1 / 13

Privacy and Security Workgroup

Privacy and Security Workgroup. Deven McGraw, chair Stan Crosley , co-chair. October 14, 2014. Agenda. Member Introductions Charge Overview Structure Core Values Workplan Items High-level Workplan PSWG 2014 Schedule Outcomes & Impact. PSWG Overview: Membership. Charge.

Download Presentation

Privacy and Security Workgroup

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Privacy and Security Workgroup Deven McGraw, chair Stan Crosley, co-chair October 14, 2014

  2. Agenda • Member Introductions • Charge • Overview • Structure • Core Values • Workplan Items • High-level Workplan • PSWG 2014 Schedule • Outcomes & Impact

  3. PSWG Overview: Membership

  4. Charge • The Privacy and Security Workgroup will provide input and make recommendations on policy issues and opportunities to ensure that information captured and exchanged electronically is protected and shared consistent with consumer needs and expectations. • The Workgroup will proactively identify topics for recommendations and be responsive to other workgroups to address privacy and security issues that are critical to workgroup deliberations. • Examples of issues to be considered include, but are not limited to • Topics to address interoperability goals/challenges • Big Data and privacy in healthcare

  5. PSWG Overview: Structure • The PSWG was formed in 2010 • Formerly called the Privacy and Security Tiger Team • Objective: enable quick progress in advising ONC on critical privacy and security issues regarding the adoption of electronic health records (EHR) and health information exchange (HIE). • See additional information on the Workgroup at: http://www.healthit.gov/facas/health-it-policy-committee/hitpc-workgroups/privacy-and-security-workgroup • Structure (public/private membership):

  6. PSWG Overview: Core Values • The relationship between the patient and his or her health care provider is the foundation for trust in health information exchange, particularly with respect to protecting the confidentially of personal health information. • As key agents of trust for patients, providers are responsible for maintaining the privacy and security of their patients’ records. • We must consider patient needs and expectations. Patients should not be surprised about or harmed by collections, uses, or disclosures of their information. • Ultimately, for health information exchange to successfully improve patient health and health care, we need to earn the trust of both consumers and physicians.

  7. Workplan Items • Workgroup Kick-Off • Big Data and Privacy in Health Care • Legal and technical challenges related to the privacy and security of big data in healthcare • Create recommendations for a legal and technical framework that would help protect and secure data • Federal HIT Strategic Plan • MU3 NPRM • Published version of Interoperability Roadmap • Minors/Adolescents/Young Adults and Consent

  8. High-level Workplan

  9. Privacy and Security Workgroup2014 Schedule

  10. Outcomes & Impact: Sample Implementation in Policy and Technical Assistance July 2010 ONC releases Security Risk Assessment Tool to Regional Extension Centers (RECs) providing technical assistance to professionals. HHS releases final MU Stage 1 Rule requiring professionals and hospitals to attest to conducting or reviewing security risk assessment in order to receive payment. HITPC recommendation: Include in MU Stage 1 requirement that eligible professionals and hospitals conduct a security risk assessment under HIPAA. ONC should provide appropriate guidance.

  11. Outcomes & Impact: Influence ONC Program Guidance • Program Guidance examples include: • State Health Information Exchange (HIE) –Program Information Notice (PIN) - 002: Requirements and Recommendations • HIE – PIN – 003: Privacy and Security Framework Requirements

  12. Outcomes & Impact: ONC Projects Influenced by Recommendations • Data Segmentation for Privacy (DS4P)* • eConsent Trial Project* • Mobile Device Provider Education • Notice of Privacy Practices (NPP) Project* • Provider and Staff Security Video Games* • mHealth Consumer/Patient Research • Exemplar Health Information Exchange Governance Entities Program (Program) Funding Opportunity • The Query Health Initiative • The Direct Project • Blue Button FAQS* • Data Provenance *Indicates project was initiated in direct response to PSWG recommendations.

  13. Outcomes & Impact Explore the role ONC plays when it comes to inspiring confidence and trust in health IT to improve patient care: Privacy & Security Executive Summary First Annual Summary of Privacy and Security Activities Privacy & Security Infographic http://www.healthit.gov/policy-researchers-implementers/everyone-has-role-protecting-and-securing-health-information

More Related