HIT Standards Committee Privacy and Security Workgroup: Privacy and Security Workgroup: Update Dixie Baker, SAIC Steve Findlay, Consumers Union March 24,

Slides:

Advertisements

Similar presentations

1 HIT Standards Committee Privacy and Security Workgroup: Reformatted Standards Recommendations & Implementation Guidance Dixie Baker, SAIC Steven Findlay,

Advertisements

HIPAA and Joint Commission Requirements Compared and Contrasted

What IHE Delivers Basic Patient Privacy Consents HIT-Standards – Privacy & Security Workgroup John Moehrke GE Healthcare.

September, 2005What IHE Delivers 1 Basic Patient Privacy Consents (BPPC) IHE Vendors Workshop 2006 IHE Patient Care Coordination Education

HIT Standards Committee Privacy and Security Workgroup Recommendations for Electronic Health Record (EHR) Query of Provider Directories Dixie Baker, Chair.

Implementation Workgroup: Current Activities and Next Steps.

Electronic Submission of Medical Documentation (esMD) Face to Face Informational Session esMD Requirements, Priorities and Potential Workgroups – 2:00pm.

1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.

Beth DeLair, JD, RN DeLair Consulting, LLC. Discussion Topics Background Existing WI Requirements State Efforts to Change Law Senate Bill 487 Changes.

Overview of HITSC and S&I Framework Criteria to Evaluate Health IT Standard HL7 Clinical Quality Information Workgroup Walter G. Suarez, MD, MPH – Co-Chair,

HITSP – enabling healthcare interoperability 1 enabling healthcare interoperability 1 Standards Harmonization HITSP’s efforts to address HIT-related provisions.

HITSP – enabling healthcare interoperability 1 enabling healthcare interoperability 1 Standards Harmonization HITSP’s efforts to address HIT-related provisions.

HIT Standards Committee Privacy and Security Workgroup: Standards for Consumer Engagement Dixie Baker, SAIC Steve Findlay, Consumers Union May 26, 2010.

Consumer Privacy using HITSP TP30 John Moehrke – GE Healthcare Co-Chair HITSP Security/Privacy/Infrastructure Co-Chair HL7 Security Workgroup Member IHE.

HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair Provider Authentication Recommendations November 19, 2010.

Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research.

HIT Standards Committee Implementation Workgroup Judy Murphy, Aurora Health Care, Co-Chair Liz Johnson, Tenet Healthcare, Co-Chair September 21, 2010.

HIT Policy Committee Strategic Plan Workgroup Paul Tang, Chair Palo Alto Medical Foundation Jodi Daniel, Co-Chair ONC December 15, 2009.

1 VUMC Confidentiality Policy and HIPAA Implications for Clinical Research General Clinical Research Center Skills Workshop March 2, 2007 Gaye Smith Privacy.

1 HIT Policy Committee HIT Standards Committee Privacy and Security Workgroup: Status Report Dixie Baker, SAIC July 16, 2009.

Data Gathering HITPC Workplan HITPC Request for Comments HITSC Committee Recommendations gathered by ONC HITSC Workgroup Chairs ONC Meaningful Use Stage.

S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.

HIT Standards Committee Privacy and Security Workgroup: Update Dixie Baker Dixie Baker, SAIC Steve Findlay Steve Findlay, Consumers Union December 18,

HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair Walter Suarez, Co-Chair June 22, 2011.

WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.

HIT Standards Committee Privacy and Security Workgroup: Standards for Consumer Engagement Dixie Baker, SAIC Steve Findlay, Consumers Union April 28, 2009.

HITSP’s Scope  The Panel’s mission is to assist in the development of a Nationwide Health Information Network (NHIN) by addressing the standards-related.

What IHE Delivers Security and Privacy Overview & BPPC September 23, Chris Lindop – IHE Australia July 2011.

Privacy and Security Tiger Team Today’s Discussion: MU3 RFC Comments May 8, 2013.

HIT Policy Committee Strategic Plan Workgroup Strategic Framework Paul Tang, Chair Palo Alto Medical Foundation Jodi Daniel, Co-Chair ONC March 17, 2010.

HIT Standards Committee Privacy and Security Workgroup Recommendations on Certification of EHR Modules Dixie Baker, Chair Walter Suarez, Co-Chair December.

HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.

The PRISM Privacy Tool: A User’s Guide PHDSC Home Page  PRISM Web Page 

September, 2005What IHE Delivers 1 An Overview of the IHE IT Infrastructure IHE Vendors Workshop 2006 IHE IT Infrastructure Education Glen F. Marshall.

HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair, Privacy and Security Workgroup Walter Suarez, Co-Chair, Privacy and Security.

H I P A A T R A I N I N G Self Directed Module 7 Research Disclosures For Data Custodians START Click to begin…

HIT Policy Committee Privacy & Security Tiger Team Update Deven McGraw, Co-Chair Center for Democracy & Technology Paul Egerman, Co-Chair June 25, 2010.

February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare.

HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair Patient Matching Recommendations February 2,

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Education Workshop 2007 IHE IT Infrastructure Education John Moehrke GE Healthcare.

HIT Policy Committee Report from HIT Standards Committee Privacy and Security Workgroup Dixie Baker, SAIC December 15, 2009.

Cross-Enterprise User Authentication John F. Moehrke GE Healthcare IT Infrastructure Technical Committee.

HIT Standards Committee Privacy and Security Workgroup Final Recommendations for NwHIN Governance RFI Assigned Questions Dixie Baker, Chair Walter Suarez,

HIT Standards Committee Clinical Operations Workgroup Jamie Ferguson, Kaiser Permanente John Halamka, Harvard Medical School June 23, 2009.

HIT Standards Committee Overview and Progress Report March 17, 2010.

HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair, Privacy and Security Workgroup Walter Suarez, Co-Chair, Privacy and Security.

HIT Standards Committee Implementation Workgroup Judy Murphy, Aurora Health Care, Co-Chair Liz Johnson, Tenet Healthcare, Co-Chair June 22, 2011.

HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair October 20,

1 Designing a Privacy Management System International Security Trust & Privacy Alliance.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

HIT Standards Committee Implementation Workgroup Aneesh Chopra Chief Technology Officer Office of Science & Technology Policy (OSTP) October 29, 2009.

Electronic Submission of Medical Documentation (esMD) Author of Record Workgroup Friday, July 13,

Privacy and Security Tiger Team Potential Questions for Request for Comment Meaningful Use Stage 3 October 3, 2012.

HIT Standards Committee Implementation Workgroup Liz Johnson, Tenet Healthcare, Co-Chair Judy Murphy, Aurora Health Care, Co-Chair November 16, 2011.

1 HIT Standards Committee Hearing on Health Information Technology Security Issues, Challenges, Threats, and Solutions - Introduction Dixie Baker, SAIC.

HIT Standards Committee Privacy and Security Workgroup Progress Report on Review of Governance RFI Dixie Baker, Chair Walter Suarez, Co-Chair May 24, 2012.

HIT Standards Committee Privacy and Security Workgroup Task Update: Standards and Certification Criteria for Certifying EHR Modules Dixie Baker, Chair.

HIT Standards Committee Implementation Workgroup Judy Murphy, Aurora Health Care, Co-Chair Liz Johnson, Tenet Healthcare, Co-Chair September 28, 2011.

September, 2005What IHE Delivers 1 Basic Patient Privacy Consents IHE Educational Workshop 2007 John Moehrke Lori Forquet.

What IHE Delivers Basic Patient Privacy Consents HIT-Standards – Privacy & Security Workgroup John Moehrke GE Healthcare.

Workgroup Introduction & Trust Mark Briefing Transport & Security Standards Workgroup September 22, 2014.

Basic Security Cor Loef Philips Medical Systems Co-Chair IHE Radiology Technical Committee.

HIT Standards Committee Implementation Workgroup Liz Johnson, Tenet Healthcare, Co-Chair Judy Murphy, Aurora Health Care, Co-Chair October 27, 2010.

Testbed A Sun Microsystems PDP Domain A VMSlice Domain B VMSlice Jericho Systems PDP IP Address: xxx.xxx.xxx.xxx Duane’s Laptop IP Address: xxx.xxx.xxx.xxx.

Board of Directors – March 24, 2016 Denise Mannon, AHFI, CHPC Corporate Compliance Officer.

HIT Standards Committee NwHIN Power Team Dixie Baker, Chair July 20,

Making Your IRBs and Clinical Investigators HIPAA-Ready

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Presentation transcript:

HIT Standards Committee Privacy and Security Workgroup: Privacy and Security Workgroup: Update Dixie Baker, SAIC Steve Findlay, Consumers Union March 24, 2009

2 Privacy and Security Workgroup Members Dixie Baker, SAIC Anne Castro, BlueCross BlueShield of South Carolina Aneesh Chopra, Federal Chief Technology Officer Ed Larsen, HITSP David McCallie, Cerner Corporation John Moehrke, HITSP Steve Findlay, Consumers Union Gina Perez, Delaware Health Information Network Wes Rishel, Gartner Walter Suarez, Kaiser Permanente Sharon Terry, Genetic Alliance

3 Progress Updated IFR Review to incorporate comments from the HIT Standards Committee – submitted to HITSC Chairs Supporting HIT Policy Committee’s Privacy and Security Policy Workgroup, and aligning our standards efforts to their priorities –Consent management –Review of existing security policy inherent in HIPAA Security Rule Launching educational sessions on standards activities around consent management

4 Consumer Health Permissions Privacy Consent (or Consent Directive) – Consumer’s written or verbal permission to collect, use, and/or disclose individually identifiable health information (IIHI) Privacy Authorization – A signed, written document that contains all of the elements required by the HIPAA Privacy Rule and that gives a covered entity permission to use or disclose specified IIHI for specified purposes Informed Consent – Consumer’s written permission to perform a specific medical procedure, or to participate in a specific research study or clinical trial, that is given only after the consumer has been fully informed of the purposes, risks, benefits, confidentiality protections, and other relevant aspects of the activity

Consent Management Today Consumer permissions captured as manual signature on paper form Paper forms filed in each organization who holds consumer’s private health information 5 Consent/Authorization

Consent Management Tomorrow 6 Rules inexorably tied to information exchanged – updates propagated to all data instances throughout life cycle Permissions cross-validated & translated into consent rules enforced by security access control mechanisms Consent Rule 1 Consent Rule 2 Consent Rule n Chris’ EHR Permissions and updates captured as part of health record Permissions interpretable by humans & computers Consent/Authorization Consumer digitally signs consent or authorization

Standards Needed Consent Rule 1 Consent Rule 2 Consent Rule n Chris’ EHR Consent/Authorization Digital signatures Privacy policies Data model & schema Permission syntax & vocabulary Cross-validation of consumer permissions Maintaining and retrieving permissions Translating permissions into access-control rules Enforcement and auditing of permission-related activities Exchanging permissions & access rules Propagating permission revocations & modifications 7

Educational Sessions re Standardardization Efforts Relating to Consent Management April 1, 2:00-4:00pm ET: Organization for the Advancement of Structured Information Standards (OASIS) / International Security Trust and Privacy Alliance (ISTPA) Privacy Management Reference Model (PMRM); Speakers – John Sabo, Michael Willett April 23, 2:00-4:00pm ET: Integrating the Healthcare Enterprise (IHE) Basic Patient Privacy Consents (BPPC) Profile; Speaker – John Moehrke [Schedule TBD]: Health Level 7 (HL7) Version 3 Domain Analysis Model: Medical Records; Composite Privacy Consent Directive – Speaker (TBD) [Schedule TBD]: OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) and eXtensible Access Control Markup Language (XACML) – Speaker (TBD) 8