1 / 14

Health Information Security and Privacy Collaboration Regional Meeting

Health Information Security and Privacy Collaboration Regional Meeting. North Carolina Report November 13, 2006. Introduction. Steering Committee. Phil Telfer, Co-chair NC Governor’s Office Holt Anderson, Co-chair NCHICA, Executive Director

sukey
Download Presentation

Health Information Security and Privacy Collaboration Regional Meeting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Health Information Security and Privacy Collaboration Regional Meeting North Carolina Report November 13, 2006

  2. Introduction

  3. Steering Committee • Phil Telfer, Co-chair NC Governor’s Office • Holt Anderson, Co-chair NCHICA, Executive Director • Linda Attarian NC DHHS Div. of Medical Assistance • Wesley G. Byerly Wake Forest Univ. Baptist Med. Ctr. • Fred Eckel NC Assoc. of Pharmacists • Jean Foster NC Health Information Mgmt. Assoc. • Don E. Horton, Jr. LabCorp • Mark Holmes NC Institute of Medicine • Eileen Kohlenberg NC Nurses Association • Linwood Jones NC Hospital Association • Patricia MacTaggart Health Management Associates • Doc Muhlbaier Duke University Health System • David Potenziani UNC School of Public Health • Melanie Phelps NC Medical Society • N. King Prather BCBSNC • Morgan Tackett BCBSNC • Work Group Co-Chairs Various Organizations

  4. State Health Information Exchange Efforts • Our healthcare stakeholders continue to participate in various health information exchange efforts in NC. Examples are: • ONC-funded NHIN Architecture Prototype • Medicaid Community Care of NC • WNC Health Network (Western NC RHIO) • Sandhills Network • NC Public Health Information Network (NCPHIN) • NCHESS, NCDETECT • Bridges To Excellence • NC Immunization Registry • Employer sponsored patient health records • e-Prescribing projects: payers, providers, e-Rx pharmacies • Payer sponsored consumer sites: claims, benefits • QualityNet (DOQ-IT)

  5. State HISPC Project • Past and current collaborative projects have been designed to share information for a specific healthcare or business need. • The NC HISPC project allows the exploration of privacy and security sharing models at a comprehensive level.

  6. Stakeholder Representation and Outreach • The NC HISPC workgroups, project team, and stakeholder groups are comprised of over 60 participants representing the diverse healthcare community.

  7. Data Collection Process • Followed RTI methodology • Interviews: • Groups divided by types of scenario • Groups co-facilitated by project leaders • On site by Project Manager • E-mail surveys • Customized data collection spreadsheet

  8. Major Themes • Information sharing practices varied significantly • Emergent vs. non-emergent situations • Stakeholders frequently were unaware of their business practice / policy • Lack of awareness on how to apply law within the organization • Privacy and security policy and regulatory compliance may be dependent upon perception of enforcement. • Current information sharing business practices have evolved without a business model

  9. Major “Barriers” to HIE • Range of awareness and interpretation • Pre-emption NCGS 8 - 53 • Application within organization • Fear of litigation / Lack of “safe harbor” • Lack of policy standardization • Lack of interoperability of information exchange - paper and electronic records

  10. Major “Barriers” to HIE • Lack of incentive to share information • Inter/intrastate legal implications • Lack of business model • RHIO, Community Health • Lack of RHIO / IHE definition, standards or recognition as legal entity • CLIA does not recognize “RHIOs” or any entity other than the ordering physician as “authorized persons” for receiving lab results from labs • Entity to entity exchanges are highly controlled by business practice and law as compared to patient-mediated exchanges.

  11. Issues and Challenges“Lessons Learned” • High dependence on volunteers • Confidentiality structure limited opportunity to approach and engage additional stakeholders • Breadth of stakeholder representation limited data collection of business practices • Methodology based on study or research protocols • No formal deliverables requirements until Sept. • Emerging assessment / collaboration tools / participants’ skill set • Nine privacy / security domains do not correspond with recognized privacy and security practice standards

  12. Issues and Challenges “Lessons Learned” • Stakeholders reluctant to share proprietary information • Differing legal and practice philosophies • Workgroups unfamiliar with RHIO models and business practices • Healthcare marketing staff are not knowledgeable of privacy and security aspects of data protection.

  13. Goals for the Regional Meeting • Engage other states in HISPC • Insights from those who have executed this process • Glean ideas from other approaches • Develop consistent approach to final deliverables • Pre-emption including NCGS 8–53 • Highlight lack of “RHIO / HIE” definition and standards • Present CLIA issue and possible solution / amendment • Present the potential for patient-controlled health information exchange standards, policies and procedures

  14. Questions for Other States • Would you be interested in sharing material for our growing health information exchange reference library? • Would you contribute your time to help us identify your state statutes or policy requirements that apply when sharing health information across state lines? • What is your current process for sharing health information across state lines? • Who are the thought leaders in your state? • Do you feel your legislative and or executive levels of government are supportive of training and funding to improve privacy and security practices? • Is there something “special” about your state that would aid or hinder carrying out this process? • Your turn

More Related