by their doctor most credible while 56 percent trusted sites affiliated with doctors and hospitals. Commercial sites barely scored in the credibility stakes. Where consumers' health is concerned, they still rely on the traditional trusted sources of information and advice.This desire for credible, medically valid information is reinforced by the following research:2nd build: 50% interested in information from a doctor’s office (currently 4%)3rd build: 46% would use an Internet site offered by a health plan (currently 7%)4th build: 42% would welcome information from a hospital site (8% report finding what they want)____The consumer has spoken and in fact is telling us exactly what he/she want. The consumer wants personalized, relevant, medically valid info that is blessed by their provider.Can they go to your site to get it?”The groups that deliver this solution will increase marketshare, customer loyalty and my belief is that you will drive down health management costs___OTHER STATISTICS THAT ARE NOT NEEDED TO MAKE THIS POINT:21% will switch to a provider with a web site19% would move to a doctor who uses17% would switch to a health plan in order to manage benefits online82% want a ‘personalized’ health/disease management siteSource: CyberDialog, Cybercitizen HealthSERVING THE NEEDS OF THE INDIVIDUAL CONSUMER--Jupiter estimates that nearly half of Internet users go online to find health information.--68% of approximately 88 M adults accessing the Internet are obtaining healthcare content. (The lowest number I have seen is 50% of people have looked for healthcare info – once)--(remember that by M persons will be online)--just 3.7 million US adults the doctor's office, but 33.6 million said they would like to do so. –cyberdialog 8/00
7 Consumer-Centric Healthcare Management The financial services market has matured more rapidly, partly due to the structure of the market. Also because health infrastructure is much more complex, but the additional challenges make the opportunity in HC even larger.Unlike financial services, in health care consumer portals cannot provide: interaction, communication with physicians, communication with plan.Means different things for different organizations.--Pacificare has their secure horizons program targeted to Sr. Care--PBM’s adding value to their corporate customers and stripping away costs for refills etc.--Health Calc, Columbia HCA, Children’s Hospital…One size does not fit all, so use the Internet to provide a flexible solution that focuses on your strengths.Whatever the business goals, health organizations should offer individualized and relevant:Communication that is relevant, timely, accurateConnectivity – efficient access to providers, health records and informationCare – appropriate and the highest quality possible________________Similar to financial services industry where online financial news services are now the leading news source for active financial investors looking for share prices and investment advice. Just under 60 percent of active traders have a personalized web page with share prices and 15 percent say they receive financial updates on a wireless device.Leverage the Internet to build and manage one-to-one relationships with your customersUtilizing CMR solutions to:Acquire & retain customersGrow revenues & reduce costsCommunicate based on your business needs
8 Average Time Health Savant 32 Minutes WellMed User 19 Minutes Doctor/Patient Visit MinutesBreaking Health News 51 SecondsDTC SecondsOne goal is to use the time consumers spend onthe Internet to increase the value of the 9 minutesthey spend with the doctor
9 eHealth Non Traditional Stakeholders Connectivity Data Empowerment InteractivityUp close and personal
10 eCare Traditional stakeholders Using electronic medium to deliver care 32 % Employers using Internet to Administer health benefits
11 The Internet Doctor-Patient Relationship What are features of it?What are boundaries?Who has jurisdiction?Who provides oversight ?Licensure, Credentials, Remuneration?Professional status?
12 What Constitutes a Valid Internet Prescription? Proximity?Evaluation?Diagnosis?Remuneration?Interaction?Licensure?Oversight?Jurisdiction?
13 Personally Identifiable Health Information How do you protect consumer privacy, set proper consumer expectations, build trust, provide connectivity, interactivity and be profitableWhat is the consumer’s /patient’sexpectation of privacy and confidentiality?
14 “The right to be left alone…” The right to be left alone is the most comprehensive of rights…”Olmsted v. United States1928Louis BrandeisCommunicationTechnology 1890:PhotographyCheap Printing
15 “You already have zero privacy. Get over it.” Scott G. McNealyCEO, Sun Microsystems, Inc.1999
17 Privacy Among Top Shopping Sites Only a third of surveyed sites guaranteed not to send visitors’ personal information to third parties31% of sites have privacy policies that appears to give owner the right to send personal details to third partieseMarketer, July 2000Top 101 Consumer Websites
19 The fine print"As we continue to develop our business, we might sell or buy stores or assets. In such transactions, customer information generally is one of the transferred business assets," the company said. The company also said that "in the unlikely event that Amazon.com Inc., or substantially all of its assets are acquired,customer information will of course be one of the transferred assets."
20 The PEW Internet and American Life Project, 2000 Consumer Attitudes86 % favor opt-in privacy policies that require permission for use54 % view website tracking of users as invasion of privacyOnly 27 % feel that website tracking is helpful54% have provided personal information to use a Web site.48% have bought online using a credit card55 % have sought health information43 % have sought financial information36 % went to support-group sites or medical information sites27 % say they will never divulge personal information onlineThe PEW Internet and American Life Project, 2000
21 Medical Record Privacy Concerns 78% of Doctors withhold information from patient record due to privacy concerns87% of Doctors reported having had a patient request to withhold information from their recordsAssociation of American Physician and Surgeons
22 Regulatory Environments FederalStateInternationalGoverning AgenciesIndustry self regulationConsumer ExpectationsCourt of Public OpinionSectoral LawsUnleveled playing field“Safe Harbor”HHS, FTC, FDA, SEC…Hi Ethics, OPA
23 Fair Information Practices 1965 House of Representatives Subcommittee1973 HEW “The Code of Fair Information Practice Principles”1974 Federal Privacy ActNotice (awareness)ChoiceAccessSecurityData Integrity1998 FTC defacto standards for privacy protection on the Internet
24 Important Regulations COPPA-Children’s Online Privacy Protection Act of 1998 FTCHIPAA-Health Insurance Portability and Accountability Act of 1996Gramm-Leach Bliley Act (GLBA)
26 Children’s Online Privacy Protection Act of 1998 Child-Individual under age 13Collection-Includes direct or passive…”actual knowledge”Release of Personal Information-”sharing, selling, renting, or any other means of providing personal information to any third party.”Provide NoticeInform ParentsObtain Parental ConsentAllow ReviewEstablishes Rules
27 Children’s Online Privacy Protection Act of 1998 Collected Online“Personally Identifiable Information”NamePhysical Addressaddress or online contact informationTelephone numberSocial Security numberPersistent identifier (cookie,etc.)Information concerning a child …
28 Purpose of Administrative Simplification Privacy Regulations Protect and enhance consumer rights:access to their informationcontrolling inappropriate useImprove quality by restoring trust3. Improve efficiency and effectiveness by creating national framework for health privacy protection
29 HIPAA Components Electronic Transaction (65 FR 50312) Aug 17, 2000 Privacy (65 FR 82462) Dec 28, 2000Unique identifier for Employers (63 FR 25272) May 7, 1998Unique identifier for Providers (63 FR 32784) Jun 16, 1998Security (63 FR 43242) Aug 12, 1998Unique identifier for health plans ?????Standards for Claims attachments ?????Standards for COB ?????
30 HIPAA Privacy History Aug. 21, 1996 HIPAA, Public Law 104-109 Aug. 21, Congressional DeadlineOct. 29, HHS Draft IssuedNov. 3, FR 59918Feb.17, End comment PeriodDec. 20, HHS Final Privacy RuleDec. 28, FR 82462Feb.26, Compliance Date (2004 smaller plans)
31 HIPAA Privacy Overview Establishes a set of basic national privacy standardsSets a floor for privacy ground rulesSeeks to balance need of individual with needs of society“Privacy is a fundamental right”
32 Components of Final Privacy Rule Consumer control over Health InformationBoundaries on Medical Record Use and ReleaseEnsure Security of Personal Health InformationEstablish Accountability for Medical Record Use and ReleaseBalance Public Responsibility with Privacy ProtectionsSpecial Protection for Psychotherapy Notes
33 Consumer Control over Health Information Patient Education on privacy protectionsEnsuring patient access to their medical recordsReceiving patient consent before information releasedEnsuring consent is not coercedProviding recourse if privacy protections are violated
34 Boundaries on Medical Record Use and Release Ensuring health information is not used for non-health purposesProviding minimum amount of information necessaryEnsuring informed and voluntary consent
35 Establish Accountability For Medical Record Use and Release Civil PenaltiesFederal criminal penalties
36 Balancing Public Responsibility with Privacy Protections Provides guidelines allowing disclosure:Oversight of health care system-quality assurancePublic healthResearch-IRBJudicial and administrative proceedingsLimited law enforcementEmergency circumstancesFor deceased identification or cause of deathFor facility patient directoriesNational defense and security
37 Changes from Proposed Regulation Provide coverage to all individually identifiable health information held by a covered entityRequires consent for routine use and disclosure - Health providers obtain general consent for treatment, payment and health care operations accompanied with detailed noticeAllows disclosure of full medical record for treatmentProtects against unauthorized use of medical records for employment purposes
38 Changes from Proposed Regulation Enforcement – OCR“Business associate”Clearinghouses are not subject to certain requirements in the rule when acting as business associates of other covered entities.Minors-federal privacy right attached to consent for treatment rightMarketing and fund raising use of information
39 Covered InformationIn final rule, scope of protection extended to all individually identifiable health information in any form, electronic or non-electronic, held or transmitted by a covered entity.
40 No accepted standard definition What is Medical Record?No accepted standard definition
41 What is Health Information? The Health Insurance Portability and Accountability Act of Aug, HR 3103, PL‘‘(4) HEALTH INFORMATION.—The term ‘health information means any information, whether oral or recorded in any form or medium, that—‘‘(A) is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and‘‘(B) relates to the past, present, or future physicalor mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual.”
42 What is a Personal (Consumer) Health Record? ASTM SubcommitteeConsumer Health RecordThe Personal Health Record is an online, location-independent application where an individual can store and manage her own health information and/or the health information of her care dependents in a private, secure and confidential environment.
43 “Individually Identifiable Health Information” HIPAA, 1996‘‘(6) INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION.—The term ‘individually identifiable health information’ means any information, including demographic information collected from an individual, that—‘‘(A) is created or received by a health care provider, health plan, employer, or health care clearinghouse; and‘‘(B) relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual, and—‘‘(i) identifies the individual; or‘‘(ii) with respect to which there is a reasonable basis to believe that the information can be used to identify the individual.Sec. 1171, No. 6, pg. 89
44 Designated Record SetCertain records maintained by or for a covered entity that are always part of a covered entity’s designated record sets and to include other records that are used to make decisions about individuals.The means of retrieval of a record is not a defining criteria.
45 Creation of De-identified Information (d) permits a covered entity to use protected information to create de-identified information, whether or not the de-identified information is to be used by the covered entity. It is not subject to privacy rules unless re-identified.
46 Data AggregationTerm defined to permit business associate to combine protected health information for creation of data for analyses that relate to health care operations of the respective covered entities.
47 Aggregate Data vs. Personally Identifiable Information “Who owns thedata?”“Who has a rightto the data?”
48 Indirect treatment relationship Relationship between healthcare provider and individual in which provider delivers health care to the individual based on the orders of another health care provider and the health care services, products, diagnosis, or results are typically furnished to the patient through another provider, rather than directly.
49 ConsentCovered health care providers who have a direct treatment relationship with an individual are required to obtain a general consent from the individual in order to use or disclose the protected health information for treatment, payment and health care operations.Providers may condition treatment on patient’s providing consent.For psychotherapy notes, for most purposes, an individuals authorization is required.
50 AuthorizationRequired for all disclosures and uses not expressly exempted in the regulation.Can not condition services or payment on receipt of authorization
51 Marketing (authorization required) Communication about a product or service a purpose of which is to encourage recipients to purchase or use the product or serviceThree exceptions:-Marketing the organization-Part treatment or health of individual-In the course of managing the treatment of individual or directing to recommending other treatments, etc.
52 Employers Not covered entities under the privacy regulation Are subject to federal disability nondiscrimination lawsADA, 42 U.S.C or more employeesGoverns transmission to covered entityCan use medical information for insurance purposes
53 Clinical Laboratories CLIA, 42 U.S.C. 263a and reg 42 CFR part 493 Require clinical labs to disclose test results/reports only to authorized persons as defined by State Law. Federal law defines it as the person who orders the test. Under this law, a clinical lab may be prohibited from providing the individual who is the subject of the test result access to this information. Under HIPAA, then the lab is exempted from reporting the result to the patient.If the clinical lab operates in a state in which the term authorized person is defined to include the individual, then the lab would have to provide the individual with these rights.Similarly, research labs that do not report patient specific results for diagnosis prevention or treatment are exempted from providing patient access under HIPAA.
54 Disclosure Authorization If a federal law requires a covered entity to disclose a specific type of information, the covered entity would not need an authorization. The covered entity must determine if the disclosure is mandatory rather than merely permissible.
55 EU Safe Harbor“We believe they are essentially consistent and that an organization complying with our privacy regulation can fairly and correctly self-certify that it complies with the Principles.”Questions regarding compliance and interpretation will be decided based on U.S. Law
56 EU Data ExportationMembers can only export data if the destination country “ensures an adequate level of protection” for such data, or if some exception applies to the particular transfer
57 Safe Harbor Privacy Principles Approved by EU Member StatesMay 31, 2000Intended solely for use by US organizations receiving personal data from EU for the purpose of qualifying for the safe harbor and the presumption of “adequacy” it creates.If an organization joins a self regulatory privacy program that adheres to the Principles, it qualifies for the safe harbor.
58 U.S. “Safe Harbor Principles” Notice Informed ConsentChoice “Opt-out”Sensitive “Opt-in”Onward Transfer Third PartiesSecurity Protection “ReasonableData Integrity Accurate, currentAccess Unconditional v ReasonableEnforcement Recourse & Penalty
59 Notice“THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY”Covered entities must describes all uses and disclosures of protected health information they are permitted or required to make without authorization including those uses and disclosures under consent requirements.
60 NoticeAdditionally, covered entities have to disclose those activities they may want to contact the individual-providing appointment reminders-describing/recommending treatments-providing health benefit information-soliciting fundsDirect treatment providers must provide notice at time of first service delivery either in person or electronically. Under final rule, a covered entity that maintains a web site describing the services and benefits it offers must make its privacy notice prominently available through the site. Individual has right to request paper notice.
61 Patients/consumers are not covered entities and therefore HIPPA does not offer privacy protection to the individually identifiable health information they maintain/hold about themselves or their family.
62 Gramm-Leach-Bliley (S.900) -Deregulation of Financial Service Organizations-Act pertains to “Customers’ nonpublic personal information.”
64 Medical Financial Privacy Protection Act (H.R. 4585) Representative Leach Chairman, House Banking and Financial Services CommitteeGoal: Prevent financial institutions from sharing medical financial information without an individual;s consent and prohibit the use of medical information in making credit decisions.The bill requires a specific and separate consent for mental health information, HIV information, genetic information and abortion information.
65 Medical Financial Privacy Protection Act (H.R. 4585) General Rules for Use of IIHIRepresentative Leach Chairman, House Banking and Financial Services Committee-“Opt-in” Consent for health information-Prohibit disclosure of Information about IIHI -Personal Spending Habits-Notice and Consent for Aggregate data disclosure to third party-Exempt use for customer service-Prohibit re-disclosure and re-use by third parties-Prohibit requesting of health information from a third party to make a loan or credit decision
66 The Prime Directive The actions of an eHealth or eCare Web site do not allow an individual to be identified with their unique health characteristics without the individual’s opt-in authorization.
67 Evolving Issues Data Interchange Messaging Email Ubiquitous Wireless ConnectivityDecision Making SupportData InterpretationClosing the Loop to Physician DesktopConsumer Claims-Processing Support
68 RELEASES AUTHORIZATIONS Data InterchangeRELEASES AUTHORIZATIONSFor release of personally identifiable information, the user must explicitly authorize such release. The authorization must state:Purpose for releaseInformation to be sharedWho information shared withDuration of authorizationProvide user opportunity to revoke authorization at any time
69 Tailored Communication Deliver personalized content, tailored advertising, relevant informationPersonal Health Manager Home PageTailoredSecure instant messagingTargeted ecommerceAccess and pre-qualification to appropriate clinical trialscase study as illustration[visual: Diabetic surfs the web looking for information and resources to help him manage his condition. Visits many eHealth sites, but they don’t ask any questions, offer only general information, or information of dubious value. Visits WellMed, takes HQ, takes AdvancedHQ for diabetes. Upon completing AdvancedHQ, receives personalized information and options for managing condition. Conclusion: WellMed engages users in a dialogue and delivers personalized, condition-specific information tailored to their particular needs.]Problem: Content of the electronic message may allow an individual to be associated with their unique health characteristics and thus their privacy violated.
70 Push Wellness (Opt-out) Pull Disease (Opt-in) Secure The Unmentionable and MessagingWellMed’s PhilosophyPush Wellness (Opt-out)Pull Disease (Opt-in)Secure The Unmentionable
71 Creating Dialogue with Patients: Effective and Efficient Communications 33% of Internet health site visitors would switch doctors based on ability to communicate over Internet (CyberDialogue)Estimated that 55-65% of doctors will use Internet in 2000 (up from < 20% in 1997)
72 Physicians Want to Email Patients How Interested Are You in Being Able to Communicate More With Patients Using ?40% Express Some Interest in More Patient ContactNot surprisingly, patients even more interested than MDs in communicating via – 41% highly interested, 28% moderately interested and only 32% uninterested.In fact, 14% would even consider switching MDs to gain access to this capability. (may want to use in outlook as actual slide)Right now– physicians who do their patients—10% or less (and 77% answered 0% of patients by ) mean was .4%…whereas with colleagues, mean was 8%44% of MDs have shifted behavior due to patient web use– may be a data pt or slide– not sure yetSource: Jupiter Analysis; The Cozint Report, (5/00); n=800 (US only)
73 Dr. Doolittle, Online at Least Harris InteractiveApril 03,2000Emarketer.com89 % of US Physicians are Internet usersAverage 6 hours/week onlinePersonal 61%Patient Clinical %General Clinical 15%Administrative 16 %28% Access information for a FEW patients52% Sometimes use computers to receive lab results33% Work in practices with their own web site
74 E/M Codes for email-responses CPTPay by Health PlanFirst Care out of Chicago-TPA
75 Value Add-Health Management Messaging FunctionsAppt. RequestsRefillsBillingSend lab results, etc.Value Add-Health ManagementProactive message from Doc to Pt(structured data)Pt to Doc alert about abnormal results
76 Wireless RemindersSupplies health information directly via cellular or digital technologyOffers 24-hour access to personal health information without a computerHelps individuals organize and comply with treatment plans including prescription medications, fitness routines and nutrition protocolsPersonalizes information and content
77 Wireless StatisticsDigital cell phone users, put at 32 million in 1999 by Jupiter CommunicationsSmart phones, predicted to be at 800,000 by end of 1999 by Jupiter Communications, but up to 76 million by 2003
78 People Want Wireless Email 75% of wireless usage involves retrievingSolomon-WolffAlmost half of mobile device users want to retrieve via wirelessJupiter Communications
79 Customized Connectivity Standard technologies will exist over the next 12 months that will make the tracking and monitoring of health issues more invisible and non-intrusive, greatly enhancing your ability to talk to your patients.Your organization stays top of mind in a POSITIVE context, not simply “the group that you call when you’re sick.”They look to your organization for help WHEN THEY ARE WELL.They will open your and they will go to your site.(Talk to data interchange here.)
80 Hi-Ethics Principles Reliable online information Responsible online advertisingPrivate and secure personal health information
81 A group of major commercial ehealth sites Hi-Ethics sites reach more than 30% of Internet audience in generalMore than 60 million visitors have visited Hi-Ethics sitesProjected 2000 revenues are 2/3 of total eHealth companies11 Includes 22 eHealth companies designated by Wit Capital, January 31, 2000
82 14 Hi-Ethics Principles 1-3 Privacy and Confidentiality Advertising and CommerceQuality of Health InformationBest Practices for ProfessionalsDisclosure and Feedback
83 Privacy and Confidentiality Must conform with Fair Information PracticesProtection for Health-Related Personal Information “opt in”Privacy in Relationships with Third PartiesProvide customers with meaningful choice
84 Advertising and Commerce Disclosure of Ownership and SponsorshipIdentifying Advertising and “Sponsored” ContentPromotional Offers, Rebates and Free Items or Services
85 Quality of Health Information Accuracy and Reliability Editorial PolicyAuthorship and Accountability and DateValidation for Self-Help Services
86 Best Practices for Healthcare Professionals Clarity of RelationshipsProfessionalismQualifications
87 Combination of Law and Industry Self Regulation IndependentMulti FacetedMulti Tiered
88 CAV ProgramTruste will administer Independent implementation, evaluation and dispute resolutionHi Ethics will maintain the code and interpretationWeb site does not need to belong to Hi Ethics to obtain the sealAnnual RenewalFeedback and Monitoring
89 Multi Faceted Privacy Audit Financial Audit Security Audit Professionalism complianceEditorial Policy complianceAdvertising Policy complianceEvaluation of third party relationships
90 Multi Tiered 1. Adopt Hi Ethics Principles 2. Perform Self assessment 3. Publicly announce compliance4. Independent assessment5. Voluntary participation in “Hi Ethics Seal Program”6. Join Hi Ethics
91 The key is Setting proper customer expectations And then delivering on them
92 Care is directed by the provider AND the consumer Care is directed by the provider AND the consumer. As providers, we put the patient in the driver’s seat, and take our seat as navigator and coach.
93 ReferencesIEEE Privacy StatementCybercitizen Health StudyChildren’s Online Privacy Protection RuleProposed Standards for Privacy of Individually Identifiable Health InformationSummary:Full Reg:Security and Electronic Signature StandardsWellMed Privacy StatementPrivacy and Human Rights
94 References California Healthcare Foundation Privacy Report HIPAAUS Health & Human Services on Administrative Simplification - Proposed Standards for Privacy of Individually Identifiable Health InformationSummary:Full Reg.:HIPAAcomply -FTC HIPAA ResponseSummaryLetter
95 References Security and Electronic Signature Security and Electronic Signature StandardsUS Encryption Policy, Jan 14,HCFA’s Internet Security PolicyHCFA’s Internet Policy FAQsState LawsCalifornia senate bills are:AB 416 Personal information: disclosure.BILL NUMBER: AB 416 CHAPTERED 09/28/99 CHAPTER 527 SB 19 Medical records: confidentiality.BILL NUMBER: SB 19 CHAPTERED 09/28/99 CHAPTER 526.
96 ReferencesPrivacy Journal’s ranking of states Privacy Protection:October 1999“The State of Health Privacy: An Uneven Terrain” Health Privacy Project 7/24/99.OECDGuidelines on the Protection of Privacy and Transborder Flows of Personal Data, September 23, 1980, Council of the OECD.Privacy Protection on Global Networks, OECD Ministerial Conference, Ottawa, October 7-9,Electronic Commerce OECD Policy Brief, No. 1,
97 References Safe Harbor Safe Harbor: Draft International Safe Harbor Privacy Principles Issued by the U.S. Department of CommerceWorking Party On the Protection of Individuals with regard to the Processing of Personal Data 5146/99/EN/final Letter Adopted December 3,1999.March 17, 2000 U.S. Department of Commerce latest Draft
98 ReferencesGlobalPrivacy & Human Rights Country Reports.None of Your Business; Peter P. Swire & Robert E. Litan; Brookings Institution Press: 1998.UK Data Protection Act of 1998;Privacy and Human Rights-An International Survey of Privacy Law s and Developments; 1999; Electronic Privacy Information Center and Privacy International; ISBN X;Children’s Online PrivacyChildren’s Online Privacy Protection Rule; 16 C.F.R. Part 132 RIN 3084-AA84; Agency Federal Trade Commission Final Rule ;New Rule Will Protect Privacy of Children Online Press Release; FTC
99 References Fair Information Practices Five PrinciplesCode of Fair Information PracticesPrivacy Act of 1974 Law ftp://ftp.cpsr.org/cpsr/privacy/law/privacy_act_1974.txtThe citation for the report is as follows: U.S. Dep't. Of Health, Education and Welfare, Secretary's Advisory Committee on Automated Personal Data Systems, Records, computers, and the Rights of Citizens viii (1973).WellMed Privacy StatementOther SourcesTunitas Group -Health Privacy Project -Arthur Anderson -
100 References WEDI - http://www.wedi.org/ AHIMA - http://www.ahima.org/ Washington Publishing Company -IEEEPrivacy Position Paper -Cybercitizen Health Study -FTC Advisory Committee on Online Access and Security -Hi EthicseHealth Ethics Code-AMA Web Guidelines-Department of Commerce: Elements of Effective Self Regulation for the Protection of Privacy and Questions Related to Online Privacy.Institute for Health Care Research and Policy -Georgetown University:Final Rule: Privacy Standards.