By Ed Jones III, Author and President of HIPAA, LLC.
Twitter: @HIPAAsafeguards
This year, 2014, marks the end of the Decade of Health Information Technology, initiated by then Secretary of the Department of Health and Human Services (HHS), Tommy Thompson, in July 2004 “to build a national electronic health information infrastructure in the United States.” This initiative outlined “four major collaborative goals” and “12 strategies for advancing and focusing future efforts.” My co-author, Carolyn Hartley, and I discuss these goals and strategies in detail in our book, EHR Implementation: A Step-by-Step Guide for the Medical Practice (2nd ed.) (Chicago, IL: American Medical Association, 2012).
The HHS Office of the National Coordinator for Health Information Technology (ONC) released on June 5, 2014, its new 10-year initiative: Connecting Health and Care for the Nation: A 10-Year Vision to Achieve an Interoperable Health IT Infrastructure. This 13-page vision document is available online.
This forward looking document continues and builds on the accomplishments of the earlier HHS initiative discussed above, and also mirrors many of the recommendations of the 2013 WEDI Report released in December 2013 by the Workgroup for Electronic Data Interchange (WEDI). The 2013 WEDI Report is available online.
ONC’s vision document includes three agendas:
- Three-Year Agenda
- Send, receive, find, and use health information to improve health care quality.
- Six-Year Agenda
- Use information to improve health care quality and lower cost
- Ten-Year Agenda
- Support better health for all through a more connected health care system and active individual health management.
ONC’s vision document includes nine guiding principles:
- Build upon the existing health IT infrastructure
- One size does not fit all
- Empower individuals
- Leverage the market
- Simplify
- Maintain modularity
- Consider the current environment and support multiple levels of advancement
- Focus on value
- Protect privacy and security in all aspects of interoperability.
ONC’s vision document includes five building blocks:
- Core technical standards and functions
- Certification to support adoption and optimization of health IT products and services
- Privacy and security protections for health information
- Supportive business, clinical, cultural, and regulatory environment
- Rules of engagement and governance of health information exchange.
As this HIPAA Safeguard site is focused primarily on compliance with HIPAA/HITECH Act privacy, security, breach notification rule standards, implementation specifications, and requirements, we highlight here the vision and strategic focus of the third building block—Privacy and security protections for health information on pages 10-11 of the document:
“ONC will strive to ensure that privacy and security-related policies, practices, and technology keep pace with the expanded electronic exchange of information for health system reform. We will continue to assess evolving models of health information exchange to identify and, with stakeholder input, develop solutions to address weaknesses and gaps in privacy protections. We will encourage the development and use of policy and technology and workflow practices to advance patients’ rights to access, amend, and make informed choices about the disclosure of their electronic health information. We recognize that there are certain state and federal laws under which some patients must give affirmative consent to the disclosure of their health information (often related to a ‘sensitive’ health condition such as behavioral health or genetic information), a privacy protection that is more stringent than the HIPAA Privacy Rule. ONC will endeavor to ensure that these patients will not be left on the wrong side of the digital divide. We will work to improve standards, technology, and workflow that enable the electronic collection and management of consent as we’ll as the electronic exchange of related information within existing legal requirements (including notice of redisclosure restrictions). We will also invest in methods and approaches that support distributed analytics and open evidence sharing without sharing PHI [protected health information]. Continued coordination across federal and state governments is needed to develop, implement, and evolve appropriate privacy and security policies for various types of health information exchange.
“Expanding interoperability and exchange may also pose new security challenges. We will work with the National Institute of Standards and Technology (NIST) and other stakeholders to expand the options for ensuring, as an appropriate level of certainty, that those who access health information electronically are who they represent themselves to be. We will continue to assess and improve policies and standards that help ensure health information is only access by authorized people and is used in reasonable and transparent ways. We will also work with the private sector to address emerging cyber threats.
“Given our support for electronic access by individuals to their own health information, we will also be mindful of the privacy and security risks created when information exists the realm of HIPAA covered entities. We will support developers creating health tools for consumers to encourage responsible privacy and security practices and greater transparency about how they use personal health information. In addition, we will collaborate with the Office for Civil Rights [OCR] and other agencies to encourage greater consumer education about the benefits of health information exchange and the steps they can take to safeguard their own data.
“As we expand health information exchange, it is important that all stakeholders (the government, health care providers and plans, vendors, developers, patients and their caregivers) recognize their responsibility in protecting health information. We intent to continue our outreach and technical assistance to help everyone reach this goal.”
HIPAA Safeguard recommends that you read the entire document as a roadmap to the future of electronic business processes in healthcare.
About the author: Ed Jones is an author, and owner and CEO of Cornichon Healthcare Select, LLC, Seabrook Island, SC, which provides consulting services pertaining to HIPAA/HITECH Act privacy and security compliance, and design of mobile strategies for healthcare transactions. He also is President of HIPAA, LLC, which owns www.HIPAA.com and www.HIPAASchool.com and the co-author with Carolyn Hartley of ten books for the American Medical Association (AMA) and the American Dental Association (ADA). This post has been syndicated
with the authors permission.
[simple_slider pause_on_hover=”no” bullets=”yes” arrows=”yes” border=”yes” shadow=”yes” lightbox=”yes”]
[simple_slide img=”http://www.hitechanswers.net/wp-content/uploads/2014/10/Meaningful-Use-Audit-1.jpg” title=”Has your Practice Been Audited?.” subtitle=”Call EMR Advocote for help with your audit.” style=”light”]
[simple_slide img=”http://placehold.it/866×541″]
[simple_slide img=”http://placehold.it/866×541″ title=”Optional slider caption.” style=”dark”]
[/simple_slider]