1 / 13

Robert F. St. Peter, M.D. President and CEO Kansas Health Institute

Kansas Privacy and Security Update AHRQ Annual Research Meeting Washington, DC • September 27, 2007. Robert F. St. Peter, M.D. President and CEO Kansas Health Institute. Kansas HIE Initiatives Overview. RWJ Information Links Grant. KS Privacy and Security (I) Project.

fritz
Download Presentation

Robert F. St. Peter, M.D. President and CEO Kansas Health Institute

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Kansas Privacy and Security UpdateAHRQ Annual Research MeetingWashington, DC • September 27, 2007 Robert F. St. Peter, M.D. President and CEO Kansas Health Institute

  2. Kansas HIE Initiatives Overview RWJ Information Links Grant

  3. KS Privacy and Security (I) Project • Project management team • Kansas Health Institute, Governor’s Commission • University of Kansas Center for Healthcare Informatics • Private attorneys • Process for assessing business scenarios and domains • Broad stakeholder input • Validation continuing today

  4. Major Themes • Wide geographic variations in business practices – many parts of rural Kansas have few physicians and hospitals, limited health resources, while some cities have considerable duplication • Few physicians’ offices are “wired,” there are no RHIOs, little electronicization outside urban areas • HIPAA has been fully integrated into all stakeholder practices – yet some consider it a barrier, some neutral, and some an aid • Some physician offices and hospitals have extensive policy manuals, others rely on common practices

  5. Major Barriers • Very little use of EMRs among physicians • Wide variety of non-interoperable software systems • Widely ranging interpretations of HIPAA • Varying policies on outside access to medical records complicates interoperability among different stakeholders • Obtaining patient consents, re-consents, authorizations of release is cumbersome

  6. Key Findings • Patient focus: • Clarify patient consent • Business Operations focus: • “Electronicization” • Weak policies • Narrow policies • Legal focus: • Weak understanding of the law • Antiquated state laws • Regional focus: • Multi-state solutions

  7. Solution Strategies • Patient focus: • Patient/Consumer education • Patient IDs, MPI and record locator services • Notifications, authorizations, access controls • Business Operations focus: • Promote adoption of electronic HIE through • “Learning communities” of providers • HIE/HIT Policy Initiative readiness assessment • Strengthen business policies and practices through • HIE Resource Center

  8. Solution Strategies – cont’d • Legal focus: • Consistent and comprehensive statewide interpretation of HIPAA • Identification of state laws and regulations needing modernization to create compliance with HIPAA • Lobby for creation of safe harbors • Regional focus: • Medical service area analysis • Coordination with border states, starting with Missouri • Immunization registries • CareEntrust initiative by employers

  9. KS Privacy and Security (II) Project • Legal Review • Catalog statutes and regulations related to health information privacy and security • Draft statutory language, specifying baseline privacy and security standards • HIT/HIE Privacy and Security Coordinating Entity and Educational Toolkit • Produce governance documents and principles acceptable to a majority of stakeholders for statewide implementation of health information privacy and security strategies. • Develop a curriculum targeted to a specific market segment, a teaching guide and a program evaluation plan.

  10. KS Privacy and Security (II) Teams • Planning team produces business plan for a self-sustaining institution with an explicit early focus on privacy and security • Convene stakeholders to identify business goals, markets, services, distribution channels. • Describe staffing, operations, business alliances, service pricing model (and other revenue sources), success measures • Design legal organizational structure and governance • Legal team drafts legal organizational documents • Recommend governance structure, including relationships to existing organizations, e.g. HIEC, KHPA

  11. Teams – cont’d • Curriculum team, in parallel with foregoing activities, develops HIE P&S Educational Toolkit as the first service offering of the Kansas HIE resource center • Educational objectives described by Planning team • Course content contributed by Legal team • Teaching strategies recommend by education experts • Multi-state collaboration teams • Harmonizing state privacy law: KS, ID, KY, MI, FL, NM, TX • Consumer education and engagement: KS, CO, GA, MA, NJ, NY, OR, WA, WV

  12. Plans for 2008 • Provide resources for 2008 legislative session • Continue detailed review of statutes and regs • Continue participation in multi-state collaborations to secure new funding for joint activities • Organize and staff the HIE Coordinating Entity • Roll out first education program for consumers • Continue development of additional curricula

  13. Kansas Health Institute Information for policy makers. Health for Kansans.

More Related