Privacy and Security Tiger Team Potential Questions for Request for Comment Meaningful Use Stage 3 October 3, 2012.

Slides:



Advertisements
Similar presentations
1 HIT Standards Committee Privacy and Security Workgroup: Reformatted Standards Recommendations & Implementation Guidance Dixie Baker, SAIC Steven Findlay,
Advertisements

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
Connecticut Ave NW, Washington, DC Understanding Patient Engagement in Stage 2 MU: Direct, HIPAA, VDT, and Patient Engagement.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.
HIT Policy Committee Meaningful Use Workgroup Update Paul Tang Palo Alto Medical Foundation George Hripcsak Columbia University December 15, 2009.
1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.
HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair Certificate Authority- Provider Authentication Recommendations.
HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair August 19,
1 Privacy and Security Tiger Team Meeting Discussion Materials Topics Patient Authentication Hearing Questions for RFC on Meaningful Use Stage 3 October.
MU Stage 3 Notice of Proposed Rulemaking (NPRM) Comments Privacy and Security Workgroup Deven McGraw, chair Stan Crosley, co-chair May 7, 2015.
User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.
HIT Policy Committee Meaningful Use Workgroup Presentation Paul Tang, Chair Palo Alto Medical Foundation George Hripcsak. Co-Chair Columbia University.
August 12, Meaningful Use *** UDOH Informatics Brown Bag Robert T Rolfs, MD, MPH.
Privacy and Security Tiger Team Meeting Recommendations regarding a framework of security protections for EHRs December 7, 2011.
Privacy & Security Tiger Team: Accounting of Disclosures Recommendations December 4, 2013.
First Annual Summary of Privacy and Security Tiger Team Activities July 1, 2010 through September 30, 2013 Joy Pritts, Chief Privacy Officer.
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)
Privacy and Security Tiger Team Comparison of Stage 2 Proposed Rules w/Health IT Policy Committee previous privacy & security recommendations Preliminary.
HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair Provider Authentication Recommendations November 19, 2010.
HIT Standards Committee Implementation Workgroup Judy Murphy, Aurora Health Care, Co-Chair Liz Johnson, Tenet Healthcare, Co-Chair September 21, 2010.
HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair August 3,
1 HIT Policy Committee HIT Standards Committee Privacy and Security Workgroup: Status Report Dixie Baker, SAIC July 16, 2009.
HIT Standards Committee Hearing on Trusted Identity of Patients in Cyberspace November 29, 2012 Jointly sponsored by HITPC Privacy and Security Tiger Team.
Privacy and Security Tiger Team Subgroup Discussion: MU3 RFC July 29, 2013.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair Summary of 12/9 Hearing on Patient Matching December 13,
Operating as a Hybrid Entity at Cornell John Ruffing – Assistant Director, Center for Advanced Computing (CAC) Cornell.
Privacy and Security Tiger Team Recommendations Adopted by The Health IT Policy Committee Relevant to Consumer Empowerment May 24, 2013.
HIT Policy Committee Nationwide Health Information Network Governance Workgroup Recommendations Accepted by the HITPC on 12/13/10 Nationwide Health Information.
Authentication, Access Control, and Authorization (1 of 2) 0 NPRM Request (for 2017) ONC is requesting comment on two-factor authentication in reference.
Privacy & Security Workgroup NPRM Comments Dixie Baker, Chair Lisa Gallagher, Co-Chair April 24, 2014.
HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair September 14,
Privacy and Security Tiger Team Today’s Discussion: Query/Response Scenarios for Health Information Exchange and MU3 RFC Comments April 30, 2013.
Privacy and Security Tiger Team Today’s Discussion: MU3 RFC Comments May 8, 2013.
HIT Policy Committee Strategic Plan Workgroup Strategic Framework Paul Tang, Chair Palo Alto Medical Foundation Jodi Daniel, Co-Chair ONC March 17, 2010.
Privacy and Security Tiger Team Trusted Identity of Providers in Cyberspace Follow-Up Recommendations September 6, 2012.
Confidentiality and Security Issues in ART & MTCT Clinical Monitoring Systems Meade Morgan and Xen Santas Informatics Team Surveillance and Infrastructure.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
HIT Policy Committee Governance Workgroup Update John Lumpkin, Robert Wood Johnson Foundation, Chair September 14, 2010.
Privacy and Security Tiger Team Trusted Identity of Providers in Cyberspace Recommendations August 1, 2012.
HIT Policy Committee NHIN Workgroup Introductory Remarks David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of Commerce,
HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.
HIT Policy Committee Privacy & Security Tiger Team Update Deven McGraw, Co-Chair Center for Democracy & Technology Paul Egerman, Co-Chair June 25, 2010.
Certification and Adoption Workgroup – Policy Committee Update on the ONC Standards and Certification NPRM Marc Probst, workgroup co-chair Larry Wolf,
HIT Policy Committee Privacy & Security Workgroup Update Deven McGraw Center for Democracy & Technology Rachel Block Office of Health Information Technology.
HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair Patient Matching Recommendations February 2,
Recommendations to the HIT Policy Committee on ONC Standards and Certification NPRM May 2, 2012 Certification and Adoption Workgroup Marc Probst, Intermountain.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
HIT Standards Committee NHIN Workgroup Introductory Remarks Farzad Mostashari Office of the National Coordinator for Health IT Douglas Fridsma Office of.
HIT Policy Committee Report from HIT Standards Committee Privacy and Security Workgroup Dixie Baker, SAIC December 15, 2009.
Privacy & Security Tiger Team: Update on C/A workgroup recommendations for behavioral health & CEHRT May 6, 2014.
Information Exchange Workgroup Recommendations to HIT Policy Committee October 3, 2012 Micky Tripathi, Larry Garber.
HIT Policy Committee Privacy & Security Policy Workgroup Deven McGraw, Chair Center for Democracy & Technology Rachel Block, Co-Chair NYS Department of.
HIT Standards Committee Overview and Progress Report March 17, 2010.
HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair October 20,
Privacy and Security Tiger Team Trusted Identity of Patients in Cyberspace Initial Impressions on November 29 Hearing December 5, 2012.
HIT Policy Committee Meaningful Use Workgroup Update Paul Tang Palo Alto Medical Foundation George Hripcsak Columbia University January 13, 2010.
HIT Policy Committee Health Information Exchange Workgroup Deven McGraw, Center for Democracy & Technology Micky Tripathi, Massachusetts eHealth Collaborative.
HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair July 21, 2010.
HIT Standards Committee Meaningful Use Workgroup Update Paul Tang, Palo Alto Medical Foundation, Chair George Hripcsak, Columbia University, Co- Chair.
HIT Policy Committee Meaningful Use Workgroup Paul Tang, Palo Alto Medical Foundation, Chair George Hripcsak, Columbia University, Co- Chair October 27,
HIT Standards Committee Implementation Workgroup Liz Johnson, Tenet Healthcare, Co-Chair Judy Murphy, Aurora Health Care, Co-Chair November 16, 2011.
First Annual Summary of Privacy and Security Tiger Team Activities July 1, 2010 through September 30, 2013 Joy Pritts, Chief Privacy Officer.
HIT Standards Committee Privacy and Security Workgroup Task Update: Standards and Certification Criteria for Certifying EHR Modules Dixie Baker, Chair.
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
HIT Policy Committee Health Information Exchange Workgroup Comments on Notice of Proposed Rule Making (NPRM) and Interim Final Rule (IFR) Deven McGraw,
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
Presentation transcript:

Privacy and Security Tiger Team Potential Questions for Request for Comment Meaningful Use Stage 3 October 3, 2012

Tiger Team Members Deven McGraw, Chair, Center for Democracy & Technology Paul Egerman, Co-Chair Dixie Baker, SAIC Dan Callahan, Social Security Administration Neil Calman, Institute for Family Health Carol Diamond, Markle Foundation Judy Faulkner, EPIC Systems Corp. Leslie Francis, University of Utah; NCVHS Gayle Harrell, Consumer Representative/Florida John Houston, University of Pittsburgh Medical Center Alice Leiter, National Partnership for Women & Families David McCallie, Cerner Corp. Wes Rishel, Gartner Latanya Sweeney, Carnegie Mellon University Micky Tripathi, Massachusetts eHealth Collaborative 2

RFC on MU Stage 3 – Category 5 (1) The Health IT Policy Committee has already recommended that provider users of EHRs be authenticated at National Institute for Standards and Technology (NIST) “Level of Assurance” (LoA) 3 for remote access (e.g., more than user name and password required to authenticate) by Stage 3 of MU. 1.Should the next phase of EHR certification criteria include capabilities to authenticate provider users at LoA 3? If so, how would the criterion/criteria be described? 2. What is an appropriate MU measure for ensuring provider users authenticate at LoA 3 for remote access? Under what other circumstances (if any) should authentication at LoA 3 be required to meet MU? 3.NIST establishes guidance for authentication of individuals interacting remotely with the federal government. What, if any, modifications to this guidance are recommended for provider EHR users? 3

Defined Terms/Glossary 1.The Health IT Policy Committee defines remote access to include the following scenarios: A.Access from outside of an organization’s/entity’s private network. B.Access from an IP address not recognized as part of the organization/entity or that is outside of the organization/entity’s compliance environment. C.Access across a network any part of which is or could be unsecure (such as across the open Internet or using an unsecure wireless connection). 2.A copy of NIST’s latest guidance on electronic authentication (SP ) can be found at: 1.pdf 1.pdf 4

RFC on MU Stage 3 – Category 5 (2) In Stages 1 and 2 of MU, EPs/EHs/CAHs are required to attest to completing a HIPAA security risk assessment (and addressing deficiencies), and, in stage 2, attesting to specifically addressing encryption of data at rest in CEHRT. 1.What, if any, security risk issues (or HIPAA Security Rule provisions) should be subject to MU attestation in Stage 3? 2.For example, the requirement to make staff aware of the HIPAA Security Rule and to train them on Security Rule provisions is one of the top 5 areas of Security Rule noncompliance identified by the HHS Office for Civil Rights over the past 5 years. In addition, entities covered by the Security Rule must also send periodic security reminders to staff. The Tiger Team is considering requiring EPs/EHs/CAHs to attest to implementing Security Rule provisions regarding staff outreach & training and sending periodic security reminders; we seek feedback on this proposal. 5

RFC on MU Stage 3 – Category 5 (3) Accounting for disclosures, surveillance for unauthorized access or disclosure and incident investigation associated with alleged unauthorized access is a responsibility of organizations that operate EHRs and other clinical systems. Currently the 2014 Edition for Certified EHR Technology specifies the use of ASTM E This specification describes the contents of audit file reports but does not specify a standard format to support multiple-system analytics with respect to access. The Tiger Team requests feedback on the following questions: 1.Is it feasible to certify the compliance of EHRs based on the prescribed standard? 2.Is it appropriate to require attestation by meaningful users that such logs are created and maintained for a specific period of time? 3. Is there a requirement for a standard format for the log files of EHRs to support analysis of access to health information access multiple EHRs or other clinical systems in a healthcare enterprise? 4. Are there any specifications for audit log file formats that are currently in widespread use to support such applications? 6

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.