Tackling the Policy Challenges of Health Information Exchange Carol Diamond, MD, MPH Managing Director, Markle Foundation.

Slides:

Advertisements

Similar presentations

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

Advertisements

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Overview of the Connecting for Health Common Framework Privacy and Confidentiality Workshop eHealth Initiative and Vanderbilt Center for Better Health.

Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.

Overcoming Barriers to Expanding HIE. Health Information Exchange Hospita ls Primary care physician Specialty physician Ambulatory center (e.g. imaging.

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.

Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.

Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.

Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

A Robust Health Data Infrastructure P. Jon White, MD Director, Health IT Agency for Healthcare Research and Quality

Navigating Privacy and Security Issues for HIE: A Consumer Perspective Deven McGraw Chief Operating Officer National Partnership for Women & Families

HIT Policy Committee Strategic Plan Workgroup Paul Tang, Chair Palo Alto Medical Foundation Jodi Daniel, Co-Chair ONC December 15, 2009.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

HIT Policy Committee Nationwide Health Information Network Governance Workgroup Recommendations Accepted by the HITPC on 12/13/10 Nationwide Health Information.

Update on Interoperability Roadmap Comments Sections G, F and E Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

1 Healthcare Privacy and Security: Concepts and Challenges Dixie B. Baker, Ph.D. Chair, HIMSS Privacy and Security Advocacy Task Force.

SALSA-NetAuth Joint Techs Vancouver, BC July 2005.

Presented by Lygeia Ricciardi and Melissa Goldstein, of the Markle Foundation, Vicki Estrin from the Vanderbilit Center for Better Health and Marc Overhage.

State Alliance for e-Health Conference Meeting January 26, 2007.

Information Sharing Challenges, Trends and Opportunities

Connecting for Health: Common Framework. 2 What is Connecting for Health? Broad-based, public-private coalition More than 100 collaborators –Providers.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

Chapter 6 – Data Handling and EPR. Electronic Health Record Systems: Government Initiatives and Public/Private Partnerships EHR is systematic collection.

Privacy in Healthcare Challenges Associated with Implementing Privacy in an Electronic Health Records Environment John P. Houston, J.D. Vice President,

HIT Policy Committee Privacy & Security Tiger Team Update Deven McGraw, Co-Chair Center for Democracy & Technology Paul Egerman, Co-Chair June 25, 2010.

HIT Policy Committee Privacy & Security Workgroup Update Deven McGraw Center for Democracy & Technology Rachel Block Office of Health Information Technology.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

Organizational and Legal Issues -- Developing organization and governance models for HIE Day 2 -Track 5 – SECOND SESSION – PRIVACY AND SECURITY CONNECTING.

PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.

Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.

1 Technical Overview of the Common Framework HIT Symposium at MIT J. Marc Overhage, MD, PhD Regenstrief Institute Indiana University School of Medicine.

Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.

January 26, 2007 State Alliance for e-Health January 26, 2007 Robert M. Kolodner, MD Interim National Coordinator Office of the National Coordinator for.

Final Project – Health Information Exchange: Technology, Challenges & Opportunities Group 3 Gary Brown, Michelle Burke, Kazi Russell MMI 402 Fall 2013.

Privacy and Security Solutions For Interoperable Health Information Exchange Presented by Linda Dimitropoulos, PhD RTI International Presented at AHRQ.

Health Information Exchange in California Right Care Capitol Region University of Best Practices 9 February 2015 Robert M. Cothren, PhD, Executive Director.

HIPAA Summit XII Role of HIPAA Compliance in HIT Initiatives Bill Braithwaite, MD, PhD eHealth Initiative April 11, 2006

Health Delivery Services May 29, Eastern Massachusetts Healthcare Initiative Policy Work Group Session 2 May 29, 2009.

©2006 CSC and Connecting for Health Proprietary. An Overview of Contracts to Develop a Nationwide Health Information Network – The CSC Connecting for Health.

HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair October 20,

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

1 Overview of HIT Policy Committee’s Privacy Hearing Jodi Daniel, JD, MPH Director, Office of Policy and Research Office of the National Coordinator for.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

1 Copyright © International Security, Trust & Privacy Alliance -All Rights Reserved Making Privacy Operational International Security, Trust.

Moving the National Health Information Technology Agenda Forward The Fourth Health Information Technology Summit March 28, 2007 Robert M. Kolodner, MD.

HIT Policy Committee Meeting Nationwide Health Information Network Governance June 25, 2010 Mary Jo Deering, PhD ONC, Office of Policy and Planning NHIN.

Connecting for Health Common Framework: the Model Contract for Health Information Exchange Gerry Hinkley com July 18, 2006 Davis Wright.

Healthcare Security Professional Roundtable John Parmigiani National Practice Director Regulatory and Compliance Services CTG HealthCare Solutions, Inc.

S ecure A rchitecture F or E xchanging Health Information in Central Massachusetts Larry Garber, M.D. Peggy Preusse, R.N. June 9 th, 2005.

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

Overview of the Connecting for Health Common Framework MIT HIT Symposium Carol Diamond MD, MPH Markle Foundation.

Strategic Approaches to HIPAA Access & Audit HIPAA Summit West II March 15, 2002 San Francisco, CA Mariann Yeager tel cel

COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,

1 CDC Health Information Exchange (HIE) Accelerating State-wide Public Health Situational Awareness in New York Through Health Information Exchanges August.

EHI Toolkit for Health Information Exchange Building and Maintaining Policies for Information Sharing Bill Braithwaite, MD, PhD eHealth Initiative

Incorporating Privacy Into Systems Development Methodology Phil Moleski Director Corporate Information Technology Branch Saskatchewan Health

Records without boundaries? Penny Hill. Objectives of the session To identify the issues around managing record boundaries and how the CRDB is addressing.

MIT HIT Symposium How HIPAA Applies to HIT

Overview of the Connecting for Health Common Framework Resources

Model Contract for Health

American Health Information Management Association

Concerns of a Privacy Advocate – and How to Respond

Healthcare Privacy: The Perspective of a Privacy Advocate

Policies for Information Sharing

Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP

Enforcement and Policy Challenges in Health Information Privacy

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

Introduction to Personal Health Records –

HLN Consulting, LLC® November 8, 2006

Presentation transcript:

Tackling the Policy Challenges of Health Information Exchange Carol Diamond, MD, MPH Managing Director, Markle Foundation

What is Connecting for Health? A public-private collaborative of 100+ organizations representing all the points of view in healthcare. A neutral forum. Founded & supported by the Markle Foundation Additional support from the Robert Wood Johnson Foundation

What is the Purpose of Connecting for Health? To catalyze changes on a national basis to create an interconnected, electronic health information infrastructure to support better health and healthcare

The Connecting for Health Model Sharing = linking existing sources of information Health information can stay where it is—with the doctors and others who created it Specific information is shared only when and where it is needed. Sharing does not require an all new “network” or infrastructure Sharing does not require a central database or a national ID Sharing does require a Common Framework

A Common Framework Is Needed The Common Framework is the minimum necessary set of rules or protocols for everyone who shares health information to follow. Helps organizations overcome the barriers without “reinventing the wheel” Enables nationwide interoperability…avoiding isolated islands of information Builds trust

The Common Framework Is like a nationwide set of traffic rules that enable specific pieces of health information to travel when and where they are needed…

The Common Framework …and that put patients and the doctors they trust in the drivers’ seat.

What Do the Common Framework Resources Consist of? Technical rules and standards—that allow systems to “talk to” each other Policies on how to handle information– that build trust Model contractual language—that holds it all together

How Was the Common Framework Developed? Connecting for Health… Started with Design Principles Wrote a Roadmap Built a Prototype Developed the Common Framework through field experience and the collaboration of experts

Technology and Policy are Intertwined Choices about one necessarily shape the other. To build trust, you have to put policy decisions first.

Technical Principles 1.Make it “Thin” 2.Avoid “Rip and Replace” 3.Separate Applications from the Network 4.Decentralization 5.Federation 6.Flexibility 7.Privacy and Security 8.Accuracy

Privacy Principles 1.Openness and Transparency 2.Purpose Specification and Minimization 3.Collection Limitation 4.Use Limitation 5.Individual Participation and Control 6.Data Integrity and Quality 7.Security Safeguards and Controls 8.Accountability and Oversight 9.Remedies

Openness Purpose Specification Collection Limitation Use Limitation Individual Participation and Control Remedies Accountability Security Data Integrity The Privacy Principles are Interdependent

The Roadmap Report Laid out the vision in 2004 More than 60K copies in circulation

The Prototype Three sites -Boston -Indianapolis -Mendocino County, CA Diverse architectures Diverse organizational structures If these 3 can all use the Common Framework…anyone can!

Who Developed the Prototype and the Common Framework? Connecting for Health Steering Group Policy Subcommittee: Co-Chairs Bill Braithwaite and Mark Frisse Technical Subcommittee: Chair: Clay Shirky Three communities and teams: –Boston: MA-SHARE and technical partner CSC –Indianapolis: Regenstrief Institute and Indianapolis Health Information Exchange (IHIE) –Mendocino: Mendocino HRE and technical partner Browsersoft, Inc.

Who has access to what, under what circumstances, and with what protections? Who shares what and who bears the liability? How can you control access to your information? Tackling the Policy Challenges

What is Available? Policy Documents: 3 Categories 1.Background Document –P1: Privacy Architecture for a Networked Health Care Environment 2.Specific Policy Documents –P2-P8: Model privacy policies, notification and consent, correctly matching, authentication, patient access, audits, and breaches 3.Sample Contract Language –M1: Contact Topic List –M2: Model Contract

Looked at HIE in the context of HIPAA and existing state laws Developed a list of significant topics from –Members’ experience with early information exchange networks –Members’ own expertise Connecting for Health Policy Subcommittee

Common Framework Policy Topics Addressed Notification and consent Uses and disclosures of health information Matching patients with their records Authentication Patient access to their own information Audit Breaches of confidential information

Model Contract for Health Information Exchange Purpose of Model SNO Terms and Conditions –To create a mechanism of enforcement –To assist SNOs prepare their own Terms and Conditions –60-40 solution –Identify issues and alternatives –Raise questions

The Common Framework is Still Evolving Improving the resources to better meet the needs of communities Exploring how patients/consumers can access their own information Exploring how researchers and public health can benefit from health data

Common Framework Resources All available free at Policy and technical guides, model contractual language Registration for AHRQ/NORC Common Framework discussion forum Software code from regional prototype sites: Regenstrief, MAShare, OpenHRE to