1 / 15

Session 4 – Panel What Is Special About My Application? A Health and Healthcare Perspective

Session 4 – Panel What Is Special About My Application? A Health and Healthcare Perspective. April 14, 2009 | 4:00 – 5:30 pm Presenter Walter G. Suarez, MD, MPH President and CEO, Institute for HIPAA/HIT Education and Research President, Public Health Data Standards Consortium

mardi
Download Presentation

Session 4 – Panel What Is Special About My Application? A Health and Healthcare Perspective

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Session 4 – PanelWhat Is Special About My Application?A Health and Healthcare Perspective April 14, 2009 | 4:00 – 5:30 pm Presenter Walter G. Suarez, MD, MPH President and CEO, Institute for HIPAA/HIT Education and Research President, Public Health Data Standards Consortium Co-Chair, HITSP Security, Privacy and Infrastructure Technical Committee

  2. Basic Concepts • What is Privacy (of health information)? • An individual's (or organization's) right to determine whether, what, when, by whom and for what purpose their personal health information is collected, accessed, used or disclosed • What is Security (of health information)? • A defined set of administrative, physical and technical actions used or taken to protect the confidentiality, availability and integrity of health information Source: HITSP Vocabulary – modified and expanded from 45 CFR 164.304

  3. Basic Concepts • Confidentiality • The property that data or information is not made available or disclosed to unauthorized persons or processes • Integrity • The property that data or information has not been altered or destroyed in an unauthorized manner • Availability • The property that data or information is accessible and usable upon demand by an authorized person Source: 45 CFR 164.304

  4. Patient with sensitive conditions (AIDS, mental health) Patient’s ability to control granular levels of health information (who can access what, when, for what purpose; selective restriction of access; opt-in/opt-out) Patient asks for accounting of disclosures Patient that retracts/changes an existing consent Need to allow access on emergency situations (‘Break the Glass’) VIP (politician, movie star, sports figure) Domestic violence victims Daughter with sensitive tests hidden from Parent Privacy and Security Scenarios

  5. What is Special about Health and Healthcare (1) • Medical records among the most sensitive information about a person • Health care is an information-driven field • Everything about the health care system involves information • Information is much more complex than other industries (amount, type, frequency) • Health information is central to the doctor-patient relationship • Privacy and security of health information are central to the doctor-patient relationship

  6. What is Special about Health and Healthcare (2a) • Health care is a complex system, when it comes to health information • Many actors (patient, provider, health plan, employer, government, public health, researchers, vendor, etc) • Various types of information (demographic, clinical, financial) • Many processes related to health information (collection, creation, maintenance, access, use, disclosure) • Many devices associated with, and used in the care of patients (hospital/medical devices, home monitoring devices, others) • Various ways of delivering care (in person, remotely/telemedicine, interactively)

  7. What is Special about Health and Healthcare (2b) • Health care is a complex system, when it comes to health information (cont) • Different purposes (treatment, payment, operations, public health, research, judicial, legal, etc) • Many places where health information reside • Lack of common identifiers and other standards • Patient IDs (each provider, each payer) • Provider IDs (although being simplified with the implementaiton of the National Provider Identifier) • Payer IDs • Vendor IDs • Medical Device IDs

  8. What is Special about Health and Healthcare (3a) • Many laws • Federal laws, including HIPAA, Privacy Act, Education Records Law, Mental Health Records Laws, Public Health information laws • State laws – patchwork of varying types and levels of state privacy laws, few addressing health privacy and security in a comprehensive fashion • Different policies and practices created and used by organizations • Many go above and beyond what federal/state laws require

  9. What is Special about Health and Healthcare (3b) • Laws provide rights to consumers to control their information (through Consumer Consent and Patient Authorization) • Laws provide for boundaries/restrictions on what entities that collect, access, use and disclose health information can do with it • Laws also required certain security protections be implemented by entities on the health information they collect, maintain, use or disclose

  10. What is Special about Health and Healthcare (4) • Increasing complexities • Expanded use of electronic health records • Increased electronic communications between patients and the health care system (i.e., websites, email) • Electronic networks (Regional Health Information Exchanges, NHIN) • Evolving personal health records • Different levels of ‘sensitive’ health information

  11. What is Special about Health and Healthcare (5) • Inter-jurisdictional Portability • Consumer privacy consent laws and requirements, and consumer privacy desires and directives in one jurisdiction may not be legally applicable/enforceable in another jurisdiction • An entity operating in one jurisdiction uses and discloses health information based on its own policies and procedures, created to meet consent requirements under that jurisdiction • When information is disclosed to a different entity in another jurisdiction, the receiving entity applies its own policies and procedures to the received data, which where created to meet consent requirements under the receiving entity’s jurisdiction

  12. What is Special about Health and Healthcare (6) • Cross-validation and verification of conflicting consents • What is the most recent/latest consent from a patient? • Does that override other consents for specific data, specific purpose? • Where can I find the various consents issued by a consumer to perform cross-validation and verification?

  13. What is Special about Health and Healthcare (7) • Security Requirements • Identification, Authentication • Various actors and systems • Patient, Providers, Payers, Others • Authorization, Access Controls • Who can collect, access, use, disclose what • Audit • Account for access, edit, delete, and other actions, by actor • Account for security threats • Secure data transport, non-repudiation, message encryption • Time-stamp

  14. Privacy and Security Interoperability – The Next Challenge Internal Security Policies, Procedures and Practices Secure System Architecture Internal Security Policies, Procedures and Practices Secure System Architecture Health Care System Health Care System Inter-organizational Exchange Intra-organizational Security, Privacy, Infrastructure Intra-organizational Security, Privacy, Infrastructure Security Privacy Infrastructure

  15. Contact Information Walter G. Suarez, MD, MPH President and CEO Institute for HIPAA/HIT Education and Research (703) 354-0042 walter.suarez@sga.us.com

More Related