Upload
jeffery-summers
View
212
Download
0
Embed Size (px)
Citation preview
Navigating Privacy and SecurityIssues for HIE: A Consumer Perspective
Deven McGrawChief Operating OfficerNational Partnership for
Women & Families
www.nationalpartnership.org
• A nonprofit, nonpartisan consumer advocacy organization in Washington, DC
Our Priorities:• Improve health care quality – Americans for
Quality Health Care project• Promote fairness in the workplace• Advance policies that help women and men
meet the dual demands of work and family.
Our interest in Health IT and HIE
• Health IT and electronic health information exchange hold great promise for realizing dramatic improvements in quality by helping to Reduce medical errors Ensure care is more evidence-based Get patients more involved in their own
care Facilitate measurement and public
reporting of provider performance.
Our involvement• Co-chair of AHIC Confidentiality,
Privacy and Security Workgroup• Member, AHIC Personalized Healthcare
Workgroup• Member, HITSP• NEW: Grant from the Markle
Foundation to engage consumer advocacy organizations in state HIT/HIE efforts & provide them with technical assistance
Barriers to Rapid Implementation
• Consumer/patient concerns about privacy and security. Many believe movement to electronic
records will result in greater risk to patient privacy.
Survey data shows that the public has significant privacy concerns
Promise of e-health won’t be realized unless we ensure adequate privacy and security standards are built in from the start.
Establishing E-Health Networks Presents Enormous Challenges
• Overcoming public distrust• Finding a sustainable business model
and/or securing sufficient financial resources
• Interoperability • Legal/policy uncertainties – HIPAA,
state law variations
National Consumer Principles• Individuals should have a means of
direct, secure access to e-health information.
• Individuals should know how their e-health information may be used and who has access to it.
• Individuals should have control over whether and how their information is shared.
National Consumer Principles (cont.)
• Systems for e-health data exchange must protect the integrity, security, privacy and confidentiality of an individual’s information.
• Governance and administration of e-health networks should be transparent and publicly accountable.
So, what about HIPAA?• Confusion about scope is widespread
Too many use HIPAA as excuse for not sharing health information
At the same time, many believe it is insufficient to protect privacy
In a policy vacuum, fears about insufficient privacy protection take center stage – little room for public debate about risks of not moving forward.
Facing the HIPAA Challenge
• Some options: Start over Do nothing – current law will suffice Clarify - & modify if necessary
(federal response) States still have the option to adopt
more stringent standards vs. single standard
AHIC CPS Workgroup
• Spring 2007: recommended to AHIC that HIPAA “covered entities” include all engaged in HIE (rejection of business associate model)
• Next steps: Should all HIPAA requirements apply to
all HIE entities equally? Do we need more than HIPAA in some
circumstances?
Involve Consumer Advocates in Health IT Discussions
• Consumer advocates should be part of the difficult discussions – particularly with respect to setting policies for privacy and security.
• Consumer advocates can mobilize their constituencies and provide the “push” needed to get systems implemented.
• Not including consumers in the discussion could jeopardize success of the project.