Home | About | News | Store | Contact Us

Search

Intro | Engaging Consumers | Transforming Care | Population Health | Aligning Incentives | Privacy, Security and Confidentiality

Key Elements - Privacy, Security and Confidentiality

Principles, Strategies & Actions

Key Initiatives

Key Elements: Managing Privacy, Security & Confidentiality

Privacy, Security & Confidentiality Key Initiatives

Source/Reference	Initiative:	Summary:
American Health Information Community (AHIC)	Confidentiality, Privacy & Security workgroup	A workgroup focused on developing recommendations to ensure the confidentiality, privacy, and security of individually identifiable health information in an electronic health information exchange environment.
	Goals:	Strategies / Principles / Tools:
	Broad Charge: Make recommendations to the Community regarding the protection of personal health information in order to secure trust, and support appropriate interoperable electronic health information exchange. Specific Charge: Make actionable confidentiality, privacy, and security recommendations to the Community on specific policies that best balance the needs between appropriate information protection and access to support, and accelerate the implementation of the consumer empowerment, chronic care, and electronic health record related breakthroughs.	Workgroup will address the following issues: Methods of patient identification Methods of authentication Methods for securing data Methods for securing access to health information Policies for breach of health information Guidelines and processes to determine appropriate secondary uses of information A scope of work for a long term independent advisory body on privacy and security issues.

Source/Reference	Initiative:	Summary:
American Medical Informatics Association (AMIA)	Invitational Conference on Secondary Use of Health Data	AMIA initiated three technical working groups that informed the larger gathering in order to develop a comprehensive taxonomy of use and users of secondary health data, to review technologies that are used to de-identify data sets and re-identify data sets of ?anonymous? data, and to define data stewardship and related policy issues.
	Goals:	Strategies / Principles / Tools:
	Develop a national framework for the secondary use of health data that includes: A taxonomy describing types of uses and users of health data Guiding principles that balance the risk, sensitivity, benefits, obligations, and protections of various uses of health data Clarifications of terminology associated with various uses of health data	Data Stewardship Principles: Accountability (including governance, oversight , and level of applicable regulations) Openness and transparency (including structure, processing and delivery of data, and business processes and practices) Notice to patients Privacy and security (including data quality, de-identification, and costs of re-identification) Granularity of patient consent Permitted uses and disclosures (including data aggregation and analyses) Enforcement and remedies

Source/Reference	Initiative:	Summary:
Connecting for Health ? Markle Foundation	The Common Framework	A comprehensive resource of policy and technical specifications intended to help health information systems share information.
	Goals:	Strategies / Principles / Tools:
	A new infrastructure for health information sharing will provide the foundation for a transformed, 21st century healthcare system in which patients and families can better understand their own health and engage more fully in their care through direct access to their own health information.	Policy Principles: Openness and transparency Purpose specification and minimization Collection limitation Use limitation Individual participation and control Data integrity and quality Security safeguards and controls Accountability and oversight Legal and financial remedies Technology Principles: Make it ?Thin? Avoid ?Rip and Replace? Separate Applications from the Network Decentralization Federation Flexibility Privacy and Security Accuracy

Source/Reference	Initiative:	Summary:
Consumer Coalition for Health Privacy	Consumer Coalition for Health Privacy	A diverse network of patient, disability and consumer advocacy organizations actively engaged in the national and local debate on health privacy.
	Goals:	Strategies / Principles / Tools:
	To inform and empower the consumer community, including the disabled and those with serious illnesses, to more fully engage in the national and local debate on health privacy.	Principles ? Committed to the development and enactment of public policies and private standards that: Guarantee the confidentiality of personal health information Promote both access to high quality care and the continued viability of medical research.

Source/Reference	Initiative:	Summary:
Health Privacy Project	Health Privacy Project	An organization dedicated to raising public awareness on the importance of ensuring health privacy.
	Goals:	Strategies / Principles / Tools:
	To raise public awareness of the importance of ensuring health privacy in order to improve health care access and quality, both on an individual and a community level.	Principles (as identified in the Best Principles for Health Privacy report): For all uses and disclosures of health information, health care organizations should remove personal identifiers to the fullest extent possible, consistent with maintaining the usefulness of the information. Privacy protections should follow the data. An individual should have the right to access his or her own health information and the right to supplement such information. Individuals should be given notice about the use and disclosure of their health information and their rights with regard to that information. Health care organizations should implement security safeguards for the storage, use, and disclosure of health information. Personally identifiable health information should not be disclosed without patient authorization, except in limited circumstances. Health care organizations should provide patients with certain choices about the use and disclosure of their health information. Health care organizations should establish policies and review procedures regarding the collection, use, and disclosure of health information. Health care organizations should use an objective and balanced process to review the use and disclosure of personally identifiable health information for research. Health care organizations should not disclose personally identifiable health information to law enforcement officials, absent a compulsory legal process, such as a warrant or court order. Health privacy protections should be implemented in such a way as to enhance existing laws prohibiting discrimination. Strong and effective remedies for violations of privacy protections should be established.

Source/Reference	Initiative:	Summary:
National Consumers League	National Consumers League	An non-profit advocacy group whose mission is to identify, protect, represent, and advance the economic and social interests of consumers.
	Goals:	Strategies / Principles / Tools:
		Health Information Privacy Policies: Right to privacy Informed consent and notice Security safeguards and penalties Individual right to access Right to private access Research access Education Consumer information programs

Source/Reference	Initiative:	Summary:
Office of National Coordinator, AHRQ, Research Triangle Institute	Health Information Security and Privacy Collaboration (HISPC) Toolkit	The toolkit provides guidance for conducting organization-level assessments of business practices, policies, and state laws that govern the privacy and security of health information exchange.
	Goals:	Strategies / Principles / Tools:
	To create long-lasting collaborative networks in states and communities to support future work and inform future health information exchange activities.	Obtaining Interoperable HIE: Identify the variations in organization-level business privacy and security policies and practices and state laws that affect electronic HIE. Engage stakeholders in discussions where they can come to agreement on the common and necessary elements of current practices that will need to be retained and to identify gaps in current protections that are inadequate to cover the requirements for electronic HIE. Identify the policy or legal driver or other underlying rationale for the current practice and work toward identifying consensus-based solutions. Develop a plan to implement the solutions. Work through the implementation process, collaborating openly with stakeholders.

Source/Reference	Initiative:	Summary:
Patient Privacy Rights Foundation	Patient Privacy Rights Foundation	A national consumer watchdog organization whose mission is to empower Americans to protect and preserve their human rights to medical privacy.
	Goals:	Strategies / Principles / Tools:
	To guarantee that all Americans control access to their health records.