Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA Privacy Compliance for E-Health Sites

Similar presentations

Presentation on theme: "HIPAA Privacy Compliance for E-Health Sites"— Presentation transcript:

1 HIPAA Privacy Compliance for E-Health Sites
Michael Rozen, MD Chief Privacy Officer VP, Consumer Affairs WellMed, Inc. 11:30 Enhancing the Doctor/Patient Relationship Using Online Health Tools With patients able to track billing and claims submittal online, research healthcare providers, and have access to their own records, they are becoming more active participants in the disease management process. Are we seeing a consumer revolution changing the healthcare paradigm and driving the future of healthcare? What changes need to be implemented to adapt to the new consumer? This session directly explores how the necessary tools for E-health empowerment can be used to enhance the doctor/patient relationship. Specifically you will hear: ·         How the changing healthcare paradigm promotes the doctor/patient relationship ·         Overcoming the challenges that arise in establishing interactive health communication ·         Understanding how Web-based strategies will raise the bar beyond customization and personalization ·         Identifying more opportunities for improving patient satisfaction numbers Michael J. Rozen, M.D. Vice President Consumer Affairs and Director of Health Record Security, WELLMED, INC.

2 Howard Bell Writer, Healthcase Informatics Feb, 2000 “We are in the very early stages of health care informatics—just climbing out of the primordial cyber soup to blink like kids at the future and all its potential.”

3 Who Is On The Web Chronically Ill Recently Diagnosed Friends & Family
US Adults on Web 114 Million 86 % looking for health Who Is On The Web Harris Interactive 2000 Chronically Ill Recently Diagnosed Friends & Family Worried Well Health Savant Consumers, Patients, End Users, Visitors • The chronically ill —Seek greater control over their illnesses through knowledge. Immobility may bring about need for instant, at-home access to condition-specific news and treatment updates. • The recently diagnosed —Concerned and wanting as much information as possible about their condition, what they can do to improve it and the resources available to assist them. • Friends, family—Predominately mothers, years old, married, working at least part-time, at least one child and one aging parent, middle income or higher, some college education, Internet savvy, worried about unhealthy or chronically ill children or loved ones, or wanting simply to take a more proactive approach to their family's health. Also, grown children of elderly parents and concerned friends and acquaintances who want to be helpful. • Worried well—People looking for reassurance, that they are not likely candidates for disease, for instance, or that their benign symptoms are not an indication of serious illness. • Health savant—Vigorously healthy, self-improvers seeking ever greater health. May be looking for the latest dietary news, latest studies Examples of a person managing diabetes and another person

4 New Patient - New Attitude
Better educated Technology-savvy Self-directed Expect quality service Less loyal Higher expectations We are seeing a fundamental shift in the way people are managing their lives. Looking at it in business terms, there is a higher degree of an entrepreneurial spirit This shift in attitude and action can be seen in many facets of life and on many levels. The Internet has been a major catalyst in . Let’s first take a look at the financial services industry: The skeptics in the financial services industry were blown away with the hoards of people who went online to trade. (Schwab and ML) Households paying bills via the web will grow from 1.8M in ‘98 to over 20 M by (Jupiter, FSO) Web-banking households will grow for 3.8 M in 1998 to >26M by 2003 (25% of all banking households in the US) Jupiter forecasts that by 2003, of all stock-owning households, 41% will be online trading households Revenues will grow more modestly from 240M to over 1B by 2003 cementing online banking less as a driver of revenue than one of cost savings, customer retention, and geographic expansion ___________ Consumers can go online today to: Book travel, comparison shop for home electronics, conduct sophisticated financial transactions (find the most competitive mortgages, life insurance and even manage their retirement funds) and even buy a lear jet ($40M dollars) They want to be able to go to the web and easily find reliable, relevant information, evaluate a doctor, a health plan a treatment option or even a procedure. Some people in the ehealth industry are amazed by the poor performance of their public currencies. Most complain about an inability to monitize their traffic, people are unwilling to pay for health information etc… I would suggest that they have not delivered a strong value proposition lets think about for a bit. ***May or may not discuss*** Couple of facts – 7 years ago a technology futurist spoke to the ABA about the emergence of the Internet as a commercial platform. He indicated that someone had an opportunity to create a national presence for a fraction of the cost of Barnes & Noble etc, he also indicated that in his opinion it would be someone from outside their industry that would execute on the big idea as they were too busy solving real day-to-day challenges. When amazon started they were a simple bookstore offering a broad array of titles undercutting the traditional booksellers on both price and availabiltiy. Using technology they have focused on delivering an outstanding customer experience; they use personalization to deliver recommended titles after I place an order, I immediately receive a confirmation when the product ships I receive a second letting me know when it will arrive the product is on my doorstep almost without fail (often times they actually ship ahead of schedule and even upgrade my shipping preference) Then they send me an informing me of new releases from my favorite authors, special sales etc Amazon has set the bar for quality, anything less than this is unacceptable. (It has taken them 5+ years and billions of dollars but they have set the bar)

5 New Patient – New Needs - Harris Interactive Now lets look at health
WHAT ARE THEY LOOKING FOR: Information/news: People expect to find reliable, personalized healthcare information (30K sites make it nearly impossible) Physician communication: Many want to communicate and/or schedule an appointment with their doctor (almost impossible), Online benefit management: Most want to receive their benefit information online (completely impossible) Interactive health programs Plan and physician report cards Community Personal medical records WHERE ARE THEY LOOKING? You would hope that the new consumer would look to their health provider first, but instead they find most of their health information through online services. (One group we were talking to has over 5M members, and are receiving 20,000 unique visitors on a monthly basis – No repeat traffic) WHERE WOULD THEY LOOK? … they WOULD come to you! “Patients also distrust many online health information sources. A survey released by shows that over two-thirds of patients found the websites recommended by their doctor most credible while 56 percent trusted sites affiliated with doctors and hospitals. Commercial sites barely scored in the credibility stakes. Where consumers' health is concerned, they still rely on the traditional trusted sources of information and advice.” - Harris Interactive

6 The Opportunity 64% looked for health information online
50% want information from doctor’s office 46% would use a site offered by a health plan 42% welcome information from a hospital site - CyberDialog, Cybercitizen Health Ist build: 64% have looked for health information online within 6 months …BUT patients distrust many online health information sources. A survey by shows that over two-thirds of patients found the websites recommended by their doctor most credible while 56 percent trusted sites affiliated with doctors and hospitals. Commercial sites barely scored in the credibility stakes. Where consumers' health is concerned, they still rely on the traditional trusted sources of information and advice. This desire for credible, medically valid information is reinforced by the following research: 2nd build: 50% interested in information from a doctor’s office (currently 4%) 3rd build: 46% would use an Internet site offered by a health plan (currently 7%) 4th build: 42% would welcome information from a hospital site (8% report finding what they want)____ The consumer has spoken and in fact is telling us exactly what he/she want. The consumer wants personalized, relevant, medically valid info that is blessed by their provider. Can they go to your site to get it?” The groups that deliver this solution will increase marketshare, customer loyalty and my belief is that you will drive down health management costs ___OTHER STATISTICS THAT ARE NOT NEEDED TO MAKE THIS POINT: 21% will switch to a provider with a web site 19% would move to a doctor who uses 17% would switch to a health plan in order to manage benefits online 82% want a ‘personalized’ health/disease management site Source: CyberDialog, Cybercitizen Health SERVING THE NEEDS OF THE INDIVIDUAL CONSUMER --Jupiter estimates that nearly half of Internet users go online to find health information. --68% of approximately 88 M adults accessing the Internet are obtaining healthcare content. (The lowest number I have seen is 50% of people have looked for healthcare info – once) --(remember that by M persons will be online) --just 3.7 million US adults the doctor's office, but 33.6 million said they would like to do so. –cyberdialog 8/00

7 Consumer-Centric Healthcare Management
The financial services market has matured more rapidly, partly due to the structure of the market. Also because health infrastructure is much more complex, but the additional challenges make the opportunity in HC even larger. Unlike financial services, in health care consumer portals cannot provide: interaction, communication with physicians, communication with plan. Means different things for different organizations. --Pacificare has their secure horizons program targeted to Sr. Care --PBM’s adding value to their corporate customers and stripping away costs for refills etc. --Health Calc, Columbia HCA, Children’s Hospital… One size does not fit all, so use the Internet to provide a flexible solution that focuses on your strengths. Whatever the business goals, health organizations should offer individualized and relevant: Communication that is relevant, timely, accurate Connectivity – efficient access to providers, health records and information Care – appropriate and the highest quality possible ________________ Similar to financial services industry where online financial news services are now the leading news source for active financial investors looking for share prices and investment advice. Just under 60 percent of active traders have a personalized web page with share prices and 15 percent say they receive financial updates on a wireless device. Leverage the Internet to build and manage one-to-one relationships with your customers Utilizing CMR solutions to: Acquire & retain customers Grow revenues & reduce costs Communicate based on your business needs

8 Average Time Health Savant 32 Minutes WellMed User 19 Minutes
Doctor/Patient Visit Minutes Breaking Health News 51 Seconds DTC Seconds One goal is to use the time consumers spend on the Internet to increase the value of the 9 minutes they spend with the doctor

9 eHealth Non Traditional Stakeholders Connectivity Data Empowerment
Interactivity Up close and personal

10 eCare Traditional stakeholders Using electronic medium to deliver care
32 % Employers using Internet to Administer health benefits

11 The Internet Doctor-Patient Relationship
What are features of it? What are boundaries? Who has jurisdiction? Who provides oversight ? Licensure, Credentials, Remuneration? Professional status?

12 What Constitutes a Valid Internet Prescription?
Proximity? Evaluation? Diagnosis? Remuneration? Interaction? Licensure? Oversight? Jurisdiction?

13 Personally Identifiable Health Information
How do you protect consumer privacy, set proper consumer expectations, build trust, provide connectivity, interactivity and be profitable What is the consumer’s /patient’s expectation of privacy and confidentiality?

14 “The right to be left alone…”
The right to be left alone is the most comprehensive of rights…” Olmsted v. United States 1928 Louis Brandeis Communication Technology 1890: Photography Cheap Printing

15 “You already have zero privacy. Get over it.”
Scott G. McNealy CEO, Sun Microsystems, Inc. 1999

16 Privacy Protection at Commercial Web Sites
93% of commercial web sites collect at least one type of personal identification Less than 10% of sites encompass all five principles One third of sites post no privacy policy Only 19% disclose steps taken to safeguard data Examples of abuse are widespread Privacy Rights Clearinghouse Beth Givens, Director 1999 Five Principles for Privacy Protection: Notice, Choice, Access, Security, Enforcement

17 Privacy Among Top Shopping Sites
Only a third of surveyed sites guaranteed not to send visitors’ personal information to third parties 31% of sites have privacy policies that appears to give owner the right to send personal details to third parties eMarketer, July 2000 Top 101 Consumer Websites

18 Amazon: “Personal info may be shared”
“Dear Customer, We have just updated's privacy policy and, because privacy is important, we wanted to you proactively in this case and not just update the policy on our site, as is the common Web practice. Thanks for being a customer and allowing us to continue to earn your trust. To read the updated Privacy Notice, visit: Associated Press, Sep. 1, 2000

19 The fine print "As we continue to develop our business, we might sell or buy stores or assets. In such transactions, customer information generally is one of the transferred business assets," the company said. The company also said that "in the unlikely event that Inc., or substantially all of its assets are acquired,customer information will of course be one of the transferred assets."

20 The PEW Internet and American Life Project, 2000
Consumer Attitudes 86 % favor opt-in privacy policies that require permission for use 54 % view website tracking of users as invasion of privacy Only 27 % feel that website tracking is helpful 54% have provided personal information to use a Web site. 48% have bought online using a credit card 55 % have sought health information 43 % have sought financial information 36 % went to support-group sites or medical information sites 27 % say they will never divulge personal information online The PEW Internet and American Life Project, 2000

21 Medical Record Privacy Concerns
78% of Doctors withhold information from patient record due to privacy concerns 87% of Doctors reported having had a patient request to withhold information from their records Association of American Physician and Surgeons

22 Regulatory Environments
Federal State International Governing Agencies Industry self regulation Consumer Expectations Court of Public Opinion Sectoral Laws Unleveled playing field “Safe Harbor” HHS, FTC, FDA, SEC… Hi Ethics, OPA

23 Fair Information Practices
1965 House of Representatives Subcommittee 1973 HEW “The Code of Fair Information Practice Principles” 1974 Federal Privacy Act Notice (awareness) Choice Access Security Data Integrity 1998 FTC defacto standards for privacy protection on the Internet

24 Important Regulations
COPPA-Children’s Online Privacy Protection Act of 1998 FTC HIPAA-Health Insurance Portability and Accountability Act of 1996 Gramm-Leach Bliley Act (GLBA)

25 FTC Children Online Survey
March, 1998 212 Commercial children web sites 89% collected personal information 24% posted privacy policies 10% provided comprehensive privacy policy 1% required parental consent

26 Children’s Online Privacy Protection Act of 1998
Child-Individual under age 13 Collection-Includes direct or passive…”actual knowledge” Release of Personal Information-”sharing, selling, renting, or any other means of providing personal information to any third party.” Provide Notice Inform Parents Obtain Parental Consent Allow Review Establishes Rules

27 Children’s Online Privacy Protection Act of 1998
Collected Online “Personally Identifiable Information” Name Physical Address address or online contact information Telephone number Social Security number Persistent identifier (cookie,etc.) Information concerning a child …

28 Purpose of Administrative Simplification Privacy Regulations
Protect and enhance consumer rights: access to their information controlling inappropriate use Improve quality by restoring trust 3. Improve efficiency and effectiveness by creating national framework for health privacy protection

29 HIPAA Components Electronic Transaction (65 FR 50312) Aug 17, 2000
Privacy (65 FR 82462) Dec 28, 2000 Unique identifier for Employers (63 FR 25272) May 7, 1998 Unique identifier for Providers (63 FR 32784) Jun 16, 1998 Security (63 FR 43242) Aug 12, 1998 Unique identifier for health plans ????? Standards for Claims attachments ????? Standards for COB ?????

30 HIPAA Privacy History Aug. 21, 1996 HIPAA, Public Law 104-109
Aug. 21, Congressional Deadline Oct. 29, HHS Draft Issued Nov. 3, FR 59918 Feb.17, End comment Period Dec. 20, HHS Final Privacy Rule Dec. 28, FR 82462 Feb.26, Compliance Date (2004 smaller plans)

31 HIPAA Privacy Overview
Establishes a set of basic national privacy standards Sets a floor for privacy ground rules Seeks to balance need of individual with needs of society “Privacy is a fundamental right”

32 Components of Final Privacy Rule
Consumer control over Health Information Boundaries on Medical Record Use and Release Ensure Security of Personal Health Information Establish Accountability for Medical Record Use and Release Balance Public Responsibility with Privacy Protections Special Protection for Psychotherapy Notes

33 Consumer Control over Health Information
Patient Education on privacy protections Ensuring patient access to their medical records Receiving patient consent before information released Ensuring consent is not coerced Providing recourse if privacy protections are violated

34 Boundaries on Medical Record Use and Release
Ensuring health information is not used for non-health purposes Providing minimum amount of information necessary Ensuring informed and voluntary consent

35 Establish Accountability For Medical Record Use and Release
Civil Penalties Federal criminal penalties

36 Balancing Public Responsibility with Privacy Protections
Provides guidelines allowing disclosure: Oversight of health care system-quality assurance Public health Research-IRB Judicial and administrative proceedings Limited law enforcement Emergency circumstances For deceased identification or cause of death For facility patient directories National defense and security

37 Changes from Proposed Regulation
Provide coverage to all individually identifiable health information held by a covered entity Requires consent for routine use and disclosure - Health providers obtain general consent for treatment, payment and health care operations accompanied with detailed notice Allows disclosure of full medical record for treatment Protects against unauthorized use of medical records for employment purposes

38 Changes from Proposed Regulation
Enforcement – OCR “Business associate” Clearinghouses are not subject to certain requirements in the rule when acting as business associates of other covered entities. Minors-federal privacy right attached to consent for treatment right Marketing and fund raising use of information

39 Covered Information In final rule, scope of protection extended to all individually identifiable health information in any form, electronic or non-electronic, held or transmitted by a covered entity.

40 No accepted standard definition
What is Medical Record? No accepted standard definition

41 What is Health Information?
The Health Insurance Portability and Accountability Act of Aug, HR 3103, PL ‘‘(4) HEALTH INFORMATION.—The term ‘health information means any information, whether oral or recorded in any form or medium, that— ‘‘(A) is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and ‘‘(B) relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual.”

42 What is a Personal (Consumer) Health Record?
ASTM Subcommittee Consumer Health Record The Personal Health Record is an online, location-independent application where an individual can store and manage her own health information and/or the health information of her care dependents in a private, secure and confidential environment.

43 “Individually Identifiable Health Information”
HIPAA, 1996 ‘‘(6) INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION.— The term ‘individually identifiable health information’ means any information, including demographic information collected from an individual, that— ‘‘(A) is created or received by a health care provider, health plan, employer, or health care clearinghouse; and ‘‘(B) relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual, and— ‘‘(i) identifies the individual; or ‘‘(ii) with respect to which there is a reasonable basis to believe that the information can be used to identify the individual. Sec. 1171, No. 6, pg. 89

44 Designated Record Set Certain records maintained by or for a covered entity that are always part of a covered entity’s designated record sets and to include other records that are used to make decisions about individuals. The means of retrieval of a record is not a defining criteria.

45 Creation of De-identified Information
(d) permits a covered entity to use protected information to create de-identified information, whether or not the de-identified information is to be used by the covered entity. It is not subject to privacy rules unless re-identified.

46 Data Aggregation Term defined to permit business associate to combine protected health information for creation of data for analyses that relate to health care operations of the respective covered entities.

47 Aggregate Data vs. Personally Identifiable Information
“Who owns the data?” “Who has a right to the data?”

48 Indirect treatment relationship
Relationship between healthcare provider and individual in which provider delivers health care to the individual based on the orders of another health care provider and the health care services, products, diagnosis, or results are typically furnished to the patient through another provider, rather than directly.

49 Consent Covered health care providers who have a direct treatment relationship with an individual are required to obtain a general consent from the individual in order to use or disclose the protected health information for treatment, payment and health care operations. Providers may condition treatment on patient’s providing consent. For psychotherapy notes, for most purposes, an individuals authorization is required.

50 Authorization Required for all disclosures and uses not expressly exempted in the regulation. Can not condition services or payment on receipt of authorization

51 Marketing (authorization required)
Communication about a product or service a purpose of which is to encourage recipients to purchase or use the product or service Three exceptions: -Marketing the organization -Part treatment or health of individual -In the course of managing the treatment of individual or directing to recommending other treatments, etc.

52 Employers Not covered entities under the privacy regulation
Are subject to federal disability nondiscrimination laws ADA, 42 U.S.C or more employees Governs transmission to covered entity Can use medical information for insurance purposes

53 Clinical Laboratories CLIA, 42 U.S.C. 263a and reg 42 CFR part 493
Require clinical labs to disclose test results/reports only to authorized persons as defined by State Law. Federal law defines it as the person who orders the test. Under this law, a clinical lab may be prohibited from providing the individual who is the subject of the test result access to this information. Under HIPAA, then the lab is exempted from reporting the result to the patient. If the clinical lab operates in a state in which the term authorized person is defined to include the individual, then the lab would have to provide the individual with these rights. Similarly, research labs that do not report patient specific results for diagnosis prevention or treatment are exempted from providing patient access under HIPAA.

54 Disclosure Authorization
If a federal law requires a covered entity to disclose a specific type of information, the covered entity would not need an authorization. The covered entity must determine if the disclosure is mandatory rather than merely permissible.

55 EU Safe Harbor “We believe they are essentially consistent and that an organization complying with our privacy regulation can fairly and correctly self-certify that it complies with the Principles.” Questions regarding compliance and interpretation will be decided based on U.S. Law

56 EU Data Exportation Members can only export data if the destination country “ensures an adequate level of protection” for such data, or if some exception applies to the particular transfer

57 Safe Harbor Privacy Principles
Approved by EU Member States May 31, 2000 Intended solely for use by US organizations receiving personal data from EU for the purpose of qualifying for the safe harbor and the presumption of “adequacy” it creates. If an organization joins a self regulatory privacy program that adheres to the Principles, it qualifies for the safe harbor.

58 U.S. “Safe Harbor Principles”
Notice Informed Consent Choice “Opt-out” Sensitive “Opt-in” Onward Transfer Third Parties Security Protection “Reasonable Data Integrity Accurate, current Access Unconditional v Reasonable Enforcement Recourse & Penalty

59 Notice “THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY” Covered entities must describes all uses and disclosures of protected health information they are permitted or required to make without authorization including those uses and disclosures under consent requirements.

60 Notice Additionally, covered entities have to disclose those activities they may want to contact the individual -providing appointment reminders -describing/recommending treatments -providing health benefit information -soliciting funds Direct treatment providers must provide notice at time of first service delivery either in person or electronically. Under final rule, a covered entity that maintains a web site describing the services and benefits it offers must make its privacy notice prominently available through the site. Individual has right to request paper notice.

61 Patients/consumers are not covered entities and therefore HIPPA does not offer privacy protection to the individually identifiable health information they maintain/hold about themselves or their family.

62 Gramm-Leach-Bliley (S.900)
-Deregulation of Financial Service Organizations -Act pertains to “Customers’ nonpublic personal information.”

63 Gramm-Leach-Bliley (S.900)
-Accurately, clearly and conspicuously disclose to consumers, at the time relationship is established and not less than annually after that, the organizations’ privacy policy for disclosing customers non-public information -Provide the Consumer the right to “opt out” of disclosures of their nonpublic personal information to non-affiliated third parites (limited exceptions…) -Establish appropriate security and confidentiality measures for customer records and information

64 Medical Financial Privacy Protection Act (H.R. 4585)
Representative Leach Chairman, House Banking and Financial Services Committee Goal: Prevent financial institutions from sharing medical financial information without an individual;s consent and prohibit the use of medical information in making credit decisions. The bill requires a specific and separate consent for mental health information, HIV information, genetic information and abortion information.

65 Medical Financial Privacy Protection Act (H.R. 4585)
General Rules for Use of IIHI Representative Leach Chairman, House Banking and Financial Services Committee -“Opt-in” Consent for health information -Prohibit disclosure of Information about IIHI -Personal Spending Habits -Notice and Consent for Aggregate data disclosure to third party -Exempt use for customer service -Prohibit re-disclosure and re-use by third parties -Prohibit requesting of health information from a third party to make a loan or credit decision

66 The Prime Directive The actions of an eHealth or eCare Web site do not allow an individual to be identified with their unique health characteristics without the individual’s opt-in authorization.

67 Evolving Issues Data Interchange Messaging Email
Ubiquitous Wireless Connectivity Decision Making Support Data Interpretation Closing the Loop to Physician Desktop Consumer Claims-Processing Support

Data Interchange RELEASES AUTHORIZATIONS For release of personally identifiable information, the user must explicitly authorize such release. The authorization must state: Purpose for release Information to be shared Who information shared with Duration of authorization Provide user opportunity to revoke authorization at any time

69 Tailored Communication
Deliver personalized content, tailored advertising, relevant information Personal Health Manager Home Page Tailored Secure instant messaging Targeted ecommerce Access and pre-qualification to appropriate clinical trials case study as illustration [visual: Diabetic surfs the web looking for information and resources to help him manage his condition. Visits many eHealth sites, but they don’t ask any questions, offer only general information, or information of dubious value. Visits WellMed, takes HQ, takes AdvancedHQ for diabetes. Upon completing AdvancedHQ, receives personalized information and options for managing condition. Conclusion: WellMed engages users in a dialogue and delivers personalized, condition-specific information tailored to their particular needs.] Problem: Content of the electronic message may allow an individual to be associated with their unique health characteristics and thus their privacy violated.

70 Push Wellness (Opt-out) Pull Disease (Opt-in) Secure The Unmentionable
and Messaging WellMed’s Philosophy Push Wellness (Opt-out) Pull Disease (Opt-in) Secure The Unmentionable

71 Creating Dialogue with Patients: Effective and Efficient Communications
33% of Internet health site visitors would switch doctors based on ability to communicate over Internet (CyberDialogue) Estimated that 55-65% of doctors will use Internet in 2000 (up from < 20% in 1997)

72 Physicians Want to Email Patients
How Interested Are You in Being Able to Communicate More With Patients Using ? 40% Express Some Interest in More Patient Contact Not surprisingly, patients even more interested than MDs in communicating via – 41% highly interested, 28% moderately interested and only 32% uninterested. In fact, 14% would even consider switching MDs to gain access to this capability. (may want to use in outlook as actual slide) Right now– physicians who do their patients—10% or less (and 77% answered 0% of patients by ) mean was .4%…whereas with colleagues, mean was 8% 44% of MDs have shifted behavior due to patient web use– may be a data pt or slide– not sure yet Source: Jupiter Analysis; The Cozint Report, (5/00); n=800 (US only)

73 Dr. Doolittle, Online at Least
Harris Interactive April 03,2000 89 % of US Physicians are Internet users Average 6 hours/week online Personal 61% Patient Clinical % General Clinical 15% Administrative 16 % 28% Access information for a FEW patients 52% Sometimes use computers to receive lab results 33% Work in practices with their own web site

74 E/M Codes for email-responses
CPT Pay by Health Plan First Care out of Chicago-TPA

75 Value Add-Health Management
Messaging Functions Appt. Requests Refills Billing Send lab results, etc. Value Add-Health Management Proactive message from Doc to Pt (structured data) Pt to Doc alert about abnormal results

76 Wireless Reminders Supplies health information directly via cellular or digital technology Offers 24-hour access to personal health information without a computer Helps individuals organize and comply with treatment plans including prescription medications, fitness routines and nutrition protocols Personalizes information and content

77 Wireless Statistics Digital cell phone users, put at 32 million in 1999 by Jupiter Communications Smart phones, predicted to be at 800,000 by end of 1999 by Jupiter Communications, but up to 76 million by 2003

78 People Want Wireless Email
75% of wireless usage involves retrieving Solomon-Wolff Almost half of mobile device users want to retrieve via wireless Jupiter Communications

79 Customized Connectivity
Standard technologies will exist over the next 12 months that will make the tracking and monitoring of health issues more invisible and non-intrusive, greatly enhancing your ability to talk to your patients. Your organization stays top of mind in a POSITIVE context, not simply “the group that you call when you’re sick.” They look to your organization for help WHEN THEY ARE WELL. They will open your and they will go to your site. (Talk to data interchange here.)

80 Hi-Ethics Principles Reliable online information
Responsible online advertising Private and secure personal health information

81 A group of major commercial ehealth sites
Hi-Ethics sites reach more than 30% of Internet audience in general More than 60 million visitors have visited Hi-Ethics sites Projected 2000 revenues are 2/3 of total eHealth companies1 1 Includes 22 eHealth companies designated by Wit Capital, January 31, 2000

82 14 Hi-Ethics Principles 1-3 Privacy and Confidentiality
Advertising and Commerce Quality of Health Information Best Practices for Professionals Disclosure and Feedback

83 Privacy and Confidentiality
Must conform with Fair Information Practices Protection for Health-Related Personal Information “opt in” Privacy in Relationships with Third Parties Provide customers with meaningful choice

84 Advertising and Commerce
Disclosure of Ownership and Sponsorship Identifying Advertising and “Sponsored” Content Promotional Offers, Rebates and Free Items or Services

85 Quality of Health Information
Accuracy and Reliability Editorial Policy Authorship and Accountability and Date Validation for Self-Help Services

86 Best Practices for Healthcare Professionals
Clarity of Relationships Professionalism Qualifications

87 Combination of Law and Industry Self Regulation
Independent Multi Faceted Multi Tiered

88 CAV Program Truste will administer Independent implementation, evaluation and dispute resolution Hi Ethics will maintain the code and interpretation Web site does not need to belong to Hi Ethics to obtain the seal Annual Renewal Feedback and Monitoring

89 Multi Faceted Privacy Audit Financial Audit Security Audit
Professionalism compliance Editorial Policy compliance Advertising Policy compliance Evaluation of third party relationships

90 Multi Tiered 1. Adopt Hi Ethics Principles 2. Perform Self assessment
3. Publicly announce compliance 4. Independent assessment 5. Voluntary participation in “Hi Ethics Seal Program” 6. Join Hi Ethics

91 The key is Setting proper customer expectations
And then delivering on them

92 Care is directed by the provider AND the consumer
Care is directed by the provider AND the consumer. As providers, we put the patient in the driver’s seat, and take our seat as navigator and coach.

93 References IEEE Privacy Statement Cybercitizen Health Study Children’s Online Privacy Protection Rule Proposed Standards for Privacy of Individually Identifiable Health Information Summary: Full Reg: Security and Electronic Signature Standards WellMed Privacy Statement Privacy and Human Rights

94 References California Healthcare Foundation Privacy Report
HIPAA US Health & Human Services on Administrative Simplification -  Proposed Standards for Privacy of Individually Identifiable Health Information Summary: Full Reg.: HIPAAcomply - FTC HIPAA Response Summary Letter

95 References Security and Electronic Signature
Security and Electronic Signature Standards US Encryption Policy, Jan 14, HCFA’s Internet Security Policy HCFA’s Internet Policy FAQs State Laws California senate bills are: AB 416 Personal information: disclosure. BILL NUMBER: AB 416 CHAPTERED 09/28/99 CHAPTER 527  SB 19 Medical records: confidentiality. BILL NUMBER: SB 19 CHAPTERED 09/28/99 CHAPTER 526.

96 References Privacy Journal’s ranking of states Privacy Protection: October 1999 “The State of Health Privacy: An Uneven Terrain” Health Privacy Project 7/24/99. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, September 23, 1980, Council of the OECD. Privacy Protection on Global Networks, OECD Ministerial Conference, Ottawa, October 7-9, Electronic Commerce OECD Policy Brief, No. 1,

97 References Safe Harbor
Safe Harbor: Draft International Safe Harbor Privacy Principles Issued by the U.S. Department of Commerce Working Party On the Protection of Individuals with regard to the Processing of Personal Data 5146/99/EN/final Letter Adopted December 3,1999. March 17, 2000 U.S. Department of Commerce latest Draft

98 References Global Privacy & Human Rights Country Reports. None of Your Business; Peter P. Swire & Robert E. Litan; Brookings Institution Press: 1998. UK Data Protection Act of 1998; Privacy and Human Rights-An International Survey of Privacy Law s and Developments; 1999; Electronic Privacy Information Center and Privacy International; ISBN X; Children’s Online Privacy Children’s Online Privacy Protection Rule; 16 C.F.R. Part 132 RIN 3084-AA84; Agency Federal Trade Commission Final Rule ; New Rule Will Protect Privacy of Children Online Press Release; FTC

99 References Fair Information Practices
Five Principles Code of Fair Information Practices Privacy Act of 1974 Law The citation for the report is as follows: U.S. Dep't. Of Health, Education and Welfare, Secretary's Advisory Committee on Automated Personal Data Systems, Records, computers, and the Rights of Citizens viii (1973). WellMed Privacy Statement Other Sources Tunitas Group - Health Privacy Project - Arthur Anderson -

100 References WEDI - AHIMA -
Washington Publishing Company - IEEEPrivacy Position Paper - Cybercitizen Health Study - FTC Advisory Committee on Online Access and Security - Hi Ethics eHealth Ethics Code- AMA Web Guidelines- Department of Commerce: Elements of Effective Self Regulation for the Protection of Privacy and Questions Related to Online Privacy. Institute for Health Care Research and Policy -Georgetown University: Final Rule: Privacy Standards.

Download ppt "HIPAA Privacy Compliance for E-Health Sites"

Similar presentations

Ads by Google