Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Issues in Connected Healthcare Communities Fitting Solutions to Your Emerging Community Presented by: Holt Anderson Executive Director, NCHICA.

Published byVirgil Copeland Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Issues in Connected Healthcare Communities Fitting Solutions to Your Emerging Community Presented by: Holt Anderson Executive Director, NCHICA."— Presentation transcript:

1 Security Issues in Connected Healthcare Communities Fitting Solutions to Your Emerging Community Presented by: Holt Anderson Executive Director, NCHICA

2 Presentation Outline Emerging Models for Connected CommunitiesEmerging Models for Connected Communities Key Factors in Building Your Local Health Information NetworkKey Factors in Building Your Local Health Information Network Examples of Collaborative Activities and Lessons LearnedExamples of Collaborative Activities and Lessons Learned Q & AQ & A

3 Emerging Models for Connected Communities

4 “Connected Communities” Connected CommunityConnected Community A collaborative, consumer-centric collaboration or organization focused on facilitating the coordination of existing and proposed e-health initiatives within a region, state, or other designated local area.

5 Types of Connected Communities FederationsFederations Includes large, “self-sufficient” enterprises Agreement to network, share, allow access to information they maintain on peer to peer basis May develop system of indexing and/or locating data (e.g., state or region-wide MPI)

6 Types of Connected Communities (cont.) Co-opsCo-ops Includes mostly smaller enterprises Agreement to pool resources and create a combined, common data repository May share technology and administrative overhead

7 Types of Connected Communities (cont.) HybridsHybrids Includes combinations of Federations and Co-ops Agreement to network, share, allow access to information they maintain on peer to peer basis Allows aggregation across large areas (statewide or regional)

8 Organizational Structure 501(c)(3) Nonprofit501(c)(3) Nonprofit Eligible for Federal and State Grants Contributions may be tax deductible as charitable Issues:Issues: Limit of ~20% - 40% on income from “unrelated business” activities (i.e. not charitable and educational) May need to subcontract or otherwise handoff operational aspects of activities

9 Management of Connected Communities VIDEO CLIP

10 Key Factors in Building Your Local Health Information Network

11 Challenges to Broader Exchange of Information Business / Policy IssuesBusiness / Policy Issues Competition Internal policies Consumer privacy concerns / transparency Uncertainties regarding liability Difficulty in reaching multi-enterprise agreements for exchanging information Economic factors and incentives Technical / Security IssuesTechnical / Security Issues interoperability among multiple parties Authentication Auditability

12 Security Challenges The anticipated:The anticipated: Authentication Maintenance of List of Authorized Individuals Secure Communications Method of encryption / decryption Risk Assessment / Analysis for Community Coordinating Investigation, Response, Mitigation Vendor Interpretation of Standards The unanticipated:The unanticipated: Changes in Technology Changes in Membership of Community Effort

13 Alleged Holly Springs Hacker Wanted To Show Flaws In Security Clayton Dillard Accused Of Unlawfully Accessing Hospital Computer System POSTED: 11:06 a.m. EDT September 9, 2003 RALEIGH, N.C. -- A Holly Springs man is in trouble after being accused of hacking into a medical office's wireless computer network. Clayton Dillard is accused of hacking into a hospital computer system and accessing information of hundreds of patients. Raleigh police said Clayton Taylor Dillard, a 29-year-old information security consultant, is charged with one felony count of computer trespass, one felony count of unlawful computer access and one misdemeanor count of computer trespass. They said the charges against Dillard resulted from an intrusion that occurred to a wireless computer network at Wake Internal Medicine Consultants Inc. After Dillard accessed the information, he contacted patients and insurance companies. He also wrote WRAL a letter, stating, "These guys are a bunch of bozos." He also mailed WRAL copies of checks and insurance forms with patient names and procedures. http://www.wral.com/news Copyright WRAL News 2003 Security Case - Wireless

14 HIPAA as Enabler HIPAA Privacy and Security Regulations provide a baseline of standards that permit the diffusion of electronic health records capabilities and the appropriate exchange of information.

15 Examples of Collaborative Activities and Challenges Incurred

16 NCHICA Background Established in 1994 by Executive Order of GovernorEstablished in 1994 by Executive Order of Governor 501(c)(3) nonprofit - research & education501(c)(3) nonprofit - research & education Mission: Improve healthcare in NC by accelerating the adoption of information technologyMission: Improve healthcare in NC by accelerating the adoption of information technology 250 members including:250 members including: Providers Health Plans Clearinghouses State & Federal Government Agencies Professional Associations and Societies Research Organizations Vendors and Consultants

17 Successes and Challenges Raised in NCHICA Projects

18 Statewide Master Person Index 1994 Goal:1994 Goal: Develop Voluntary Patient Information Locator (VPIL) so that records could be accessed for care Business / Policy:Business / Policy: Shared “customer lists” Legal:Legal: Privacy & Liability No State or Federal Laws covering electronic health info Consumer:Consumer: Privacy Technical:Technical: Availability of standardized MPIs from all providers and sectors Synchronizing databases Standards for data

19 Lessons Learned:Lessons Learned: Technology is the easy part Business and Policy Considerations are much harder and “Show Stoppers” Develop clinical leadership for project with technologists in support role Statewide Master Person Index

20 HIPAA Efforts 1995-1999 Privacy & Confidentiality Focus Group1995-1999 Privacy & Confidentiality Focus Group Model Privacy Legislation 1998-2003 HIPAA Implementation Planning Task Force1998-2003 HIPAA Implementation Planning Task Force 1998-Present1998-Present Privacy Work Group Security Work Group Transactions, Code Sets and Identifiers Work Group Privacy & Security Officials Work Group Deliverables: Compliance tools, model documents, education and training programsDeliverables: Compliance tools, model documents, education and training programs building community consensusand, method of building community consensus

21 Statewide Immunization Registry 1998 Goal:1998 Goal: Combined registry of public and private children’s immunization records from multiple sources available via secure Internet Business / Policy:Business / Policy: Internet access to public health database Legal:Legal: Privacy and Security Non-stigmatizing data Consumer:Consumer: Well understood need Technical:Technical: Move from mainframe to server with SSL Web technology and authentication Data quality and matching entries from different sources User Identification and Authentication

22 Statewide Immunization Registry Status Combined DatabaseCombined Database Public Health BCBSNC Kaiser Permanente (historical) ~ 2M Children~ 2M Children ~ 20M doses~ 20M doses 425 sites; 2250 authenticated users425 sites; 2250 authenticated users 90 Local Public Health Departments 335 Private Providers, Schools, State of TN

23 New Statewide Immunization Registry

24 Lessons Learned:Lessons Learned: Choose project with clear benefits Enlist Clinical and CEO-level champions Share the load Celebrate success Probabilistic matching can provide reasonable identification of individuals PKI is not like falling off a log Proof is in the utility of the project and user demand for sustaining it past pilot stage Statewide Immunization Registry

25 Statewide Emergency Dept. Database 1999 Goal:1999 Goal: Standardize and electronically collect clinical data from emergency departments for: Best Practice Development & Community Assessments Public Health Surveillance (2001) Business / Policy:Business / Policy: Participation Agreement covering access and use of data Legal:Legal: Privacy and Security No state mandate for collection of certain data elements with identifiers (Limited Data Set and Data Use Agreement) Consumer:Consumer: Collected and transmitted to aggregation point as deidentified data TechnicalTechnical Standards for data elements (CDC’s DEEDS Standard) Mapping of systems so extracts could be transformed into DEEDS No standards for coding of Chief Complaint and First Report of Injury

26 Lessons Learned:Lessons Learned: Provide neutral table for collaboration Make it easy for IT Departments to provide data Keep it simple and cheap Expect new opportunities for data use Professional associations are better at policy issues than technology implementation While HIPAA is permissive, providing information voluntarily (e.g. without safe harbor) makes legal counsel very uncomfortable Statewide Emergency Dept. Database

27 North Carolina Healthcare Quality Initiative Medications Management Project Improving Healthcare in North Carolina by Accelerating the Adoption of Information Technology

28 NC Healthcare Quality Initiative Goal:Goal: Phase I - Provide list of medications at point of encounter to save time, improve accuracy of treatment and avoid medication errors Include ability to automate refills, e-Rx, and access to formularies Phase II – Electronic handling of Lab and Radiology data Business / Policy:Business / Policy: Access to data from health plans, PBMs, pharmacies and other providers Cost of operation; Sustainability Legal:Legal: Privacy and Security (limit use to Treatment) Rights to data; Liability Consumer:Consumer: Who has been looking for and at my information? Drugs for behavioral health, communicable diseases, etc. TechnicalTechnical Accessing records from multiple sources and linking same patient data

29 Presentation Data Integration Identity Hub/Repository Administration INQUIRY HISTORY DATABASEIDENTITY HUB EAI Inquiry History Database Web portal eRxEHR Transaction Services RxHUBSureScriptsDirect Electronic Prescriptions & Refills Community Medication History Porta Community Medication History Portal Patient Data Sources PBMsPharmacies Health Plans, including NC Medicaid Regional Hospitals Regional Clinics Community Database Medicare Medications Management Initiative

30 Project Development Teams TechnologyTechnology Define technical approach, methods, operation Clinical IntegrationClinical Integration Clinician roles and adoption / support strategies Business / FinanceBusiness / Finance Business models, budgets, and justification PolicyPolicy Protection of rights of Consumers / Patients / Members Agreements among participants MetricsMetrics Set baseline and assess value of project CoordinationCoordination Overall Project management

31 The Race Goes to the Swift VIDEO CLIP

32 Holt Anderson, Executive Director Holt@nchica.orgHolt@nchica.org (919) 558-9258 ext. 27 Holt@nchica.org North Carolina Healthcare Information and Communications Alliance, Inc. www.nchica.org Thank You

Download ppt "Security Issues in Connected Healthcare Communities Fitting Solutions to Your Emerging Community Presented by: Holt Anderson Executive Director, NCHICA."

Similar presentations

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.
HISPC-Illinois II The Public-Private Partnership Moves Forward on Privacy and Security.

HISPC-Illinois II The Public-Private Partnership Moves Forward on Privacy and Security.
Update on Recent Health Reform Activities in Minnesota.

Update on Recent Health Reform Activities in Minnesota.
Cheryl M. Stephens Executive Director Community Health Information Collaborative July 17, 2006 Community Health Information Collaborative and the Northeast.

Cheryl M. Stephens Executive Director Community Health Information Collaborative July 17, 2006 Community Health Information Collaborative and the Northeast.
The Rhode Island Chronic Care Sustainability Initiative: Building a Patient-Centered Medical Home Pilot in Rhode Island.

The Rhode Island Chronic Care Sustainability Initiative: Building a Patient-Centered Medical Home Pilot in Rhode Island.
Denise B. Webb State Health IT Coordinator May 9, 2013.

Denise B. Webb State Health IT Coordinator May 9, 2013.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
Assisting NCHICA members in transforming the US healthcare system through the effective use of information technology, informatics and analytics. Transitions.

Assisting NCHICA members in transforming the US healthcare system through the effective use of information technology, informatics and analytics. Transitions.
Capability Cliff Notes Series PHEP Capability 2—Community Recovery What Is It And How Will We Measure It?

Capability Cliff Notes Series PHEP Capability 2—Community Recovery What Is It And How Will We Measure It?
HealthNet connect Telehealth

HealthNet connect Telehealth
Organizational and Legal Issues -- Addressing Privacy and Security Issues Day 2 – Track 5 CONNECTING COMMUNITIES for BETTER HEALTH 2nd Annual Learning.

Organizational and Legal Issues -- Addressing Privacy and Security Issues Day 2 – Track 5 CONNECTING COMMUNITIES for BETTER HEALTH 2nd Annual Learning.
Project Update : Claims/Clinical Linkage Project MHDO Board of Directors June 6, 2013.

Project Update : Claims/Clinical Linkage Project MHDO Board of Directors June 6, 2013.
This document and all other documents, materials, or other information of any kind transmitted or orally communicated by RxHub (or its members) in the.

This document and all other documents, materials, or other information of any kind transmitted or orally communicated by RxHub (or its members) in the.
Introduction to the State-Level Mitigation 20/20 TM Software for Management of State-Level Hazard Mitigation Planning and Programming A software program.

Introduction to the State-Level Mitigation 20/20 TM Software for Management of State-Level Hazard Mitigation Planning and Programming A software program.
Minnesota Law and Health Information Exchange Oversight Activities James I. Golden, PhD State Government Health IT Coordinator Director, Health Policy.

Minnesota Law and Health Information Exchange Oversight Activities James I. Golden, PhD State Government Health IT Coordinator Director, Health Policy.
HealthInfoNet and Clinical Data Capture Update – LD1818 Workgroup Presentation August 9, 2012 1.

HealthInfoNet and Clinical Data Capture Update – LD1818 Workgroup Presentation August 9,
Regional Health Information Organizations (RHIOs) The Primary Vehicle for Achieving the National Health Information Network (NHIN) Presented by: Holt Anderson.

Regional Health Information Organizations (RHIOs) The Primary Vehicle for Achieving the National Health Information Network (NHIN) Presented by: Holt Anderson.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 8 The Personal Health Record.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 8 The Personal Health Record.

Similar presentations

Ads by Google