Security Issues in Connected Healthcare Communities Fitting Solutions to Your Emerging Community Presented by: Holt Anderson Executive Director, NCHICA.

Slides:



Advertisements
Similar presentations
HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.
Advertisements

HISPC-Illinois II The Public-Private Partnership Moves Forward on Privacy and Security.
Update on Recent Health Reform Activities in Minnesota.
Cheryl M. Stephens Executive Director Community Health Information Collaborative July 17, 2006 Community Health Information Collaborative and the Northeast.
The Rhode Island Chronic Care Sustainability Initiative: Building a Patient-Centered Medical Home Pilot in Rhode Island.
Denise B. Webb State Health IT Coordinator May 9, 2013.
HIPAA Privacy Rule Training
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
Assisting NCHICA members in transforming the US healthcare system through the effective use of information technology, informatics and analytics. Transitions.
Capability Cliff Notes Series PHEP Capability 2—Community Recovery What Is It And How Will We Measure It?
HealthNet connect Telehealth
Organizational and Legal Issues -- Addressing Privacy and Security Issues Day 2 – Track 5 CONNECTING COMMUNITIES for BETTER HEALTH 2nd Annual Learning.
Project Update : Claims/Clinical Linkage Project MHDO Board of Directors June 6, 2013.
This document and all other documents, materials, or other information of any kind transmitted or orally communicated by RxHub (or its members) in the.
Introduction to the State-Level Mitigation 20/20 TM Software for Management of State-Level Hazard Mitigation Planning and Programming A software program.
Minnesota Law and Health Information Exchange Oversight Activities James I. Golden, PhD State Government Health IT Coordinator Director, Health Policy.
HealthInfoNet and Clinical Data Capture Update – LD1818 Workgroup Presentation August 9,
Regional Health Information Organizations (RHIOs) The Primary Vehicle for Achieving the National Health Information Network (NHIN) Presented by: Holt Anderson.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 8 The Personal Health Record.
The Use of Health Information Technology in Physician Practices
HIPAA PRIVACY AND SECURITY AWARENESS.
Compliance Issues for Medical Research at Healthcare Systems Jerry Castellano, Pharm.D., CIP Corporate Director Institutional Review Board Christiana Care.
0 Presentation to: Health IT HIPPA Workshop Presented by: Stacey Harris, Director of Health IT Innovation September 26, 2014 Division of Health Information.
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web 1 Component 4/Unit 2Health IT Workforce Curriculum.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
MA-SHARE MedsInfo-ED Engaging Community Leaders: Developing a Plan and Strategy for the MedsInfo-ED Project A patient safety initiative to automate communication.
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
State Alliance for e-Health Conference Meeting January 26, 2007.
Steps for Success in EHR Planning Bill French, VP eHealth Strategies Wisconsin Office of Rural Health HIT Implementation Workshop Stevens Point, WI August.
Health Information Technology The Texas Landscape Presentation to TASSCC 2010 Nora Belcher Texas e-Health Alliance August 3, 2010.
AMERICAN RECOVERY AND REINVESTMENT ACT OF 2009 Health Information Technology for Economic and Clinical Health Act (HITECH Act) Regina.
State HIE Program Chris Muir Program Manager for Western/Mid-western States.
1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Eliza de Guzman HTM 520 Health Information Exchange.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
THE TENTH NATIONAL HIPPA SUMMIT ELECTRONIC HEALTH RECORDS NATIONAL HEALTH INFORMATION INFRASTRUCTURE LEGAL ISSUES APRIL 7, 2005 Paul T. Smith, Esq. Partner,
Santa Barbara County Care Data Exchange June 22, 2004 Sam Karp, Director Health Information Technology California HealthCare Foundation NHII 2004 Cornerstones.
Presented by: Craig A. Mathews, Executive Director AHRQ Annual Grantee Meeting – October 27, 2007 Transforming Quality Through Health Information Technology.
NHIN, RHIOs, and North Carolina: Herding Cats May be the Only Way to Bring NC's Healthcare Communities Online Session 3.04 March 7, 2005 Presented by:
Health Information Technologies and Health Care Transformation James Golden, PhD Director, Division of Health Policy Minnesota Department of Health February.
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.
Public Health Data Standards Consortium
EHealth Progress Across the States in 2007 Results of a Survey of State Officials AcademyHealth National Health Policy Conference State Health Research.
Issues in State-Wide Regional Healthcare Information Organizations Paul Macielak, Esq. New York Health Plan Association June 28, 2005.
Kevin W. Ryan JD, MA Associate Director – ACHI Assistant Professor – UAMS COPH Rural TeleCon ’06 10th Annual Conference of the Rural Telecommunications.
Presented to: Pre-Conference Symposia The Ninth National HIPAA Summit Six+ Months to Go: Tuning up for HIPAA Compliance – Tips of the Trade Holt Anderson,
Public Health Data Standards Consortium
Confidential 1 HIPAA Compliance at Blue Cross Blue Shield of Minnesota: A Case Study Tim Wittenburg Director of Corporate Architecture & Data Management.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
PHDSC Privacy, Security, and Data Sharing Committee Letter to Governors.
Presented to: HIPAA Summit VIII Baltimore, Maryland March 8, 2004 One Year to Go - Getting Started with Your HIPAA Security Self-Assessment and Planning.
Systems, Data and HIPAA from a Medicaid Perspective Rick Friedman, Director Division of State Systems Center for Medicare and Medicaid US Dept Health &
State Alliance for e-Health Michelle Lim Warner, MPH Senior Policy Analyst NGA Center for Best Practices
Final Rule Regarding EHR Certification Flexibility for 2014 Today’s presenters: Al Wroblewski, Client Services Relationship Manager Thomas Bennett, Client.
Preparing to Implement HITECH A New Report from the State Alliance For E-Health Ree Sailors Kentucky e-Health Summit September 16, 2009.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
Terminology in Healthcare and Public Health Settings Electronic Health Records Lecture b – Definitions and Concepts in the EHR This material Comp3_Unit15.
COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,
Pennsylvania Health Information Exchange NJHIMSS - DVHIMSS Enabling Healthcare Transformation Through Information Technology September, 2010.
Health Information Exchange: Alaska’s Health Pipeline Alaska Bar Association Health Law Section February 2, 2012 Carolyn Heyman-Layne.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.
HIPAA Privacy Rule Training
Efficient and secure transborder exchange of patient data
Electronic Health Records (EHR)
Regional Health Information Exchange: Getting There
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
Presentation transcript:

Security Issues in Connected Healthcare Communities Fitting Solutions to Your Emerging Community Presented by: Holt Anderson Executive Director, NCHICA

Presentation Outline Emerging Models for Connected CommunitiesEmerging Models for Connected Communities Key Factors in Building Your Local Health Information NetworkKey Factors in Building Your Local Health Information Network Examples of Collaborative Activities and Lessons LearnedExamples of Collaborative Activities and Lessons Learned Q & AQ & A

Emerging Models for Connected Communities

“Connected Communities” Connected CommunityConnected Community A collaborative, consumer-centric collaboration or organization focused on facilitating the coordination of existing and proposed e-health initiatives within a region, state, or other designated local area.

Types of Connected Communities FederationsFederations Includes large, “self-sufficient” enterprises Agreement to network, share, allow access to information they maintain on peer to peer basis May develop system of indexing and/or locating data (e.g., state or region-wide MPI)

Types of Connected Communities (cont.) Co-opsCo-ops Includes mostly smaller enterprises Agreement to pool resources and create a combined, common data repository May share technology and administrative overhead

Types of Connected Communities (cont.) HybridsHybrids Includes combinations of Federations and Co-ops Agreement to network, share, allow access to information they maintain on peer to peer basis Allows aggregation across large areas (statewide or regional)

Organizational Structure 501(c)(3) Nonprofit501(c)(3) Nonprofit Eligible for Federal and State Grants Contributions may be tax deductible as charitable Issues:Issues: Limit of ~20% - 40% on income from “unrelated business” activities (i.e. not charitable and educational) May need to subcontract or otherwise handoff operational aspects of activities

Management of Connected Communities VIDEO CLIP

Key Factors in Building Your Local Health Information Network

Challenges to Broader Exchange of Information Business / Policy IssuesBusiness / Policy Issues Competition Internal policies Consumer privacy concerns / transparency Uncertainties regarding liability Difficulty in reaching multi-enterprise agreements for exchanging information Economic factors and incentives Technical / Security IssuesTechnical / Security Issues interoperability among multiple parties Authentication Auditability

Security Challenges The anticipated:The anticipated: Authentication Maintenance of List of Authorized Individuals Secure Communications Method of encryption / decryption Risk Assessment / Analysis for Community Coordinating Investigation, Response, Mitigation Vendor Interpretation of Standards The unanticipated:The unanticipated: Changes in Technology Changes in Membership of Community Effort

Alleged Holly Springs Hacker Wanted To Show Flaws In Security Clayton Dillard Accused Of Unlawfully Accessing Hospital Computer System POSTED: 11:06 a.m. EDT September 9, 2003 RALEIGH, N.C. -- A Holly Springs man is in trouble after being accused of hacking into a medical office's wireless computer network. Clayton Dillard is accused of hacking into a hospital computer system and accessing information of hundreds of patients. Raleigh police said Clayton Taylor Dillard, a 29-year-old information security consultant, is charged with one felony count of computer trespass, one felony count of unlawful computer access and one misdemeanor count of computer trespass. They said the charges against Dillard resulted from an intrusion that occurred to a wireless computer network at Wake Internal Medicine Consultants Inc. After Dillard accessed the information, he contacted patients and insurance companies. He also wrote WRAL a letter, stating, "These guys are a bunch of bozos." He also mailed WRAL copies of checks and insurance forms with patient names and procedures. Copyright WRAL News 2003 Security Case - Wireless

HIPAA as Enabler HIPAA Privacy and Security Regulations provide a baseline of standards that permit the diffusion of electronic health records capabilities and the appropriate exchange of information.

Examples of Collaborative Activities and Challenges Incurred

NCHICA Background Established in 1994 by Executive Order of GovernorEstablished in 1994 by Executive Order of Governor 501(c)(3) nonprofit - research & education501(c)(3) nonprofit - research & education Mission: Improve healthcare in NC by accelerating the adoption of information technologyMission: Improve healthcare in NC by accelerating the adoption of information technology 250 members including:250 members including: Providers Health Plans Clearinghouses State & Federal Government Agencies Professional Associations and Societies Research Organizations Vendors and Consultants

Successes and Challenges Raised in NCHICA Projects

Statewide Master Person Index 1994 Goal:1994 Goal: Develop Voluntary Patient Information Locator (VPIL) so that records could be accessed for care Business / Policy:Business / Policy: Shared “customer lists” Legal:Legal: Privacy & Liability No State or Federal Laws covering electronic health info Consumer:Consumer: Privacy Technical:Technical: Availability of standardized MPIs from all providers and sectors Synchronizing databases Standards for data

Lessons Learned:Lessons Learned: Technology is the easy part Business and Policy Considerations are much harder and “Show Stoppers” Develop clinical leadership for project with technologists in support role Statewide Master Person Index

HIPAA Efforts Privacy & Confidentiality Focus Group Privacy & Confidentiality Focus Group Model Privacy Legislation HIPAA Implementation Planning Task Force HIPAA Implementation Planning Task Force 1998-Present1998-Present Privacy Work Group Security Work Group Transactions, Code Sets and Identifiers Work Group Privacy & Security Officials Work Group Deliverables: Compliance tools, model documents, education and training programsDeliverables: Compliance tools, model documents, education and training programs building community consensusand, method of building community consensus

Statewide Immunization Registry 1998 Goal:1998 Goal: Combined registry of public and private children’s immunization records from multiple sources available via secure Internet Business / Policy:Business / Policy: Internet access to public health database Legal:Legal: Privacy and Security Non-stigmatizing data Consumer:Consumer: Well understood need Technical:Technical: Move from mainframe to server with SSL Web technology and authentication Data quality and matching entries from different sources User Identification and Authentication

Statewide Immunization Registry Status Combined DatabaseCombined Database Public Health BCBSNC Kaiser Permanente (historical) ~ 2M Children~ 2M Children ~ 20M doses~ 20M doses 425 sites; 2250 authenticated users425 sites; 2250 authenticated users 90 Local Public Health Departments 335 Private Providers, Schools, State of TN

New Statewide Immunization Registry

Lessons Learned:Lessons Learned: Choose project with clear benefits Enlist Clinical and CEO-level champions Share the load Celebrate success Probabilistic matching can provide reasonable identification of individuals PKI is not like falling off a log Proof is in the utility of the project and user demand for sustaining it past pilot stage Statewide Immunization Registry

Statewide Emergency Dept. Database 1999 Goal:1999 Goal: Standardize and electronically collect clinical data from emergency departments for: Best Practice Development & Community Assessments Public Health Surveillance (2001) Business / Policy:Business / Policy: Participation Agreement covering access and use of data Legal:Legal: Privacy and Security No state mandate for collection of certain data elements with identifiers (Limited Data Set and Data Use Agreement) Consumer:Consumer: Collected and transmitted to aggregation point as deidentified data TechnicalTechnical Standards for data elements (CDC’s DEEDS Standard) Mapping of systems so extracts could be transformed into DEEDS No standards for coding of Chief Complaint and First Report of Injury

Lessons Learned:Lessons Learned: Provide neutral table for collaboration Make it easy for IT Departments to provide data Keep it simple and cheap Expect new opportunities for data use Professional associations are better at policy issues than technology implementation While HIPAA is permissive, providing information voluntarily (e.g. without safe harbor) makes legal counsel very uncomfortable Statewide Emergency Dept. Database

North Carolina Healthcare Quality Initiative Medications Management Project Improving Healthcare in North Carolina by Accelerating the Adoption of Information Technology

NC Healthcare Quality Initiative Goal:Goal: Phase I - Provide list of medications at point of encounter to save time, improve accuracy of treatment and avoid medication errors Include ability to automate refills, e-Rx, and access to formularies Phase II – Electronic handling of Lab and Radiology data Business / Policy:Business / Policy: Access to data from health plans, PBMs, pharmacies and other providers Cost of operation; Sustainability Legal:Legal: Privacy and Security (limit use to Treatment) Rights to data; Liability Consumer:Consumer: Who has been looking for and at my information? Drugs for behavioral health, communicable diseases, etc. TechnicalTechnical Accessing records from multiple sources and linking same patient data

Presentation Data Integration Identity Hub/Repository Administration INQUIRY HISTORY DATABASEIDENTITY HUB EAI Inquiry History Database Web portal eRxEHR Transaction Services RxHUBSureScriptsDirect Electronic Prescriptions & Refills Community Medication History Porta Community Medication History Portal Patient Data Sources PBMsPharmacies Health Plans, including NC Medicaid Regional Hospitals Regional Clinics Community Database Medicare Medications Management Initiative

Project Development Teams TechnologyTechnology Define technical approach, methods, operation Clinical IntegrationClinical Integration Clinician roles and adoption / support strategies Business / FinanceBusiness / Finance Business models, budgets, and justification PolicyPolicy Protection of rights of Consumers / Patients / Members Agreements among participants MetricsMetrics Set baseline and assess value of project CoordinationCoordination Overall Project management

The Race Goes to the Swift VIDEO CLIP

Holt Anderson, Executive Director (919) ext. 27 North Carolina Healthcare Information and Communications Alliance, Inc. Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.