Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.

Published byJesse Aubrey Barton Modified over 8 years ago

Similar presentations

Presentation on theme: "HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009."— Presentation transcript:

1 HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009

2 2 Workflow 1.Review and comment on the Privacy and Security policy priority in the meaningful-use matrix, focusing on Goals, 2011 Objectives, and 2011 Measures –Present recommendations to HIT Standards Committee for conveyance to HIT Policy Committee 2.Map 2011 measures into specific features and functions within three categories: 1)Products that can be purchased (certified by CCHIT outside the real-life setting) 2)IT infrastructure necessary to enable the product to be meaningfully used 3)Operational environment in which the product will be used meaningfully

3 3 Workflow (continued) 3.Map features and functions to standards and certification criteria –Use Privacy and Security worksheet provided by ONC as starting point for EHR standards and certification criteria (category #1) –For categories #2 and #3, use HITSP TN900 as primary resource –Identify additional industry standards as needed 4.Recommend standards and certification criteria to ONC

4 Privacy and Security Policy Matrix - Goals GOALS (current) Ensure privacy and security protections for confidential information through operating policies, procedures, and technologies and compliance with applicable law Provide transparency of data sharing to patient GOALS (recommended) Protect individual privacy, care quality, patient safety, and population health Ensure privacy and security protections for Protect confidential information and essential EHR services through operating policies, procedures, and technologies, and compliance with applicable law Provide transparency of data sharing to patient

5 Privacy and Security Policy Matrix - Objectives 2011 OBJECTIVES (current) Compliance with HIPAA Privacy and Security Rules and state laws Compliance with fair data sharing practices set forth in the Nationwide Privacy and Security Framework 2011 OBJECTIVES (recommended) Compliance with HIPAA Privacy and Security Rules, ARRA privacy and security provisions, and state laws Compliance with fair data sharing practices set forth in the Nationwide Privacy and Security Framework Assure that EHR services and information are available when needed at the point of care

6 Privacy and Security Policy Matrix - Objectives 2011 OBJECTIVES (current) Compliance with HIPAA Privacy and Security Rules and state laws Compliance with fair data sharing practices set forth in the Nationwide Privacy and Security Framework 2011 OBJECTIVES (recommended - continued) Enable EHR data to be used for population health purposes, while minimizing privacy risks to individuals Assure that measures are attainable by small practices as well as large hospitals and integrated delivery networks

7 Privacy and Security Policy Matrix - Measures 2011 MEASURES (current) Full compliance with HIPAA Privacy and Security Rules An entity under investigation for a HIPAA privacy or security violation cannot achieve meaningful use until the entity is cleared by the investigating authority Conduct or update a security risk assessment and implement security updates as necessary 2011 MEASURES (recommended) Full compliance with HIPAA Privacy and Security Rules An entity under investigation by the HHS Office of Civil Rights for a HIPAA privacy or security violation cannot achieve meaningful use until the entity is cleared by the investigating authority a plan has been put in place to correct the fault and address the harm caused

8 Privacy and Security Policy Matrix - Measures 2011 MEASURES (current) Full compliance with HIPAA Privacy and Security Rules An entity under investigation for a HIPAA privacy or security violation cannot achieve meaningful use until the entity is cleared by the investigating authority Conduct or update a security risk assessment and implement security updates as necessary 2011 MEASURES (recommended - continued) Conduct or update a security risk assessment and implement security updates as necessary and as appropriate for the size of the enterprise Provide measures to assure the timely availability of services and information required for safe care delivery

9 Privacy and Security Policy Matrix - Measures 2011 MEASURES (current) Full compliance with HIPAA Privacy and Security Rules An entity under investigation for a HIPAA privacy or security violation cannot achieve meaningful use until the entity is cleared by the investigating authority Conduct or update a security risk assessment and implement security updates as necessary 2011 MEASURES (recommended - continued) Provide anonymized or pseudonymized health data to public health agencies

10 Next Step – Map Measures to Features & Functions Segment into three categories: 1)Products that can be purchased –Certified by CCHIT outside the real-life setting –e.g., user and entity authentication, access control, audit 2)IT infrastructure necessary to enable the product to be meaningfully used –e.g., identity management, secure email, system backup 3)Operational environment in which the product will be used meaningfully –e.g., authorization policies, audit review

11 From Measures to Standards & Certification 2011 Measures –E.g., Full compliance with HIPAA P&S Rules 2011 Features & Functions 1.EHR Products (CCHIT Criteria) 2.IT Infrastructure 3.Operations Standards –HITSP –NIST –ISO –OASIS –etc. Certification Criteria –HHS Criteria for EHR Reimbursement

Download ppt "HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009."

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
1 HIT Standards Committee Privacy and Security Workgroup: Reformatted Standards Recommendations & Implementation Guidance Dixie Baker, SAIC Steven Findlay,

1 HIT Standards Committee Privacy and Security Workgroup: Reformatted Standards Recommendations & Implementation Guidance Dixie Baker, SAIC Steven Findlay,
NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.

NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.
HIT Policy Committee Federal Health IT Strategic Plan April 13, 2011 Jodi Daniel, ONC Seth Pazinski, ONC.

HIT Policy Committee Federal Health IT Strategic Plan April 13, 2011 Jodi Daniel, ONC Seth Pazinski, ONC.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Series 1: “Meaningful Use” for Behavioral Health Providers 9/2013 From the CIHS Video Series “Ten Minutes at a Time” Module 10: HIPAA Privacy & Security.

Series 1: “Meaningful Use” for Behavioral Health Providers 9/2013 From the CIHS Video Series “Ten Minutes at a Time” Module 10: HIPAA Privacy & Security.
NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.

NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.
Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.

Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.

Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.
1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.

1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.
HITSP – enabling healthcare interoperability 1 enabling healthcare interoperability 1 Standards Harmonization HITSP’s efforts to address HIT-related provisions.

HITSP – enabling healthcare interoperability 1 enabling healthcare interoperability 1 Standards Harmonization HITSP’s efforts to address HIT-related provisions.
Interoperability Roadmap Comments Package Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair February 24, 2015.

Interoperability Roadmap Comments Package Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair February 24, 2015.
Security Controls – What Works

Security Controls – What Works
Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.
HITSP – enabling healthcare interoperability 1 enabling healthcare interoperability 1 Standards Harmonization HITSP’s efforts to address HIT-related provisions.

HITSP – enabling healthcare interoperability 1 enabling healthcare interoperability 1 Standards Harmonization HITSP’s efforts to address HIT-related provisions.
User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.

User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.
ONC Policy and Program Update Health IT Standards Committee Meeting July 17, 2013 Jodi Daniel Director, Office of Policy and Planning, ONC 0.

ONC Policy and Program Update Health IT Standards Committee Meeting July 17, 2013 Jodi Daniel Director, Office of Policy and Planning, ONC 0.
Minnesota Law and Health Information Exchange Oversight Activities James I. Golden, PhD State Government Health IT Coordinator Director, Health Policy.

Minnesota Law and Health Information Exchange Oversight Activities James I. Golden, PhD State Government Health IT Coordinator Director, Health Policy.
August 12, 20151 Meaningful Use *** UDOH Informatics Brown Bag Robert T Rolfs, MD, MPH.

August 12, Meaningful Use *** UDOH Informatics Brown Bag Robert T Rolfs, MD, MPH.

Similar presentations

Ads by Google