1. HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair August 3, 2011 1

2. Tiger Team Members 2 Deven McGraw, Chair, Center for Democracy & Technology Paul Egerman, Co-Chair Dixie Baker, SAIC Christine Bechtel, National Partnership for Women & Families Rachel Block, NYS Department of Health Neil Calman, Institute for Family Health Carol Diamond, Markle Foundation Judy Faulkner, EPIC Systems Corp. Leslie Francis, University of Utah; NCVHS Gayle Harrell, Consumer Representative/Florida John Houston, University of Pittsburgh Medical Center David Lansky, Pacific Business Group on Health David McCallie, Cerner Corp. Wes Rishel, Gartner Latanya Sweeney, Carnegie Mellon University Micky Tripathi, Massachusetts eHealth Collaborative Deborah Lafky, ONC Joy Pritts, ONC Judy Sparrow, ONC

3. Scope of this Discussion From the MU Workgroup presentation to the HITPC on Proposed Stage 2 of Meaningful Use (June 1, 2011): –Hospitals: 10% of patients/families view and have the ability to download information about a hospital admission; information available for all patients within 36 hours of the encounter –EPs: 10% of patients/families view & have the ability to download their longitudinal health information; information available to all patients within 24 hours of an encounter (or 4 days after information available to EPs) P&S TT to consider whether a P&S warning should be put in S&C criteria 3

4. Scope of this Discussion Discuss the privacy and security transparency implications of a patient’s ability to view and download their electronic health information Rationale: –“It is a basic fair information practice to help people know what they are agreeing to and doing. 1 ” –Downloading information opens up the individual to new privacy and security risks 4 1 The Markle Foundation, (2010). Policies in Practice 1: The Download Capability. Accessed on June 23, 2011, http://www.markle.org/sites/default/files/20100831_dlcapability.pdfhttp://www.markle.org/sites/default/files/20100831_dlcapability.pdf

5. The Markle Foundation Policy Brief Help individuals make informed choices: Provide a clear, concise explanation of the download function and its most fundamental implications for the individual. Provide prominent links that enable individuals to view more details about the download process, including what basic security precautions to take on their own, how the service answers questions, and who to contact if they believe some of the downloaded information is in error. Obtain independent confirmation that the individual wants to download a copy of personal health information after presenting, at minimum, the following information: 5 The Markle Foundation, (2010). The Download Capability. Accessed on June 23, 2011 http://www.markle.org/sites/default/files/20100831_dlcapability_pb_1.pdfhttp://www.markle.org/sites/default/files/20100831_dlcapability_pb_1.pdf The Markle Foundation, (2010). Policies in Practice 1: The Download Capability. Accessed on June 23, 2011, http://www.markle.org/sites/default/files/20100831_dlcapability.pdfhttp://www.markle.org/sites/default/files/20100831_dlcapability.pdf

6. Example: My HealtheVet Blue Button 6 Security Notice Links to Security Tips (next slide) Written language shifting responsibility to the patient Website: http://www.myhealth.va.gov/http://www.myhealth.va.gov/

7. My HealtheVet Security Tips Link (summarized) Download your data to a safe and secure location. Treat your personal and health information just like you would your banking or other confidential information. If you think your information may have been accessed by someone else, check your My HealtheVet Account History. Remember, you are in control of access to your personal health information. Make sure you protect it and keep it safe. 7 Website: http://www.myhealth.va.gov/http://www.myhealth.va.gov/

8. Example: Medicare Blue Button Safeguarding Your Data Language: Since you control access to your downloaded health information, it is your responsibility to protect it. You should treat your personal and health information just like you would your banking or other confidential information. Here are some important things to remember: –Download your data to a secure location. You may want to download your information to a CD or flash drive. Consider purchasing an encrypted flash drive for your information. You may also encrypt or require a password to access a CD. –If you want to send your information via e-mail, you should encrypt the message. –Keep paper copies in a safe and secure place that you can control. –If you think your information may have been downloaded by someone else, contact 1-800-MEDICARE. 8 Website: https://www.mymedicare.gov/#https://www.mymedicare.gov/#

9. Certification Consideration The Tiger Team considered EHR certification requirements in Stage 2, but felt that providers would want flexibility with respect to the type of guidance provided to patients. –Rationale: Requiring a certification “standard” could result in over-specification or create inflexibility. Instead, the Tiger Team opted to offer best practice guidance for providers participating in the Meaningful Use program (and the vendors and software developers who serve those providers) 9

10. Draft Recommendations for Best Practices 1.Providers participating in the Meaningful Use program should offer patients clear and simple guidance regarding use of the view and download functionality in Stage 2. –This should be offered at the time there is a desire to download and it should address the following three items: Remind patients that they will be in control of the copy of their medical information that they have downloaded and should take steps to protect this information in the same way that they protect other types of sensitive information. Include a link or links to resources with more information on such topics as the download process and how best to protect information. Obtain independent confirmation that the patient wants to complete the download transaction or transactions. 10

11. Draft Recommendations (cont.) 2.Providers should also consider whether to offer clear and simple guidance at the time of viewing a record. –Alerting patients to the potential risks of viewing sensitive information on a public computer, or on a screen visible to others, or failing to properly log out. 3.Providers should also request vendors and software developers to configure the view and download functionality in a way that no cache copies are retained after the view session is terminated. –ONC should also provide such guidance to vendors and software developers, such as through entities conducting EHR certification. 4.Providers can review the Markle Foundation policy brief, and the guidance provided to patients as part of the MyHealtheVet Blue Button and Medicare Blue Button, for examples of guidance provided to patients using view and download capabilities. 11