Health Information Security and Privacy Collaboration (HISPC): Calming the Waters Across State Lines Presented by Barbara L Massoudi, MPH, PhD RTI International Presented at Capitol Hill Steering Committee on Telehealth - PowerPoint PPT Presentation

Loading...

PPT – Health Information Security and Privacy Collaboration (HISPC): Calming the Waters Across State Lines Presented by Barbara L Massoudi, MPH, PhD RTI International Presented at Capitol Hill Steering Committee on Telehealth PowerPoint presentation | free to download - id: 2035d6-ZDc1Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Health Information Security and Privacy Collaboration (HISPC): Calming the Waters Across State Lines Presented by Barbara L Massoudi, MPH, PhD RTI International Presented at Capitol Hill Steering Committee on Telehealth

Description:

To develop a foundational reference guide that describes and compares the ... A guide to navigating cross-state variation in consent ... Consumer Engagement ... – PowerPoint PPT presentation

Number of Views:28
Avg rating:3.0/5.0

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Health Information Security and Privacy Collaboration (HISPC): Calming the Waters Across State Lines Presented by Barbara L Massoudi, MPH, PhD RTI International Presented at Capitol Hill Steering Committee on Telehealth


1
Health Information Security and Privacy
Collaboration (HISPC) Calming the Waters Across
State Lines Presented by Barbara L Massoudi,
MPH, PhD RTI International Presented at Capitol
Hill Steering Committee on Telehealth
Healthcare Informatics November 18, 2008
Washington, DC
2951 Flowers Rd.,
Suite 119, Atlanta, GA 30341
Phone 770-986-5062
Fax770-234-5030
E-mail bmassoudi_at_rti.org
2
Overview
  • Background on HISPC Phases 1 and 2
  • Phase 3 the 7 Collaborative Work Groups
  • Next steps

3
Phase 1
  • Timeline June 2006 April 2007
  • Participation 33 States and 1 territory
  • Scope Assess variation, develop solutions and
    implementation plans
  • Methods
  • Community-based research model
  • Engage a broad range of stakeholders
  • Follow common methodology
  • Panel of experts
  • National direction with local control

4
Phase 1 Products
  • Summary reports released
  • Assessment of Variation and Analysis of Solutions
  • Implementation Plans
  • Nationwide Summary
  • Reports and presentations publicly available
  • RTI Project site http//privacysecurity.rti.org
  • AHRQ National Resource Center http//healthit.ahr
    q.gov

5
Key topic areas addressed by solutions
  • Harmonize the approach to patient permission for
    disclosure
  • Simplify the complex interplay among HIPAA
    privacy and security rules, other federal laws,
    and state laws.
  • Reduce variation in interpretations of HIPAA
  • Foster trust between providers participating in
    exchange and among consumers permitting their
    information to be exchanged

6
Phase 2
  • Timeline May December 2007
  • Participation 42 states and 2 territories
  • Scope
  • Implement 6-month projects
  • Develop plans for collaboration in Phase 3
  • Methods
  • 34 Phase 1 teams implement state-specific
    solutions
  • All 44 teams contribute to collaborative proposals

7
Phase 2 Products
  • RTI Products
  • HISPC Toolkit
  • Impact Analysis report
  • State Products
  • November 2007 Conference Presentations
  • 34 states produce a multitude of state-specific
    deliverables, including reports, videos,
    websites, model agreements, model forms and
    educational toolkits
  • 42 states/territories submit proposals to
    participate in the Phase 3 collaborative work
    groups

8
Phase 3
9
Phase 3
  • Timeline April 2008 March 2009
  • Participation 40 states and 2 territories in 7
    collaboratives
  • Scope Execute collaborative strategies developed
    in Phase 2
  • Methods
  • States work both individually and collaboratively
    to complete project scope
  • Co-chairs of each collaborative form steering
    committee
  • RTI partners with Georgetown on State and
    Territory Law Analysis

10
The 7 Collaborative Work Groups
  • Consent 1, Data Elements
  • Consent 2, Policy Options
  • Harmonizing State Privacy Law
  • Consumer Education and Engagement
  • Provider Education
  • Adoption of Standard Policies
  • Interorganizational Agreements

11
Consent 1, Data Elements
  • 11 States participating
  • IN, ME, MA, MN, NH, NY, OK, RI, UT, VT and WI
  • Goals
  • To establish a model for identifying and
    resolving patient consent and information
    disclosure requirements across states.
  • To develop a foundational reference guide that
    describes and compares the requirements mandated
    by state law and any known regional or local
    consent policies and practices in each
    participating state.
  • Data Elements?
  • What consent information does a state need to
    reply to a request from another state? Signed
    consent form? With what information? Any
    restrictions? Do the answers change depending on
    the type or source of the information?

12
Consent 1 Progress Scenarios and Template
  • Scenarios
  • Treatment Non-Emergency
  • Treatment Emergency
  • Public Health
  • Template
  • Intricate, detailed set of spreadsheets
  • A battery of general questions with follow up
    questions for capturing additional detail
  • Completed by the legal work group in each state

13
Impact of Consent 1
  • A guide to navigating cross-state variation in
    consent requirements
  • A comparative analysis that will allow
    individuals in different states to see areas
    where change might be required to better align
    with their neighbors to facilitate exchange

14
Consent 2, Policy Options
  • 4 States participating
  • CA, IL, NC and OH
  • Goals
  • Provide states with a systematic process or
    roadmap for addressing the consent issue
  • Identify and describe model approaches to consent
  • Provide the outcomes for different consent
    approaches from a variety of scenarios
  • Culminate in a resource that all states will be
    able to use to support informed decision-making
    strategies in the adoption of consent policies
    and standards for HIE
  • Identify and describe alternatives that allow
    personal health information to be exchanged
    appropriately between states by strategically
    recommending one or more legal mechanisms

15
Interstate Consent Subgroup Result
  • The collaborative will provide other states a
    systematic process for evaluating and selecting
    one of these mechanisms to align consent
    requirements for exchanging PHI between states
    that have conflicting privacy laws.

16
Intrastate Consent Subgroup Result
  • By systematically testing these options using the
    scenarios, the intrastate subgroup will
  • Generate a list of issues
  • Describe alternative solutions available through
    the various models
  • Critically analyze the alternatives

17
Harmonizing State Privacy Law
  • 7 States participating
  • FL, KY, KS, MI, MO, NM and TX
  • Goal
  • To advance the ability of states and territories
    to analyze and reform, if appropriate, existing
    laws to facilitate health information exchange
  • Primary deliverable is a framework for
    legislative action

18
Harmonizing State Privacy Law Impact
  • States outside of the collaborative enter their
    data, identify gaps and set priorities for
    legislative action by determining if legislation
    is needed, feasible and compatible with other
    states.
  • Enables states to identify legislation that is
    critical for development.

19
Consumer Education and Engagement
  • 8 States participating
  • CO, GA, KS, MA, NY, OR, WA and WV
  • Goal
  • To develop a series of coordinated state-specific
    projects that focus on targeted population groups
    to describe the risks and benefits of health
    information exchange, educate consumers about
    privacy and security, and develop messaging to
    address consumer privacy and security concerns.

20
Consumer Engagement
  • States are currently working on their
    state-specific projects, which address priority
    education needs and often target specific
    populations
  • States have started to share their products with
    others in the collaborative
  • Websites are going live
  • Ultimately, through their collaboration they will
    develop products and guidelines for consumer
    education

21
Consumer Education Impact
  • States educate and engage their consumers,
    addressing the topic or target population that is
    most important
  • States share their products with the
    collaborative states (materials, dissemination
    plan, lessons learned) to facilitate adaptation
    for specific purposes

22
Provider Education
  • 8 States Participating
  • FL, KY, LA, MI, MO, MS, TN and WY
  • Goals
  • To create a toolkit to introduce electronic
    health information exchange to providers
  • To increase provider awareness of the privacy and
    security benefits and challenges of electronic
    health information exchange

23
Provider Education Impact
  • After testing core message on one provider type
    using one communication channel, refine approach
    based on lessons learned and deploy campaign to
    additional types/channels
  • Enhance awareness
  • Address perceived barriers
  • Encourage adoption and participation in private
    and secure exchange to improve the quality of care

24
Adoption of Standard Policies
  • 10 States participating
  • AZ, CO, CT, MD, NE, OH, OK, UT, VA and WA
  • Goals
  • To develop a set of basic policy requirements for
    authentication and audit
  • To define an implementation strategy to help
    states and territories adopt agreed-upon policies

25
Adoption of Standard Policies Results
  • All states will begin to address any
    authentication and audit gaps they identify
  • States that have less stringent policies will
    know where they need to strengthen them to be on
    par with other exchanges
  • States that are in the process of forming HIOs
    and establishing authentication and audit
    policies will know what requirements theyll need
    to meet

26
Adoption of Standard Policies Result
  • Final report will be a guide to other states so
    they can understand the minimum authentication
    and audit policies for exchanging data.

27
Interorganizational Agreements
  • 6 states participating
  • AK, GU, IA, NJ, NC, and SD
  • Goals
  • To develop a standardized core set of privacy and
    security components to include in
    interorganizational agreements
  • To execute interorganizational agreements and
    exchange data through cross-state pilots wherever
    possible

28
Interorganizational Agreements Next Steps
  • Continue coordination with DURSA and others
  • Complete signatures for both pilot agreements
  • Cross state electronic data sharing in pilot
    studies
  • Data Use and Reciprocal Support Agreement

29
Current and Future Activities
  • ONC continues to manage intersections between
    HISPC and their other initiatives
  • Nationwide Conference scheduled for March 2009 in
    Washington DC

30
Links
  • http//healthit.ahrq.gov
  • www.hhs.gov/healthit
  • http//privacysecurity.rti.org
  • www.rti.org
  • Identifiable information in this report or
    presentation is protected by federal law, Section
    924(c) of the Public Health Service Act, 42
    U.S.C. 299c-3(c). Any confidential identifiable
    information in this report or presentation that
    is knowingly disclosed is disclosed solely for
    the purpose for which it was provided
About PowerShow.com