The Healthcare Information Technology Standards Panel has issued a set of standards for keeping patients’ e-health records private and secure.
The panel, which is sponsored by the Health and Human Services Department, aims to identify and harmonize existing information standards so that e-health records can be exchanged among institutions.
The panel published what it calls constructs, or sets of standards and specifications. Its report states that these add up to a technical foundation that is applicable to the policy requirements in federal and state laws, or to other business and organizational requirements for protecting and preserving health information.
“The variability in health information security and privacy federal and state laws and regulations, and business policies and practices across the country, poses significant challenges to the development of a common set of security and privacy constructs,” the document states. “With this in mind, the [technical committee] used an approach based on the identification of a core set of overarching policy concepts, and the establishment of a minimum common base set of requirements that could be applied to different health information exchange scenarios.”
The constructs are as follows.
Manage document sharing and preserve document integrity
Collect and communicate security audit trail
Maintain consistent time, by synchronizing system clocks among the systems on a network
Secured communication channel
Entity identity assertion, to validate the identity of people or applications
Access control
Nonrepudiation of information origin
Manage and communicate consent directives from a patient.
The constructs will be incorporated into other interoperability specifications issued by the panel.
It reported that the constructs have some gaps. “For example, there is a lack of standards to communicate the full access control policies and obligations in the fidelity that health care ultimately needs,” it said in the document. “In cases like this, HITSP will present the best solutions available, and encourage standards organizations to fill the gaps.”
The panel expects to update the constructs from time to time.
Government Health IT presents Rick Friedman, director of the division of state systems for the Center for Medicaid and State Operations with the U.S. Department of Health and Human Services, in this recent eSeminar regarding how the federal Centers of Medicare and Medicaid Services is partnering with state Medicaid and health and human services officials to bring Medicaid into the digital age. Paul McCloskey, Government Health IT editor, moderates.
