Presentation is loading. Please wait.

Presentation is loading. Please wait.

Averting the Collision: Privacy Doctrine & Health Information Exchange Katherine L. Ball, MD, MSc William A. Yasnoff, MD, PhD, FACMI e-Health Initiative.

Published byDaniella Morris Modified over 8 years ago

Similar presentations

Presentation on theme: "Averting the Collision: Privacy Doctrine & Health Information Exchange Katherine L. Ball, MD, MSc William A. Yasnoff, MD, PhD, FACMI e-Health Initiative."— Presentation transcript:

1 Averting the Collision: Privacy Doctrine & Health Information Exchange Katherine L. Ball, MD, MSc William A. Yasnoff, MD, PhD, FACMI e-Health Initiative Washington, DC December 5, 2008 © 2008 NH I I ADVISORS

2 2 2 © 2008 NH I I ADVISORS Dangers of Electronic Records “ Anything you do to make information more accessible for good, laudable purposes will simultaneously make it more accessible for evil, nefarious purposes ” - William A. Yasnoff, New York Times, 2/18/07 (p. 16) Therefore, privacy is a much greater concern as more health records are electronic.

3 3 3 © 2008 NH I I ADVISORS Consumers and Health Privacy n Surveys of “information hiding” l 2006: 13% of consumers l 2007: 17% of consumers n Consumers already control information in their records n Without control, too many will opt out OR politically force system shut down n Choices are today’s system or consumer control -- complete information without consent is not (and should not be) a viable option n Patient control essential

4 4 4 © 2008 NH I I ADVISORS HIPAA Does NOT Assure Privacy n Information may be released WITHOUT consent for Treatment, Payment, or Operations (TPO) n TPO is determined solely by holder of information l No notification to patient l No review or appeal of TPO decision n No records of TPO disclosures required l No opportunity to review compliance l Trust without verification --> mistrust n Privacy depends on good behavior of covered entities l No enforcement possible

5 5 5 © 2008 NH I I ADVISORS PHR Privacy Assured by Federal ECPA Law n ECPA = Electronic Communications Privacy Act of 1986 (U.S. Code Title 18, Part I, Chapter 121, § 2701-12) n Applies to operators of publicly-available remote computing services (e.g. PHRs) n Operator may not release any subscriber information to any private party without consent of the subscriber l No exceptions n Does not apply to “non-public” systems n Much stronger protection than HIPAA n Extending HIPAA to PHRs would eliminate ECPA protection

6 6 6 © 2008 NH I I ADVISORS Independent Privacy Certification is Needed n Consumers need assurance that their privacy is protected n Privacy policies difficult for consumers to understand l Monitoring for changes is impractical for consumers n Certification addresses inherent conflict-of- interest between organization holding data and consumer n Certification must be independent of data organizations n Certification is information equivalent of financial auditing

7 7 7 © 2008 NH I I ADVISORS Privacy Certification Process n Establish auditing criteria (focus on policy) l Clear privacy policy l All access requires consumer consent l Audit trails accessible to consumers l No targeting or profiling without consent n Security is prerequisite l But not adequate to protect privacy n Careful review of audit criteria l In operational environment l Cannot be applied to system “in the box” n Independent evaluation of audit results l Avoids conflict of auditors and “auditees” n Compliance monitoring & annual recertification

8 8 8 © 2008 NH I I ADVISORS Health Record Banks (HRB) Can Protect Privacy n Secure community-based repository of complete health records n Access to records completely controlled by patients (or designee) n “Electronic safe deposit boxes” n Information about care deposited once when created l Required by HIPAA n Allows EHR incentives to physicians to make outpatient records electronic n Operation simple and inexpensive

9 9 9 © 2008 NH I I ADVISORS Clinical Encounter Health Record Bank Clinician EHR System Encounter Data Entered in EHR Encounter Data sent to Health Record Bank Patient Permission? NO DATA NOT SENT Clinician Inquiry Patient data delivered to Clinician YES optional payment Clinician’s Bank Secure patient health data files Health Record Bank Operation

10 10 © 2008 NH I I ADVISORS HRB Rationale n Operationally simple l Records immediately available l Deposit new records when created l Enables value-added services l Enables research queries n Patient control --> l Trust & privacy l Stakeholder cooperation (HIPAA) n Low cost facilitates business model n Creates EHR incentive options l Pay for deposits l Provide Internet-accessible EHRs

11 11 © 2008 NH I I ADVISORS Health Record Bank Organization Customer Support Marketing Operations HRB Operator Board of Directors Management Health Record Bank Operator (for-profit) regulate via contract % of revenue RESPONSIBLE FOR: Policy Governance Oversight RESPONSIBLE FOR: Obtaining Capital Operating HRB Executive Director Other Staff(Optional) Community Non-profits Community Board of Directors Many communities use single HRB

12 12 © 2008 NH I I ADVISORS Questions? For more information: www.ehealthtrust.com www.healthbanking.org www.yasnoff.com William A. Yasnoff, MD, PhD, FACMI william.yasnoff@nhiiadvisors.com 703/527-5678 Katherine L. Ball, MD, MS kball@jhmi.edu

Download ppt "Averting the Collision: Privacy Doctrine & Health Information Exchange Katherine L. Ball, MD, MSc William A. Yasnoff, MD, PhD, FACMI e-Health Initiative."

Similar presentations

National HIT Agenda and HIE - 2007 John W. Loonsk, M.D. Director of Interoperability and Standards Office of the National Coordinator Department of Health.

National HIT Agenda and HIE John W. Loonsk, M.D. Director of Interoperability and Standards Office of the National Coordinator Department of Health.
Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.

Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.

1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.

NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.
Information Sharing and Cross-System Collaboration John Petrila, J.D., LL.M. Professor, University of South Florida

Information Sharing and Cross-System Collaboration John Petrila, J.D., LL.M. Professor, University of South Florida
Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.

Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.

Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.
Rationale for Independent Health Record Banks William A. Yasnoff, MD, PhD, FACMI Managing Partner, NHII Advisors William A. Yasnoff, MD, PhD, FACMI Managing.

Rationale for Independent Health Record Banks William A. Yasnoff, MD, PhD, FACMI Managing Partner, NHII Advisors William A. Yasnoff, MD, PhD, FACMI Managing.
Health Record Banks Enable Secondary Data Use with Privacy Protection William A. Yasnoff, MD, PhD, FACMI CEO, Health Record Banking Alliance William A.

Health Record Banks Enable Secondary Data Use with Privacy Protection William A. Yasnoff, MD, PhD, FACMI CEO, Health Record Banking Alliance William A.
Health Record Banks: A Financially Sustainable Model for Health Information Exchange William A. Yasnoff, MD, PhD, FACMI Managing Partner, NHII Advisors.

Health Record Banks: A Financially Sustainable Model for Health Information Exchange William A. Yasnoff, MD, PhD, FACMI Managing Partner, NHII Advisors.
Edward H. Shortliffe, MD, PhD Chairman, Advisory Board Health Record Banking Alliance (HRBA) www.healthbanking.org Panel on Privacy - III Defragmenting.

Edward H. Shortliffe, MD, PhD Chairman, Advisory Board Health Record Banking Alliance (HRBA) Panel on Privacy - III Defragmenting.
2 HIPAA, HITECH, and Medical Records. Learning Outcomes When you finish this chapter, you will be able to: 2.1Discuss the importance of medical records.

2 HIPAA, HITECH, and Medical Records. Learning Outcomes When you finish this chapter, you will be able to: 2.1Discuss the importance of medical records.
A New Patient-centric and Sustainable Path to Achieving Health Information Infrastructure William A. Yasnoff, MD, PhD, FACMI Managing Partner, NHII Advisors.

A New Patient-centric and Sustainable Path to Achieving Health Information Infrastructure William A. Yasnoff, MD, PhD, FACMI Managing Partner, NHII Advisors.
2 H. Westley Clark, M.D., J.D., M.P.H., CAS, FASAM Director Center for Substance Abuse Treatment Substance Abuse Mental Health Services Administration.

2 H. Westley Clark, M.D., J.D., M.P.H., CAS, FASAM Director Center for Substance Abuse Treatment Substance Abuse Mental Health Services Administration.
Minnesota Law and Health Information Exchange Oversight Activities James I. Golden, PhD State Government Health IT Coordinator Director, Health Policy.

Minnesota Law and Health Information Exchange Oversight Activities James I. Golden, PhD State Government Health IT Coordinator Director, Health Policy.
Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.
Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University 202-687-0880.

Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University

Similar presentations

Ads by Google