Suggested Content
- Panel wants MU to 'shine spotlight' on providers' health data safeguards
- Panel favors two factors for remote user ID
- ONC panel endorses steps for matching patients with exchange data
- E-consent policy: the ripple effect
- HIT Policy Committee OKs HIE consent rules
- Tigers: provide 'meaningful choice' in consent decisions
- HHS panel mulls patient control over select data
- HHS panel grapples with patient consent
- Panel endorses permanent EHR certification plan
- ONC names privacy, security workgroup members
Related Resources
- Patch Management: 4 Best Practices for Today's Healthcare IT
- Securing Patient Data with Access Governance
- 'Meaningful Use' of the Nationwide Health Information Network: Lessons Learned from SSA and the States
- Realizing the Promise of Health Information Exchange
- Proactive Security and Privacy Monitoring for Modern Healthcare Networks
An advisory panel has asked for public feedback on issues it should take up next as it continues to flesh out a comprehensive privacy and security policy framework for electronic health information exchange.
The framework builds on current law, specifically the Health Insurance Portability and Accountability Act (HIPAA), and is based on fair information practice principles, according to Deven McGraw, chair of the Privacy and Security Tiger Team, a work group of the advisory Health IT Policy Committee. McGraw is also director of the health privacy project at the Center for Democracy and Technology.
“The tiger team is eager to hear from the public about gaps in this framework that still need to be addressed,” according to McGraw and panel co-chair Paul Egerman in an April 19 announcement.
The policy committee has endorsed the panel’s recommendations to date related to developing conditions of trust for simple directed push exchanges and submitted them to the Office of the National Coordinator for Health IT to decide whether to incorporate them as policy.
“Where do we go from here? We know that there are requirements in the pipeline that will require our attention,” McGraw said at an April 18 tiger team meeting. She is also director of the health privacy project at the Center for Democracy and Technology.
The panel offers a summary of what HIPAA provides and the tiger team’s recommendations to date. The tiger team wants to complete its work for push transactions and then move on to privacy and security related to more complex query-and-response transactions for treatment purposes, Egerman said. He is also a software entrepreneur.
"Where we see there are gaps so far are in corrections of patiet data, areas of data integrity and quality, collections and limitations of use of patient data," he said.
The Health IT Standards Committee has also endorsed recommendations for technical requirements for digital certificates, which assure identity of sender and receiver in simple, direct exchange transactions.
The proposals also urge the policy committee to come up with policies for organizations providing digital certificates to demonstrate that they are legitimate and trustworthy, said Dixie Baker, a tiger team member and chair of the standards committee privacy and security work group. She is also SAIC senior vice president and chief technology office of its health solutions business.
There is also an increasing focus on the query-response model that "may have been partially triggered by the release of the PCAST report," McGraw said.
The President's Council of Advisors on Science and Technology (PCAST) recommended in December that ONC accelerate more comprehensive health information exchange through the development of a universal exchange language and the ability to seperate health data into the smallest individual pieces that make sense to query for and exchange.
