Electronic Health Information Exchange: Privacy & Security

The following information is reproduced from HHS website:

Privacy and Security and Health Information Technology Electronic health information exchange promises an array of potential benefits for individuals and the U.S. health care system through improved clinical care and reduced cost. At the same time, this environment also poses new challenges and opportunities for protecting individually identifiable health information. In health care, accurate and complete information about individuals is critical to providing high quality, coordinated care. If individuals and other participants in a network lack trust in electronic exchange of information due to perceived or actual risks to individually identifiable health information or the accuracy and completeness of such information, it may affect their willingness to disclose necessary health information and could have life-threatening consequences. Coordinated attention at the Federal and State levels is needed both to develop and implement appropriate privacy and security policies. Only by engaging all stakeholders, particularly consumers, can health information be protected and electronically exchanged in a manner that respects variations in individuals’ views on privacy and access. Privacy and Security Whitepaper Series Consumer Consent Options for Electronic Health Information Exchange: Policy Considerations and Analysis Cover Page and Executive Summary [PDF - 27 KB] Consumer Consent Options — Complete Whitepaper [PDF - 712 KB] Appendix A: State Model Table [PDF - 73 KB] Appendix B: State Law Table [PDF - 62 KB] Appendix C: Other Countries [PDF - 60 KB] Other Resources February 2010: Summary of Selected Federal Laws and Regulations Addressing Confidentiality, Privacy and Security [PDF – 158 KB] December 2008: The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information Health IT and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules State-level Privacy and Security Resources Draft Model Personal Health Record (PHR) Privacy Notice & Facts-At-A-Glance Medical Identity Theft Federal Laws and Regulations HHS announces Privacy and Security Framework and Toolkit

SPOTLIGHT Standards and Certification IFR   Meaningful Use   HIT Policy Committee   HIT Standards Committee

Certification of Health IT - Meaningful use of Certified EHR technology

Reproduced below are extracts from the ONC/HITECH HHS website:

Certification Programs NPRM

Certification of Health IT will provide assurance to purchasers and other users that an EHR system, or other relevant technology, offers the necessary technological capability, functionality, and security to help them meet the meaningful use criteria established for a given phase. Providers and patients must also be confident that the electronic health IT products and systems they use are secure, can maintain data confidentially, and can work with other systems to share information.  Confidence in health IT systems is an important part of advancing health IT system adoption and allowing for the realization of the benefits of improved patient care.

Eligible professionals and eligible hospitals who seek to qualify for incentive payments under the Medicare and Medicaid EHR Incentive Programs are required by statute to use Certified EHR Technology.  Once certified, Complete EHRs and EHR Modules would be able to be used by eligible professionals and eligible hospitals, or be combined, to meet the statutory requirement for Certified EHR Technology.

To this end, an NPRM proposing the establishment of certification programs for purposes of testing and certifying health information technology was issued in March 2010 with a request for comments. The NPRM proposes:

• A temporary certification program to assure the availability of Certified EHR Technology prior to the date on which health care providers seeking the incentive payments would begin to report demonstrable meaningful use of Certified EHR Technology.
   
• A permanent certification program to replace the temporary certification program. 

Please see the presentation slides at:
http://healthit.hhs.gov/portal/server.pt/gateway/PTARGS_0_11673_911192_0_0_18/CertificationNPRM_webinar032510.pdf

Self Encrypting Drives and TPM (Trusted Platform Modules)

At RSA 2010, Wave Systems Corporation showcases Self Encrypting Drives and Trusted Platform Module capabilities of PC hardware that can be managed using Wave software:

http://www.marketwire.com/press-release/Wave-Showcase-Advanced-Management-Capabilities-Self-Encrypting-Drives-Dell-HP-Lenovo-NASDAQ-WAVX-1122254.htm

Wave Systems Corporation NASDAQ: WAVX) (www.wave.com)

Strategic Health IT Advanced Research Projects - SHARP Program from ONC/HITECH, HHS

Research and Innovation that Translates into Practice

A Message from Dr. David Blumenthal, National Coordinator for Health Information Technology  

April 2, 2010

Our quest to improve the health of Americans and the performance of our health care system depends critically on the use of electronic health records(EHRs) and the electronic exchange of health information. The Office of the National Coordinator for Health Information Technology (ONC) has created a solid foundation of programs and initiatives to support health care practitioners and hospitals in implementing meaningful use of certified EHR technology, but we are admittedly at the beginning of our journey. ONC is keenly aware that technology needs to continuously advance, bringing new solutions that will make it even more beneficial. While I’m proud of what ONC has achieved so far, I’m humbled by the size of the task still in front of us. The HITECH Act — in its very design — clearly recognized a need for progressive and innovative thinking to overcome barriers and ensure the long-term viability of our health care system. 

To this end, today ONC launched a major initiative aimed at promoting research and innovation. Four  renowned institutions — Mayo Clinic of Medicine,Harvard University, University of Texas Health Science Center at Houston,  and University of Illinois at Urbana-Champaign — were awarded research grants totaling $60 million through the Strategic Health IT Advanced Research Projects (SHARP) program.

Each institution’s research projects will identify short-term and long-term solutions to address key challenges, including ensuring the security of health IT (University of Illinois at Urbana-Champaign), enabling patient-centered cognitive support for clinicians (The University of Texas Health Science Center at Houston), making progress toward new health care application and network-platform architectures (Harvard University), and promoting the secondary use of EHR data while maintaining privacy and security (Mayo Clinic of Medicine).

These projects will be conducted by multidisciplinary teams led by recognized public and private sector leaders in health, including  researchers, the technology industry, and health care providers. The results of these diverse teams’ work will be translated into practice to produce innovative health IT solutions that can be deployed nationwide.  This is not ivory tower research; its goal is to quickly infuse the dynamic health IT sector with new thinking, ideas, and solutions.

The SHARP grants announced today represent an important investment in the long-term future of health care for our nation. I am excited by the promise of these projects to fundamentally change the trajectory of health IT in support of better health and care.

Sincerely,

David Blumenthal, M.D., M.P.P. National Coordinator for Health Information Technology
U.S. Department of Health & Human Services

HIMSS-2010- Keynote Address by Dr. David Blumenthal, National Coordinator for Health IT

In his keynote address, Dr. David Blumenthal, the National Coordinator for Health IT, gives an overview of the policies and programs of the ONC for Health IT, in compliance with the HITECH, Act, 2009. He mentions the tasks of the policy, standards and certification committees in the various steps towards drafting and finalizing regulations to comply with the HITECH Act for electronic health records (EHR) and in health information exchange. He also mentions about the role of the Privacy and Security Workingroup to deal with privacy and security issues of electronic health information systems dealing with storage and exchange of health information. He also mentions the work being done in setting up a National Health Information Network (NHIN) with prototypes tested by VA Hospital Network and the Kaiser Health Systems. He feels that the HITECH Act and the regulations that are being finalized with take health care to the 21st century using Health Information Technology or Health IT.

Health Information Technology

The HITECH Act of 2009 has focused attention of health care providers and payers and health care entities to the importance of the application of information technology to health care delivery. In the Stimulus Bill (American Recovery and Reinvestment Act, 2009 also known as ARRA) that was passed on February 17, 2009, $22B was allocated for health care investments. Out of this $19.2 Billion is to promote electronic health records (EHR) and their use by physicians and hospitals. What is known as HITECH Act 2009 or Health Information Technology for Economic and Clinical Health Act is part of ARRA and is specified in Title XIII/Division A, pages 112-165 and Title IV, Division B, pages 353- 398.

HITECH Act, 2009 promotes use of health information technology. The Office of National Coordinator for Health Information Technology (ONC/HIT) that is legally mandated by the HITECH Act, will function under the Department of Health and Human Services (HHS). ONC/HIT will be responsible for HIT policy and standards at the national level. This will include a policy framework for development and adoption of a nationwide health information infrastructure and standards for exchange of patient medical information. ONC will also be responsible for implementation specifications and for developing the certification criteria for electronic exchange and use of health information.

A useful link is Hitech Answers