Upload
transformations-at-the-edge
View
214
Download
0
Embed Size (px)
Citation preview
8/8/2019 FIU Privacy and Security Panel
1/15
FIU Health Information Technology Initiative
http://hit.fiu.edu
April 28, 2010
NSF FIU-FAU Industry / University Cooperative Research Center
Tom M. GomezFIU HIT Initiative
Privacy & Security Considerations forHealth Information Exchange
Moderator Dan Russler, M.D.
http://hit.fiu.edu/http://hit.fiu.edu/8/8/2019 FIU Privacy and Security Panel
2/15
Page 2 of 15
Health Information Exchange (HIE)
HIEConcept
A Transparent and i n t e rope rab le hea lthcare ec osystem
HIEPractice
State HIE awards will also strongly encouragesta tes to consider partic ipating in theNationwide Health Information Network as anapproach to HIE. This would c rea te a pathwaytowa rd seamless, nationwide hea lth informa tion
exchange. 12Feb2010 - Dr. David Blumenthal, The NationalCoordinator for Hea lth Informa tion Tec hnolog y
Dan Russler, MD
8/8/2019 FIU Privacy and Security Panel
3/15
Page 3 of 15
Nationwide Health Information Network(NHIN)
NHIN A set of standards, services a nd polic ies that enable
sec ure Hea lth Informa tion Exchange (HIE) over theInternet
Pro vid e a fo und a tio n fo r the e xc h a ng e o f he a lth
information across diverse entities in communities acrossthe c ountry; critic a l pa rt of Na tiona l Hea lth ITAg end a
CONNECT Implements NHIN standa rds and governanc e Built by 20 federal agencies - managed by Federal
Health Architec ture (FHA) Open source software ga tewa y Supports Hea lth Information Exc hange (loc al & nationa l). Ensures HIEs are c om patible with other exc hanges
Steve Steffensen, MD & David Riley
8/8/2019 FIU Privacy and Security Panel
4/15
Page 4 of 15
Data Use & Reciprocal Support Agreement (DURSA)
DURSA
Develop ed by NHIN Cooperative Essentia l too l for trust in NHIN Single multi-p arty ag reement for NHIN partic ipants Based on existing body of law (fed eral, state, loc al) Consensus between federal, state & private entities Mandatory non-binding d ispute resolution
Alloc ation of liability risk
DURSA & HIPAA
DURSA meets requirements and has meaning of HIPAARegulations and other applicab le laws
Not meant to be used as HIPAA or other CE/ BAagreement.
NHIN Lim ite d Pro d uc tion Exc ha ng e (LPE) Participants
Suc cess StoriesSteve Steffensen, MD & David Riley
8/8/2019 FIU Privacy and Security Panel
5/15
Page 5 of 15
Sta ke Hold e rs
DoD
VA Kaiser Permanente Oversight from IPO and FHA
C urre nt Sta tus NHIN Produc tion since January 2010
Opportunitiesfor Quality Improvements Expand type of content Integration of Virtua l Lifetime Elec tronic Record (VLER) Speed and Scalability of available OSBUS
Priva c y & Se c urity C o nsid e ra tions
Digital Consent (TP 20 with XSPA/ XACML) DIACAP, NIST, HIPAA, and FISMA complianc e Service level coordination within DoD (Army, Navy, AF).
DoD/VA Sharing with Private Sector
Steve Steffensen, MD
8/8/2019 FIU Privacy and Security Panel
6/15
Page 6 of 15
Sta ke Hold e rs
Soc ial Sec urity Administration MedVirginia
C urre nt Sta tus NHIN Produc tion sinc e February 2009
Opportunitiesfor Quality Improvements Limit range of information Expand type of content Directed Query
Priva c y & Se c urity Co nsid e ra tions
Patient Authorization
SSA and MedVirginia
Marty Prahl
8/8/2019 FIU Privacy and Security Panel
7/15
Page 7 of 15
Au tho rized Re le a se o f Info rm a tion t o a Truste d Entity
SSA Disa b ility Sta tistic s
Sta ke ho ld er Be ne fits
Expanding from MedVirginia to Multiple Locations
SSA Generalized Use Case
Marty Prahl
8/8/2019 FIU Privacy and Security Panel
8/15
Page 8 of 15
Sta ke Ho ld e rs
140 individual physic ians, group prac tic es, and hospita ls A nine-county servic e area
Curre nt Sta tus Providing patient c are
Op p ortunities for Qua lity Im p rov em ents in p rog ress
Improve ava ilab ility o f lab results, d ig ita l images,med ications, history & physicals, discharge summaries,
transcriptions Crea te a framework of c linic al quality improvement HITEC consortium evaluating e-presc ribing and MD
behaviors Priva c y & Se c urity Co nsid e ra tions
Only authorized medical professionals can access patientinformation
Doctors will not see patient information unless patient givesconsent
Patient signs a paper consent form when visiting a doctorwho uses Rochester RHIO
Greater Rochester RHIO
Sreedhar Potarazu, MD
8/8/2019 FIU Privacy and Security Panel
9/15
Page 9 of 15
Sta ke Hold e rs Hartford Healthcare Corporation THICC Ca re p rovider based HIO eHealth Connec ticut existing HIO
Curre nt Sta tus
Dep artment of Soc ial Services Pilot Department of Public Health State Designated Entity
Looking at ways to extend to ambulatory settings
Opportunitiesfor Quality Improvements
HIEis expec ted to improve EHRadoption Prem ier translationa l resea rch fac ilities/ resouc es
Improve rea l and perc eived quality of care
Priva c y & Se c urity Co nsid e ra tions
Sec ure patient consent at every visit What if there is no c entra l entity (529 contrac ts)
How will THICC shoulder risk and mitigation
Transforming Healthcare in Connecticut Communities
Alesha Adamson
8/8/2019 FIU Privacy and Security Panel
10/15
Page 10 of 15
Sta ke Hold e rs
CMS AHRQ NIH All insurance c ompanies The Americ an people
Goals Crea te systems for the effic ient reuse of HIGH QUALITY c linical
da ta cap tured for c linical c are Answer questions that ethical ly or pract ical ly are not
amendable to patient level RCTs
Create a system for prospec t CERstudies Translate and d issem inate resea rc h find ings to c linic al setting Crea te a learning c ommunity
National Infrastructure for Clinical Translational Research
Wilson Pace, MD
8/8/2019 FIU Privacy and Security Panel
11/15
Page 11 of 15
Opportunitiesfor Quality Improvements
HIGH QUALITY data for resea rc h requires high qualitycare through CDSdrive for guideline c onc ordant c are
Demonstrate how new data can improve care whileimp roving data for CER
Obliterate the line between Step 3 translation anddissemination
Priva c y & Se c urity C o nsid e ra tions
Large volume of highly sensitive data potentiallyavailable
Federated nature of the system mea ns data prima rily
stays with in each organization Organizations op t in or op t out study by study Data transformations easily conducted to decrease re-
identification risk Patient leve l inc lusion is com plex no c onsent, opt-out,
opt-in
National Infrastructure for Clinical Translational Research
Wilson Pace, MD
8/8/2019 FIU Privacy and Security Panel
12/15
Page 12 of 15
Sta ke Hold e rs
Patients (individually)
Providers (inc l. a ll levels of prac titioner) Payers (pub lic , private) Researchers (inc l. public health) Citizens (pa tients collec tively, taxpayers, voters)
Programsand ExogenousFactors
NHIN, ARRA/ HITECH, HIPAA/ HITECH Hea lth c are reform (pub lic ) Hea lth sec tor reo rganization (priva te)
Priva c y & Se c urity C o nsid e ra tio ns Ethic a l vie w p o int Transparenc y about goals about benefits
about costs and risks Op p o rtun ities for inc o rp o ra ting HIE / DURSA
[S]tand ards, services and trust fab ric [s] like DURSA Intra-HC education beyond the NPP Extra-HC c itizen ed ucation
Ethics Programs
Reid Cushman, PhD
8/8/2019 FIU Privacy and Security Panel
13/15
Page 13 of 15
Se le c te d Co nse nt Po lic y Mo d e ls
No c onsent (HIPAA Trea tment, Paym ent, Operations only) Opt-out (patient allowed to dec line all op tiona l permissions) Opt-out with exc ep tions Opt-in (patient allowed to ac c ep t a ll op tiona l permissions) Opt-in with restrictions
Sa m p le Im p lem enta tions Delaware* & Indiana - No consent Delaware*, Maryland, Tennessee , Virg inia - Opt out New York, Rhode Island , Massac husetts - Opt-in
Exe m p la rs - Ca re Sp a rk (Virg inia & Te nne sse e ) Educate community Opt-out with notice
Consent
Panel
P 14 f 15
8/8/2019 FIU Privacy and Security Panel
14/15
Page 14 of 15
What isthe role of the Chief Privacy Officer (CPO)?
Who should be represented in HIO privacy policy decisions?
Who should rev iew p ot ential HIO p riva c y p olic y b rea c hes?
Ho w sho uld the CPO m a na g e HIE / NHIN c o nsid e ra tio ns?
Ho w sho uld the CPO m a na g e HIE / NHIN c o nsid e ra tio ns?
Considerations for the Chief Privacy Officer
Panel
P g 15 f 15
8/8/2019 FIU Privacy and Security Panel
15/15
Page 15 of 15
Next Steps
Lets continue the discussion in ourSouth Florida Community!!
http://hit.fiu.eduTom M. GomezFIU HIT Initiative
http://hit.fiu.edu/http://hit.fiu.edu/