HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair August 3, 2011 1.

Slides:



Advertisements
Similar presentations
Strategy and Innovation Workgroup October 21, 2014 David Lansky, chair Jennifer Covich, co-chair.
Advertisements

HIT Policy Committee Meaningful Use Workgroup Update Paul Tang Palo Alto Medical Foundation George Hripcsak Columbia University December 15, 2009.
HIT Policy Committee Information Exchange Workgroup Proposed Next Steps Micky Tripathi, Chair David Lansky, Co-Chair August 19, 2010.
1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.
HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair Certificate Authority- Provider Authentication Recommendations.
HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair August 19,
Notice of Proposed Rulemaking (NPRM) Comments Privacy and Security Workgroup Deven McGraw, chair Stan Crosley, co-chair April 27, 2015.
Notice of Proposed Rulemaking (NRPM) Comments Privacy and Security Workgroup Deven McGraw, Chair Stanley Crosley, Co-chair May 12, 2015.
MU Stage 3 Notice of Proposed Rulemaking (NPRM) Comments Privacy and Security Workgroup Deven McGraw, chair Stan Crosley, co-chair May 7, 2015.
HIT Policy Committee Meaningful Use Workgroup Presentation Paul Tang, Chair Palo Alto Medical Foundation George Hripcsak. Co-Chair Columbia University.
HIT Policy Committee Meaningful Use Workgroup Paul Tang, Palo Alto Medical Foundation, Chair George Hripcsak, Columbia University, Co- Chair December 13,
Privacy and Security Tiger Team Meeting Recommendations regarding a framework of security protections for EHRs December 7, 2011.
Privacy & Security Tiger Team: Accounting of Disclosures Recommendations December 4, 2013.
First Annual Summary of Privacy and Security Tiger Team Activities July 1, 2010 through September 30, 2013 Joy Pritts, Chief Privacy Officer.
Privacy and Security Tiger Team Comparison of Stage 2 Proposed Rules w/Health IT Policy Committee previous privacy & security recommendations Preliminary.
HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair Provider Authentication Recommendations November 19, 2010.
Navigating Privacy and Security Issues for HIE: A Consumer Perspective Deven McGraw Chief Operating Officer National Partnership for Women & Families
HIT Policy Committee Strategic Plan Workgroup Paul Tang, Chair Palo Alto Medical Foundation Jodi Daniel, Co-Chair ONC December 15, 2009.
HIT Standards Committee Hearing on Trusted Identity of Patients in Cyberspace November 29, 2012 Jointly sponsored by HITPC Privacy and Security Tiger Team.
Privacy and Security Tiger Team Subgroup Discussion: MU3 RFC July 29, 2013.
Notice of Proposed Rulemaking (NRPM) Comments Privacy and Security Workgroup Deven McGraw, Chair Stanley Crosley, Co-chair May 22, 2015.
HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair Summary of 12/9 Hearing on Patient Matching December 13,
Privacy and Security Tiger Team Recommendations Adopted by The Health IT Policy Committee Relevant to Consumer Empowerment May 24, 2013.
HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair Walter Suarez, Co-Chair June 22, 2011.
HIT Policy Committee Nationwide Health Information Network Governance Workgroup Recommendations Accepted by the HITPC on 12/13/10 Nationwide Health Information.
HIT Standards Committee Privacy and Security Workgroup: Standards for Consumer Engagement Dixie Baker, SAIC Steve Findlay, Consumers Union April 28, 2009.
HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair September 14,
HIT Policy Committee Strategic Plan Workgroup Strategic Framework Paul Tang, Chair Palo Alto Medical Foundation Jodi Daniel, Co-Chair ONC March 17, 2010.
Privacy and Security Tiger Team Trusted Identity of Providers in Cyberspace Follow-Up Recommendations September 6, 2012.
HIT Policy Committee Governance Workgroup Update John Lumpkin, Robert Wood Johnson Foundation, Chair September 14, 2010.
HIT Policy Committee NHIN Workgroup Introductory Remarks David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of Commerce,
HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.
Clinical Documentation Hearing Recommendations Meaningful Use and Certification and Adoption Workgroups Paul Tang, MU Workgroup Chair Larry Wolf, C&A Workgroup.
Larry Wolf, chair Marc Probst, co-chair Certification / Adoption Workgroup March 19, 2014.
Stage 3 Draft Recommendations Paul Tang, Chair George Hripcsak, Co-Chair Meaningful Use Workgroup March 18, 2014.
HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair, Privacy and Security Workgroup Walter Suarez, Co-Chair, Privacy and Security.
HIT Policy Committee Privacy & Security Tiger Team Update Deven McGraw, Co-Chair Center for Democracy & Technology Paul Egerman, Co-Chair June 25, 2010.
HIT Policy Committee Privacy & Security Workgroup Update Deven McGraw Center for Democracy & Technology Rachel Block Office of Health Information Technology.
Notice of Proposed Rulemaking (NRPM) Comments Privacy and Security Workgroup Deven McGraw, Chair Stanley Crosley, Co-chair May 12, 2015.
HIT Policy Committee Meaningful Use Workgroup Presentation to HIT Policy Committee Paul Tang, Palo Alto Medical Foundation, Chair George Hripcsak, Columbia.
Notice of Proposed Rulemaking (NRPM) Comments Privacy and Security Workgroup Deven McGraw, Chair Stanley Crosley, Co-chair May 18, 2015.
HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair Patient Matching Recommendations February 2,
Privacy and Security Tiger Team Meeting Discussion Materials Today’s Topic Recommendations on Trusted Identities for Providers in Cyberspace August 6,
Recommendations to the HIT Policy Committee on ONC Standards and Certification NPRM May 2, 2012 Certification and Adoption Workgroup Marc Probst, Intermountain.
HIT Policy Committee Meaningful Use Workgroup Paul Tang, Chair George Hripcsak, Co-Chair June 25, 2010.
HIT Standards Committee NHIN Workgroup Introductory Remarks Farzad Mostashari Office of the National Coordinator for Health IT Douglas Fridsma Office of.
Privacy & Security Tiger Team: Update on C/A workgroup recommendations for behavioral health & CEHRT May 6, 2014.
HIT Standards Committee Meaningful Use Workgroup Presentation to HIT Policy Committee on July 16, 2009 As Presented by:Paul Tang, Chair Palo Alto Medical.
Information Exchange Workgroup Recommendations to HIT Policy Committee October 3, 2012 Micky Tripathi, Larry Garber.
HIT Policy Committee Adoption Certification Workgroup Proposed Next Steps Paul Egerman, Chair Marc Probst, Co-Chair July 21, 2010.
HIT Policy Committee Information Exchange Workgroup Micky Tripathi, Massachusetts eHealth Collaborative, Chair David Lansky, Pacific Business Group on.
HIT Policy Committee Privacy & Security Policy Workgroup Deven McGraw, Chair Center for Democracy & Technology Rachel Block, Co-Chair NYS Department of.
HIT Standards Committee Clinical Operations Workgroup Jamie Ferguson, Kaiser Permanente John Halamka, Harvard Medical School June 23, 2009.
HIT Standards Committee Implementation Workgroup Judy Murphy, Aurora Health Care, Co-Chair Liz Johnson, Tenet Healthcare, Co-Chair June 22, 2011.
HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair October 20,
Privacy and Security Tiger Team Trusted Identity of Patients in Cyberspace Initial Impressions on November 29 Hearing December 5, 2012.
HIT Policy Committee Meaningful Use Workgroup Update Paul Tang Palo Alto Medical Foundation George Hripcsak Columbia University January 13, 2010.
HIT Policy Committee Health Information Exchange Workgroup Deven McGraw, Center for Democracy & Technology Micky Tripathi, Massachusetts eHealth Collaborative.
HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair July 21, 2010.
1 Overview of HIT Policy Committee’s Privacy Hearing Jodi Daniel, JD, MPH Director, Office of Policy and Research Office of the National Coordinator for.
HIT Standards Committee Meaningful Use Workgroup Update Paul Tang, Palo Alto Medical Foundation, Chair George Hripcsak, Columbia University, Co- Chair.
Privacy and Security Tiger Team Potential Questions for Request for Comment Meaningful Use Stage 3 October 3, 2012.
HIT Standards Committee Implementation Workgroup Liz Johnson, Tenet Healthcare, Co-Chair Judy Murphy, Aurora Health Care, Co-Chair November 16, 2011.
First Annual Summary of Privacy and Security Tiger Team Activities July 1, 2010 through September 30, 2013 Joy Pritts, Chief Privacy Officer.
HIT Standards Committee Implementation Workgroup Liz Johnson, Tenet Healthcare, Co-Chair Judy Murphy, Aurora Health Care, Co-Chair October 27, 2010.
HIT Policy Committee Privacy & Security Workgroup Update Deven McGraw Center for Democracy & Technology Rachel Block Office of Health Information Technology.
HIT Standards Committee NwHIN Power Team Dixie Baker, Chair July 20,
HIT Policy Committee Health Information Exchange Workgroup Comments on Notice of Proposed Rule Making (NPRM) and Interim Final Rule (IFR) Deven McGraw,
Health IT Policy Committee’s Workgroup Updates June 16, 2009 Meeting
Presentation transcript:

HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair August 3,

Tiger Team Members 2 Deven McGraw, Chair, Center for Democracy & Technology Paul Egerman, Co-Chair Dixie Baker, SAIC Christine Bechtel, National Partnership for Women & Families Rachel Block, NYS Department of Health Neil Calman, Institute for Family Health Carol Diamond, Markle Foundation Judy Faulkner, EPIC Systems Corp. Leslie Francis, University of Utah; NCVHS Gayle Harrell, Consumer Representative/Florida John Houston, University of Pittsburgh Medical Center David Lansky, Pacific Business Group on Health David McCallie, Cerner Corp. Wes Rishel, Gartner Latanya Sweeney, Carnegie Mellon University Micky Tripathi, Massachusetts eHealth Collaborative Deborah Lafky, ONC Joy Pritts, ONC Judy Sparrow, ONC

Scope of this Discussion From the MU Workgroup presentation to the HITPC on Proposed Stage 2 of Meaningful Use (June 1, 2011): –Hospitals: 10% of patients/families view and have the ability to download information about a hospital admission; information available for all patients within 36 hours of the encounter –EPs: 10% of patients/families view & have the ability to download their longitudinal health information; information available to all patients within 24 hours of an encounter (or 4 days after information available to EPs) P&S TT to consider whether a P&S warning should be put in S&C criteria 3

Scope of this Discussion Discuss the privacy and security transparency implications of a patient’s ability to view and download their electronic health information Rationale: –“It is a basic fair information practice to help people know what they are agreeing to and doing. 1 ” –Downloading information opens up the individual to new privacy and security risks 4 1 The Markle Foundation, (2010). Policies in Practice 1: The Download Capability. Accessed on June 23, 2011,

The Markle Foundation Policy Brief Help individuals make informed choices: Provide a clear, concise explanation of the download function and its most fundamental implications for the individual. Provide prominent links that enable individuals to view more details about the download process, including what basic security precautions to take on their own, how the service answers questions, and who to contact if they believe some of the downloaded information is in error. Obtain independent confirmation that the individual wants to download a copy of personal health information after presenting, at minimum, the following information: 5 The Markle Foundation, (2010). The Download Capability. Accessed on June 23, The Markle Foundation, (2010). Policies in Practice 1: The Download Capability. Accessed on June 23, 2011,

Example: My HealtheVet Blue Button 6 Security Notice Links to Security Tips (next slide) Written language shifting responsibility to the patient Website:

My HealtheVet Security Tips Link (summarized) Download your data to a safe and secure location. Treat your personal and health information just like you would your banking or other confidential information. If you think your information may have been accessed by someone else, check your My HealtheVet Account History. Remember, you are in control of access to your personal health information. Make sure you protect it and keep it safe. 7 Website:

Example: Medicare Blue Button Safeguarding Your Data Language: Since you control access to your downloaded health information, it is your responsibility to protect it. You should treat your personal and health information just like you would your banking or other confidential information. Here are some important things to remember: –Download your data to a secure location. You may want to download your information to a CD or flash drive. Consider purchasing an encrypted flash drive for your information. You may also encrypt or require a password to access a CD. –If you want to send your information via , you should encrypt the message. –Keep paper copies in a safe and secure place that you can control. –If you think your information may have been downloaded by someone else, contact MEDICARE. 8 Website:

Certification Consideration The Tiger Team considered EHR certification requirements in Stage 2, but felt that providers would want flexibility with respect to the type of guidance provided to patients. –Rationale: Requiring a certification “standard” could result in over-specification or create inflexibility. Instead, the Tiger Team opted to offer best practice guidance for providers participating in the Meaningful Use program (and the vendors and software developers who serve those providers) 9

Draft Recommendations for Best Practices 1.Providers participating in the Meaningful Use program should offer patients clear and simple guidance regarding use of the view and download functionality in Stage 2. –This should be offered at the time there is a desire to download and it should address the following three items: Remind patients that they will be in control of the copy of their medical information that they have downloaded and should take steps to protect this information in the same way that they protect other types of sensitive information. Include a link or links to resources with more information on such topics as the download process and how best to protect information. Obtain independent confirmation that the patient wants to complete the download transaction or transactions. 10

Draft Recommendations (cont.) 2.Providers should also consider whether to offer clear and simple guidance at the time of viewing a record. –Alerting patients to the potential risks of viewing sensitive information on a public computer, or on a screen visible to others, or failing to properly log out. 3.Providers should also request vendors and software developers to configure the view and download functionality in a way that no cache copies are retained after the view session is terminated. –ONC should also provide such guidance to vendors and software developers, such as through entities conducting EHR certification. 4.Providers can review the Markle Foundation policy brief, and the guidance provided to patients as part of the MyHealtheVet Blue Button and Medicare Blue Button, for examples of guidance provided to patients using view and download capabilities. 11

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.