1 / 30

purpose of this template

jaden
Download Presentation

purpose of this template

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


    2. [Cover a range of topics here related to privacy, including consumer consent to participate in HIE][Cover a range of topics here related to privacy, including consumer consent to participate in HIE]

    3. What is the Arizona Health Privacy Project? 34 states and territories (including Arizona) awarded federal grants to evaluate privacy and security issues in electronic health information exchange (HIE) Identify privacy and security practices that affect HIE Propose solutions and develop implementation plans to remove barriers to HIE Collaborate through regional and national meetings to develop solutions with broader application Based on this assessment, Arizona Health-e Connection will identify practical ways to enable HIE, while protecting the privacy and security of health information

    4. Arizona Health Privacy Project Project Team Kim Snyder Arizona Government Information Technology Agency Nell Lawrence Arizona Government Information Technology Agency Kristen Rosati Coppersmith Gordon Schermer & Brockelman PLC Ajay Vinze ASU Center for Advancing Business through Information Technology (CABIT) Benjamin Shao ASU CABIT Harvey Shrednick ASU CABIT Raghu Santanam ASU CABIT Minu Ipe ASU CABIT Orneita Burton ASU CABIT

    5. Arizona Health Privacy Project Chairs and Facilitators of Work Groups Variations Work Group Rick Potter, Health Services Advisory Group (Chair) Harvey Shrednick, CABIT (Facilitator) Solutions and Implementation Work Group Mike Stearns, formerly at Scottsdale Healthcare (Chair) Raghu Santanam, CABIT (Facilitator) Legal Work Group Kristen Rosati , Coppersmith Gordon Schermer & Brockelman PLC (Chair) Bill Pike, Carondelet (Facilitator) Education Work Group Anne Winter, United Health Care (Chair) Ajay Vinze, CABIT (Facilitator)

    6. Volunteers! Hundreds of people volunteered on the Arizona Health Privacy Project workgroups THANK YOU!! Now that the Arizona Health Privacy Project is formally coming to an end, Arizona Health-e Connection certainly will not end this outreach to volunteers and particularly to consumers. We continue to welcome the guidance and input from consumers in how the health information exchange should protect the privacy of their health information.Now that the Arizona Health Privacy Project is formally coming to an end, Arizona Health-e Connection certainly will not end this outreach to volunteers and particularly to consumers. We continue to welcome the guidance and input from consumers in how the health information exchange should protect the privacy of their health information.

    7. The Process The Arizona Health Privacy Project was operating under the ground rules set by AHRQ and its subcontractors RTI and the National Governor’s Association. Unfortunately, the required process was a bit bureaucratic and unwieldy, but we thankfully ended up with some very useful information. Also, getting all of these volunteers involved in the process served probably the most important underlying goal—getting the stakeholders—consumers, health care providers, and insurance companies-- involved in the process One of the frustrations for the project leaders about the required processes is that we were prohibited from doing surveys of Arizona stakeholders– apparently the federal Paperwork Reduction Act prohibited suveys under this grant. We were particularly excited about the involvement of ASU and CABIT because of their expertise in survey development and their ability to conduct research. But we were able to convene focus groups to collect information about what Arizona providers and plans’ security and privacy business practices, and CABIT did a great job at that process. Here is a quick view of the required process we applied, and then Harvey and Raghu form CABIT will provide more details for you.The Arizona Health Privacy Project was operating under the ground rules set by AHRQ and its subcontractors RTI and the National Governor’s Association. Unfortunately, the required process was a bit bureaucratic and unwieldy, but we thankfully ended up with some very useful information. Also, getting all of these volunteers involved in the process served probably the most important underlying goal—getting the stakeholders—consumers, health care providers, and insurance companies-- involved in the process One of the frustrations for the project leaders about the required processes is that we were prohibited from doing surveys of Arizona stakeholders– apparently the federal Paperwork Reduction Act prohibited suveys under this grant. We were particularly excited about the involvement of ASU and CABIT because of their expertise in survey development and their ability to conduct research. But we were able to convene focus groups to collect information about what Arizona providers and plans’ security and privacy business practices, and CABIT did a great job at that process. Here is a quick view of the required process we applied, and then Harvey and Raghu form CABIT will provide more details for you.

    8. The Process

    9. LEGAL WORK GROUP (LWG)

    10. Legal Work Group Findings Some Arizona laws and regulations may interfere with HIE Genetic testing information, A.R.S. § 12-2801, et seq. and A.R.S. § 20-448.02, et seq. Communicable disease information: A.R.S. § 36-661 et seq., A.R.S. § 20-448.01 and A.A.C. R20-6-1204 Mental health information, A.R.S. § 36-501, et seq. AHCCCS member information regulations: A.A.C. R9-22-512 Adult Day Health Care Facility records regulation: A.A.C. R9-10-511(C) Medical records subpoena statute: A.R.S. § 12-2294.01

    11. Legal Work Group Findings Some Arizona laws may be required to encourage HIE Immunity from liability for participants in e-health data exchange that follow best privacy and security practices Enforcement statute with penalties for participants who do not follow the access rules for the exchange, as well as unauthorized individuals that have not been granted access

    12. Legal Work Group Subgroups Nine subgroups are working on proposals for legislative/regulatory changes: (1) Genetic testing statutes: Ira Berkowitz, St Joseph’s Hospital and Medical Center (2) Communicable disease information statutes and regulations: Laura Carpenter (3) Drafting amendments to the mental health information statute: Bob Sorce, Arizona Attorney General’s Office, representing Department of Health Services

    13. Legal Work Group Subgroups Nine subgroups continued: (4) AHCCCS member information regulations: Matt Devlin, AHCCCS (5) Adult Day Health Care Facility records regulation (6) ADHS disclosure of immunization information: Beth Dietz, Arizona Attorney General’s Office, representing ADHS (7) Medical records subpoena statute: Bonnie Petterson, Phoenix College and Brigid Holland, Navapache Regional Medical Center

    14. Legal Work Group Subgroups Nine subgroups continued: (8) Immunity statute for participants in e-health data exchange: Ira Berkowitz (9) Enforcement statute with penalties for participants who do not follow the access rules for the exchange, as well as unauthorized individuals that have not been granted access: Barbara Hess, Pinal/Gila County Long Term Care

    15. Legal Work Group Subgroups Your involvement is encouraged!

    16. VARIATIONS WORK GROUP (VWG)

    17. Assessment Process of Business Practices

    18. Variations Work Group: Business Practices 18 factual scenarios about health information exchange were provided by RTI Six volunteer focus groups convened to identify business practices used to handle each factual scenario Representatives from consumer advocacy organizations, hospitals, specialized facilities, physician offices, insurance companies, public health Over 200 business practices identified!

    19. Stakeholder Representation and Outreach

    20. “Barriers” and “Non-barriers” Business Practices were coded as a “barrier” or “non-barrier” to information exchange “Non-barrier” practices were defined broadly as those that were: consistent with Arizona law permit interoperability (exchange between providers) easy to put into practice “Barriers” were practices that make electronic information exchange challenging Coding a practice as a barrier ‘flagged’ that practice for further review by Legal Working Group and Solutions Working Group

    21. VWG Major Findings Variations in business practices principally centered around mode of communication, security procedures, and interpretation of HIPAA regulations Variations in communications media create difficulties in information exchange Non-uniform implementation of encryption technology is a concern in electronic methods of information exchange Organization size and associated financial constraints pose barriers to information exchange as a result of lack of investments in implementing technologies for information safeguards Organizations interpret HIPAA “reasonable safeguards” guidelines inconsistently

    22. Variations in practice cause barriers to HIE Different information transmission security or exchange protocols Different administrative or physical security safeguards Different information use and disclosure policies Lack of appropriate information sharing protocols between the state public health department and the 22 Native American tribes in the state

    23. SOLUTIONS AND IMPLEMENTATION WORK GROUPS (SWG & IPWG)

    24. Solutions Work Group Objectives

    25. Solutions Work Group Analysis Critical barriers identified for deliberation: Reviewed barriers within “as-is” business practices that make HIE challenging Brainstormed and collected potential solutions to barriers Highlighted identified solutions and best practices Identified issues for follow-up in implementation Identified practices with no solutions

    26. Identification of Barriers to HIE Legal (covered earlier) Business Variations in interpretation of HIPAA guidelines Financial constraints of smaller organizations Technology Authorization, authentication, access control, audit Protection of information from unauthorized/improper modification when transmitted electronically

    27. Major Barriers Health care organizations in Arizona use different media to share critical information. These multiple communication methods cause challenges in responding to information requests. Health care organizations interpret the HIPAA regulations inconsistently and implement safeguards that may be either overly restrictive or lax. These differences in interpretation pose a barrier to e-health data exchange. Health care organizations in Arizona face different financial constraints on whether, or how much, they invested in technologies such as encryption and secure emails to protect patient information.

    28. SWG Recommendations Over 25 distinct (and related) solutions were recommended Examples: Use RHIOs to develop consensus on role-based authorization standards for all entities in the network Centralized provider directory within the state Use certification authorities (such as Certification Commission for Healthcare IT (CCHIT)) to establish criteria for ensuring secure information exchange Explore uniform adoption of technology solutions such as Digital Signatures, biometrics, etc.

    29. Implementation Work Group Objectives To document practical approaches and actionable steps for implementing solutions Planning assumptions and decisions Project ownership and responsibilities Project scope

    30. IPWG Recommended Projects

    31. Next Steps Recommendations are the first steps in addressing the privacy and security issues facing Arizona Suggest integration into the Arizona Health-e Connection implementation roadmap EMR-Lite Master Provider Index

    32. Perspectives of the Stakeholders Arizona Health Privacy Project Work Group Members: Mary Beth Joublanc Arizona Department of Health Services Wendy Dietrich Benz Raising Special Kids Theresa Wall Native American Public Health Cleo Long Arizona Senior Care

    33. Questions?

More Related