SlideShare a Scribd company logo
Maggie Gunter, PhD
President, LCF Research

 iHT2 Health IT Summit
      January 18, 2012
      Phoenix, Arizona
   New Mexico Health Information Collaborative
    ◦ Key Accomplishments/Current Status
   Privacy and Security Issues Encountered
    ◦ Federal vs. State Privacy Laws
    ◦ The Patient Consent Model
    ◦ Engaging and educating consumers and stakeholders
      about privacy
    ◦ What about interstate health information exchange?
    ◦ Security—how to protect patient data
    ◦ What about other HIE uses than treatment?
    ◦ Lessons learned and future privacy policy



                              2
   Created by LCF Research in 2004 to establish a health
    information exchange
   AHRQ funding with community matching funds
   LCF Research
    ◦ non-profit applied health research and innovation institute
      created in 1990
    ◦ Key interest in designing, implementing, and evaluating
      interventions to improve health care
    ◦ History of innovation in provider-based disease mgt.

   Impetus to HIT Involvement
    ◦ Major barrier to health care improvement/cost reduction
    ◦ Lack of use and exchange of electronic medical records
    ◦ Hence, LCF’s interest in creating the health information exchange
      (HIE)


                                    3
Clinician Requests Access to Patient Records with Patient Consent

                            EHR Gateway
      State Public
      Health Depts.
                                                          Hospital
                               Locates
                            the Patient’s
                              Records



   Patient                NMHIC                                Clinician
                                                               Office

                           HIE Network
                              Gathers &                              Lab
                             Assembles
                            the Patient’s
                               Records
    Clinician                                              Emergency
                                                           Room


Nationwide Health Information Network (NwHIN)
                                       4
   Funding
    ◦ primarily federal (AHRQ, ONC, SSA)
    ◦ some state and community match in development phase
   State-designated entity for HIE and lead agency for HIT
    Regional Extension Center
   Current funding
    ◦ State HIE (ONC)
    ◦ NM Regional Extension Center (ONC)
    ◦ Soc. Sec. Admin. Disability Claims submission using HIE
   Sustainability Task Force
    ◦ 2011-2012-federal requirement-community match
    ◦ Funding framework for 2013-2014 and after federal funding ends




                                   5
   $15 million funding invested to date (more funding
    awarded through 2014)
   One of 9 HIEs awarded ONC NwHIN Trial Implementation
    Contract (2007-2010)
   Designated by State of NM to lead the Health Information
    Security and Privacy Collaborative (2006-2009)
    ◦ Initiated legislation to update state privacy laws and enact NM
      Electronic Medical Record Act 2009
   Designated by Governor as NM’s Statewide HIE Network—
    May, 2009
   First state to have its HIE plan approved by ONC
   Recognized by ONC as a national leader in public health
    reporting using the HIE
   Awarded NM HIT Regional Extension Ctr.-2010


                                     6
   Statewide health information exchange
   Established broadly representative statewide Board-2010
   Data suppliers: all major Albuquerque area health systems
    and hospitals, all the large medical groups, 2 largest testing
    labs (70% of state’s population), a number of rural hospitals
    (total participating hospitals:15)
   1.3 million unique patients in the Master Patient Index (NM
    pop.—2 million)
   Live public health reporting to NM DOH (mandated lab results,
    ED syndromic surveillance, immunizations)
   Live clinical use underway—large cancer center
   ED clinical use in 2 major hospitals in early 2012
   Statewide HIE use by 2014




                                   7
   Innovation is exciting but “messy”
    ◦ NOT a linear process
   Building an HIE network requires “persistence beyond
    all reason” (to quote a participant)
   The Big HIE Challenges
    ◦ Community Engagement
      Sharing data across competing organizations was new and
       threatening
      Early years—HIE had great promise, but was new concept, so
       limited hard evidence of impact on cost/quality
    ◦ Adequate funding for development
    ◦ Short and long-term sustainability
    ◦ PRIVACY AND SECURITY!




                                 8
   Much more difficult than anticipated, even though team
    had much privacy experience
   HIPAA standards were not sufficient
   Much complexity beyond HIPAA (more restrictive state
    laws in NM and other states)
   HITECH privacy regs. (“HIPAA on steroids”)
   What do the laws say—but also how do community
    stakeholders feel about privacy?
   What model of consent will be compatible with both legal
    and community standards/concerns?
   How to best engage community in addressing privacy
    challenges?


                               9
   Tricky to balance important HIE benefits to patients vs.
    patients’ right to privacy and control of disclosures
   Providers concerned about liability
   Patients want a system to “filter” their data (share only
    certain data or only with certain providers)
   Technical barriers to such filtering
   Clinical barriers to filtering (“illusion of completeness”)
   What about use of HIE data for non-treatment purposes
    (e.g., public health reporting, quality reporting, research,
    health plan use)?



                                 10
   Researched NM state laws and health data laws in
    other states
   Found NM laws outdated, oriented to paper records,
    and did not address HIE disclosure
   NM laws stricter than HIPAA
    ◦ Written patient consent required for disclosure of
      sensitive conditions, even for treatment (e.g. AIDs,
      behavioral health, substance abuse, genetic tests)
   Impediment to sharing of data between HIEs across
    state lines if state laws differ (despite the national
    DURSA agreement developed to facilitate such
    exchange)


                             11
   Identified stakeholders with different frames of reference to
    help draft privacy legislation
    ◦ Attorneys, compliance officers, consumer advocacy groups,
      providers, hospitals, public health entities, legislators, HIE advocates
   Iterative and political process requiring two years
   Provider concerns about sharing data with competitors and
    liability if data incorrect or unavailable due to opting out
   Consumer concerns about inadvertent disclosure of sensitive
    information and desire to decide which data should be
    shared
   Issue of all data being shared with the HIE, but only disclosed
    by HIE to providers with patient consent
   What security measures would ease consumer fears



                                      12
   Recognizes electronic patient records as legal
   Allows disclosure to HIE for development and
    operations
   Requires written patient consent for sensitive
    information disclosure
    ◦ Except for “break the glass” override in medical emergencies
   Requires HIE to maintain an audit log of access
   HIE must provide an opt-out capability
   Provides liability protection for HIE and provider if
    patient chooses to opt out



                                 13
   A hybrid model
   Patients have three consent options
    1) Provide written consent for HIE to disclose data to
       providers for treatment purposes (all data or no data—
       no filtering capability)
    2) No written consent to disclose data (exception only in
       medical emergencies—”break the glass”)
    3) Opt-out—no data shared by the HIE with anyone, even
       in a medical emergency
   No technical ability to “filter out” sensitive
    information, so patient consent is “all or nothing”
    today


                               14
   Data security very important to both patients
    and providers, given publicized breaches
   User authorization and authentication
   Encryption of data “in motion and at rest”
   System includes detailed audit log
    documentation
   Patient review of audit logs (upon request)




                          15
   Cumbersome consent process can undermine HIE use
    and benefits—still working on this one
   How to obtain consent quickly in emergency
    department setting for non-emergent patients
   What about use of and access to HIE for purposes
    other than treatment?
    ◦   Health plan access
    ◦   Public health reporting
    ◦   Quality reporting
    ◦   Public reporting to guide consumer choice
    ◦   Research
   NM has created two important community task
    forces, one for non-treatment access and another for
    sustainability

                                 16
   Broad representation on decision making Board for
    HIE is essential
   Communication plan is critical for patients,
    providers, and other community stakeholders
    ◦ Must educate all groups
    ◦ Must emphasize HIE benefits and security protections as
      well as patient right to consent/opt out
   Must understand that “what is legal and what is
    wise” are often two different things
   Public trust is critical—so stakeholder engagement
    and ownership is essential



                               17
   Privacy and security will continue to be hard, time-consuming issues
    for the foreseeable future—shortcuts won’t work. Often must ”go
    slow to go fast”
   Be sure to understand your state’s health data laws, the local culture
    concerning privacy, and attitudes of influential stakeholders
   Community “ownership” of the HIE is essential, as is community trust
   Be willing to invest the time and expertise needed to communicate
    carefully and extensively with providers and consumers
   Public trust is a fragile thing but essential to an HIE’s success and
    sustainability
   A major factor is trust in the privacy and security of the HIE network
    and its leaders




                                      18
Contact Information
  Maggie Gunter, PhD
 President, LCF Research
2309 Renard Place SE, Suite 103
   Albuquerque, NM 87106
Maggie@LCFresearch.org
    505-938-9900


              19

More Related Content

What's hot

Prof Diana Schmidt's Talk at AIIMS on 8th January 2008
Prof Diana Schmidt's Talk at AIIMS on 8th January 2008Prof Diana Schmidt's Talk at AIIMS on 8th January 2008
Prof Diana Schmidt's Talk at AIIMS on 8th January 2008
Sukhdev Singh
 
Personal Health Records
Personal Health RecordsPersonal Health Records
Personal Health Records
RRR784
 
HM312 Week 7
HM312 Week 7HM312 Week 7
HM312 Week 7
BealCollegeOnline
 
Emerose galvez
Emerose galvezEmerose galvez
Emerose galvez
emerosegal
 
WorldVistA 061607
WorldVistA 061607WorldVistA 061607
WorldVistA 061607
ckuyehar
 
Virtual Clinics In the USA
Virtual Clinics In the USAVirtual Clinics In the USA
Virtual Clinics In the USA
Elinext
 
Telemedicine history and evolution 25.04.2021
Telemedicine history and evolution 25.04.2021Telemedicine history and evolution 25.04.2021
Telemedicine history and evolution 25.04.2021
Shazia Iqbal
 
Telehealth and HTA
Telehealth and HTATelehealth and HTA
Telehealth and HTA
HTAi Bilbao 2012
 
Middleton.Cgu2005v6
Middleton.Cgu2005v6Middleton.Cgu2005v6
Middleton.Cgu2005v6
Blackford Middleton
 
Mikhaela ripa
Mikhaela ripaMikhaela ripa
Mikhaela ripa
emerosegal
 
Dov Greenbaum, "Avoiding Regulation in the Medical Internet of Things"
Dov Greenbaum, "Avoiding Regulation in the Medical Internet of Things"Dov Greenbaum, "Avoiding Regulation in the Medical Internet of Things"
Dov Greenbaum, "Avoiding Regulation in the Medical Internet of Things"
The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics
 
Hit Potential Peg Schible
Hit Potential   Peg SchibleHit Potential   Peg Schible
Hit Potential Peg Schible
pegscheible
 
Development Standards and Regulations for HealthTech
Development Standards and Regulations for HealthTechDevelopment Standards and Regulations for HealthTech
Development Standards and Regulations for HealthTech
Elinext
 
The Growth of Telemedicine in the 21st Century
The Growth of Telemedicine in the 21st CenturyThe Growth of Telemedicine in the 21st Century
The Growth of Telemedicine in the 21st Century
Peter Killcommons
 
Patient Privacy Protections
Patient Privacy ProtectionsPatient Privacy Protections
Patient Privacy Protections
kwittman
 
Issue Brief - EHRs
Issue Brief - EHRsIssue Brief - EHRs
Issue Brief - EHRs
Katie Seeler Hoskins
 
DHS Analysis of healthcsare sector cyber interdependecies
DHS Analysis of healthcsare sector cyber interdependeciesDHS Analysis of healthcsare sector cyber interdependecies
DHS Analysis of healthcsare sector cyber interdependecies
David Sweigert
 
Tim Capstone Paper(2)
Tim Capstone Paper(2)Tim Capstone Paper(2)
Tim Capstone Paper(2)
Timothy Greiner
 
It For Better Patient Care
It For Better Patient CareIt For Better Patient Care
It For Better Patient Care
Entrepreneurship and ICT Advisor
 
HM312 Week 1 part 1 of 2
HM312 Week 1 part 1 of 2HM312 Week 1 part 1 of 2
HM312 Week 1 part 1 of 2
BealCollegeOnline
 

What's hot (20)

Prof Diana Schmidt's Talk at AIIMS on 8th January 2008
Prof Diana Schmidt's Talk at AIIMS on 8th January 2008Prof Diana Schmidt's Talk at AIIMS on 8th January 2008
Prof Diana Schmidt's Talk at AIIMS on 8th January 2008
 
Personal Health Records
Personal Health RecordsPersonal Health Records
Personal Health Records
 
HM312 Week 7
HM312 Week 7HM312 Week 7
HM312 Week 7
 
Emerose galvez
Emerose galvezEmerose galvez
Emerose galvez
 
WorldVistA 061607
WorldVistA 061607WorldVistA 061607
WorldVistA 061607
 
Virtual Clinics In the USA
Virtual Clinics In the USAVirtual Clinics In the USA
Virtual Clinics In the USA
 
Telemedicine history and evolution 25.04.2021
Telemedicine history and evolution 25.04.2021Telemedicine history and evolution 25.04.2021
Telemedicine history and evolution 25.04.2021
 
Telehealth and HTA
Telehealth and HTATelehealth and HTA
Telehealth and HTA
 
Middleton.Cgu2005v6
Middleton.Cgu2005v6Middleton.Cgu2005v6
Middleton.Cgu2005v6
 
Mikhaela ripa
Mikhaela ripaMikhaela ripa
Mikhaela ripa
 
Dov Greenbaum, "Avoiding Regulation in the Medical Internet of Things"
Dov Greenbaum, "Avoiding Regulation in the Medical Internet of Things"Dov Greenbaum, "Avoiding Regulation in the Medical Internet of Things"
Dov Greenbaum, "Avoiding Regulation in the Medical Internet of Things"
 
Hit Potential Peg Schible
Hit Potential   Peg SchibleHit Potential   Peg Schible
Hit Potential Peg Schible
 
Development Standards and Regulations for HealthTech
Development Standards and Regulations for HealthTechDevelopment Standards and Regulations for HealthTech
Development Standards and Regulations for HealthTech
 
The Growth of Telemedicine in the 21st Century
The Growth of Telemedicine in the 21st CenturyThe Growth of Telemedicine in the 21st Century
The Growth of Telemedicine in the 21st Century
 
Patient Privacy Protections
Patient Privacy ProtectionsPatient Privacy Protections
Patient Privacy Protections
 
Issue Brief - EHRs
Issue Brief - EHRsIssue Brief - EHRs
Issue Brief - EHRs
 
DHS Analysis of healthcsare sector cyber interdependecies
DHS Analysis of healthcsare sector cyber interdependeciesDHS Analysis of healthcsare sector cyber interdependecies
DHS Analysis of healthcsare sector cyber interdependecies
 
Tim Capstone Paper(2)
Tim Capstone Paper(2)Tim Capstone Paper(2)
Tim Capstone Paper(2)
 
It For Better Patient Care
It For Better Patient CareIt For Better Patient Care
It For Better Patient Care
 
HM312 Week 1 part 1 of 2
HM312 Week 1 part 1 of 2HM312 Week 1 part 1 of 2
HM312 Week 1 part 1 of 2
 

Similar to Case Study “HIE Consumer & Stakeholder Engagement: Privacy and Security of Patient Data”

Health Informatics- Module 3-Chapter 1.pptx
Health Informatics- Module 3-Chapter 1.pptxHealth Informatics- Module 3-Chapter 1.pptx
Health Informatics- Module 3-Chapter 1.pptx
Arti Parab Academics
 
An Electronic Health Record ( Ehr )
An Electronic Health Record ( Ehr )An Electronic Health Record ( Ehr )
An Electronic Health Record ( Ehr )
Tracy Huang
 
A12_Beyond_HIPAA_PPT1
A12_Beyond_HIPAA_PPT1A12_Beyond_HIPAA_PPT1
A12_Beyond_HIPAA_PPT1
Brad Tritle, CIPP
 
3.A Basic Overview of Health Information Exchange.pdf
3.A Basic Overview of Health Information Exchange.pdf3.A Basic Overview of Health Information Exchange.pdf
3.A Basic Overview of Health Information Exchange.pdf
Belayet Hossain
 
1)Health data is sensitive and confidential; hence, it should .docx
1)Health data is sensitive and confidential; hence, it should .docx1)Health data is sensitive and confidential; hence, it should .docx
1)Health data is sensitive and confidential; hence, it should .docx
teresehearn
 
Me hi hie-landscape-webinar-2014-june
Me hi hie-landscape-webinar-2014-juneMe hi hie-landscape-webinar-2014-june
Me hi hie-landscape-webinar-2014-june
MassEHealth
 
Pg2 Beginning in 1991, the IOM (which stands for the Institute o.docx
Pg2   Beginning in 1991, the IOM (which stands for the Institute o.docxPg2   Beginning in 1991, the IOM (which stands for the Institute o.docx
Pg2 Beginning in 1991, the IOM (which stands for the Institute o.docx
randymartin91030
 
Nursing informatic'spresentation
Nursing informatic'spresentationNursing informatic'spresentation
Nursing informatic'spresentation
queeniejoy
 
Running Head THE HEALTH INFORMATION EXCHANGE (HIE) IN U.S 1.docx
Running Head THE HEALTH INFORMATION EXCHANGE (HIE) IN U.S 1.docxRunning Head THE HEALTH INFORMATION EXCHANGE (HIE) IN U.S 1.docx
Running Head THE HEALTH INFORMATION EXCHANGE (HIE) IN U.S 1.docx
todd521
 
Misadventures in Interoperability
Misadventures in InteroperabilityMisadventures in Interoperability
Misadventures in Interoperability
Cedric Dark
 
Hitech Act
Hitech ActHitech Act
Hitech Act
ISACA New England
 
Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"
Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"
Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"
The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics
 
ELECTRONIC HEALTH RECORD SYSTEMS:
ELECTRONIC HEALTH RECORD SYSTEMS:ELECTRONIC HEALTH RECORD SYSTEMS:
ELECTRONIC HEALTH RECORD SYSTEMS:
Mirasolmanginyog
 
The Medical Advantage, Inc. - EMR & Meaningful Use
The Medical Advantage, Inc. - EMR & Meaningful UseThe Medical Advantage, Inc. - EMR & Meaningful Use
The Medical Advantage, Inc. - EMR & Meaningful Use
Walz Group, LLC.
 
The Fundamentals ofHIT
The Fundamentals ofHITThe Fundamentals ofHIT
The Fundamentals ofHIT
slvhit
 
21st Century Act and its Impact on Healthcare IT
21st Century Act and its Impact on Healthcare IT21st Century Act and its Impact on Healthcare IT
21st Century Act and its Impact on Healthcare IT
CitiusTech
 
Ph rs v3
Ph rs   v3Ph rs   v3
Ph rs v3
Melvin Young
 
Health information management system by dr. protik.pptx
Health information management system by dr. protik.pptxHealth information management system by dr. protik.pptx
Health information management system by dr. protik.pptx
Protik Banik
 
Chapter 6 Health Information ExchangeRobert Hoyt MDWilliam .docx
Chapter 6 Health Information ExchangeRobert Hoyt MDWilliam .docxChapter 6 Health Information ExchangeRobert Hoyt MDWilliam .docx
Chapter 6 Health Information ExchangeRobert Hoyt MDWilliam .docx
robertad6
 
Course Point account for the nursing.pdf
Course Point account for the nursing.pdfCourse Point account for the nursing.pdf
Course Point account for the nursing.pdf
sdfghj21
 

Similar to Case Study “HIE Consumer & Stakeholder Engagement: Privacy and Security of Patient Data” (20)

Health Informatics- Module 3-Chapter 1.pptx
Health Informatics- Module 3-Chapter 1.pptxHealth Informatics- Module 3-Chapter 1.pptx
Health Informatics- Module 3-Chapter 1.pptx
 
An Electronic Health Record ( Ehr )
An Electronic Health Record ( Ehr )An Electronic Health Record ( Ehr )
An Electronic Health Record ( Ehr )
 
A12_Beyond_HIPAA_PPT1
A12_Beyond_HIPAA_PPT1A12_Beyond_HIPAA_PPT1
A12_Beyond_HIPAA_PPT1
 
3.A Basic Overview of Health Information Exchange.pdf
3.A Basic Overview of Health Information Exchange.pdf3.A Basic Overview of Health Information Exchange.pdf
3.A Basic Overview of Health Information Exchange.pdf
 
1)Health data is sensitive and confidential; hence, it should .docx
1)Health data is sensitive and confidential; hence, it should .docx1)Health data is sensitive and confidential; hence, it should .docx
1)Health data is sensitive and confidential; hence, it should .docx
 
Me hi hie-landscape-webinar-2014-june
Me hi hie-landscape-webinar-2014-juneMe hi hie-landscape-webinar-2014-june
Me hi hie-landscape-webinar-2014-june
 
Pg2 Beginning in 1991, the IOM (which stands for the Institute o.docx
Pg2   Beginning in 1991, the IOM (which stands for the Institute o.docxPg2   Beginning in 1991, the IOM (which stands for the Institute o.docx
Pg2 Beginning in 1991, the IOM (which stands for the Institute o.docx
 
Nursing informatic'spresentation
Nursing informatic'spresentationNursing informatic'spresentation
Nursing informatic'spresentation
 
Running Head THE HEALTH INFORMATION EXCHANGE (HIE) IN U.S 1.docx
Running Head THE HEALTH INFORMATION EXCHANGE (HIE) IN U.S 1.docxRunning Head THE HEALTH INFORMATION EXCHANGE (HIE) IN U.S 1.docx
Running Head THE HEALTH INFORMATION EXCHANGE (HIE) IN U.S 1.docx
 
Misadventures in Interoperability
Misadventures in InteroperabilityMisadventures in Interoperability
Misadventures in Interoperability
 
Hitech Act
Hitech ActHitech Act
Hitech Act
 
Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"
Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"
Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"
 
ELECTRONIC HEALTH RECORD SYSTEMS:
ELECTRONIC HEALTH RECORD SYSTEMS:ELECTRONIC HEALTH RECORD SYSTEMS:
ELECTRONIC HEALTH RECORD SYSTEMS:
 
The Medical Advantage, Inc. - EMR & Meaningful Use
The Medical Advantage, Inc. - EMR & Meaningful UseThe Medical Advantage, Inc. - EMR & Meaningful Use
The Medical Advantage, Inc. - EMR & Meaningful Use
 
The Fundamentals ofHIT
The Fundamentals ofHITThe Fundamentals ofHIT
The Fundamentals ofHIT
 
21st Century Act and its Impact on Healthcare IT
21st Century Act and its Impact on Healthcare IT21st Century Act and its Impact on Healthcare IT
21st Century Act and its Impact on Healthcare IT
 
Ph rs v3
Ph rs   v3Ph rs   v3
Ph rs v3
 
Health information management system by dr. protik.pptx
Health information management system by dr. protik.pptxHealth information management system by dr. protik.pptx
Health information management system by dr. protik.pptx
 
Chapter 6 Health Information ExchangeRobert Hoyt MDWilliam .docx
Chapter 6 Health Information ExchangeRobert Hoyt MDWilliam .docxChapter 6 Health Information ExchangeRobert Hoyt MDWilliam .docx
Chapter 6 Health Information ExchangeRobert Hoyt MDWilliam .docx
 
Course Point account for the nursing.pdf
Course Point account for the nursing.pdfCourse Point account for the nursing.pdf
Course Point account for the nursing.pdf
 

More from Health IT Conference – iHT2

2016 iHT2 Miami Health IT Summit
2016 iHT2 Miami Health IT Summit2016 iHT2 Miami Health IT Summit
2016 iHT2 Miami Health IT Summit
Health IT Conference – iHT2
 
2016 iHT2 Miami Health IT Summit
2016 iHT2 Miami Health IT Summit2016 iHT2 Miami Health IT Summit
2016 iHT2 Miami Health IT Summit
Health IT Conference – iHT2
 
2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit
Health IT Conference – iHT2
 
2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit
Health IT Conference – iHT2
 
2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit
Health IT Conference – iHT2
 
2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit
Health IT Conference – iHT2
 
2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit
Health IT Conference – iHT2
 
2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit
Health IT Conference – iHT2
 
2015 Houston CHIME Lead Forum
2015 Houston CHIME Lead Forum2015 Houston CHIME Lead Forum
2015 Houston CHIME Lead Forum
Health IT Conference – iHT2
 
2015 Houston CHIME Lead Forum
2015 Houston CHIME Lead Forum2015 Houston CHIME Lead Forum
2015 Houston CHIME Lead Forum
Health IT Conference – iHT2
 
2015 Houston CHIME Lead Forum
2015 Houston CHIME Lead Forum2015 Houston CHIME Lead Forum
2015 Houston CHIME Lead Forum
Health IT Conference – iHT2
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
Health IT Conference – iHT2
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
Health IT Conference – iHT2
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
Health IT Conference – iHT2
 
2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit
Health IT Conference – iHT2
 
2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit
Health IT Conference – iHT2
 
2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit
Health IT Conference – iHT2
 
2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit
Health IT Conference – iHT2
 
2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit 2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit
Health IT Conference – iHT2
 
iHT2 Health IT Beverly Hills Summit - 2015
iHT2 Health IT Beverly Hills Summit - 2015iHT2 Health IT Beverly Hills Summit - 2015
iHT2 Health IT Beverly Hills Summit - 2015
Health IT Conference – iHT2
 

More from Health IT Conference – iHT2 (20)

2016 iHT2 Miami Health IT Summit
2016 iHT2 Miami Health IT Summit2016 iHT2 Miami Health IT Summit
2016 iHT2 Miami Health IT Summit
 
2016 iHT2 Miami Health IT Summit
2016 iHT2 Miami Health IT Summit2016 iHT2 Miami Health IT Summit
2016 iHT2 Miami Health IT Summit
 
2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit
 
2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit
 
2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit
 
2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit
 
2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit
 
2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit
 
2015 Houston CHIME Lead Forum
2015 Houston CHIME Lead Forum2015 Houston CHIME Lead Forum
2015 Houston CHIME Lead Forum
 
2015 Houston CHIME Lead Forum
2015 Houston CHIME Lead Forum2015 Houston CHIME Lead Forum
2015 Houston CHIME Lead Forum
 
2015 Houston CHIME Lead Forum
2015 Houston CHIME Lead Forum2015 Houston CHIME Lead Forum
2015 Houston CHIME Lead Forum
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 
2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit
 
2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit
 
2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit
 
2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit
 
2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit 2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit
 
iHT2 Health IT Beverly Hills Summit - 2015
iHT2 Health IT Beverly Hills Summit - 2015iHT2 Health IT Beverly Hills Summit - 2015
iHT2 Health IT Beverly Hills Summit - 2015
 

Recently uploaded

(T.L.E.) Agriculture: Essentials of Gardening
(T.L.E.) Agriculture: Essentials of Gardening(T.L.E.) Agriculture: Essentials of Gardening
(T.L.E.) Agriculture: Essentials of Gardening
MJDuyan
 
BRIGADA ESKWELA OPENING PROGRAM KICK OFF.pptx
BRIGADA ESKWELA OPENING PROGRAM KICK OFF.pptxBRIGADA ESKWELA OPENING PROGRAM KICK OFF.pptx
BRIGADA ESKWELA OPENING PROGRAM KICK OFF.pptx
kambal1234567890
 
C# Interview Questions PDF By ScholarHat.pdf
C# Interview Questions PDF By ScholarHat.pdfC# Interview Questions PDF By ScholarHat.pdf
C# Interview Questions PDF By ScholarHat.pdf
Scholarhat
 
RDBMS Lecture Notes Unit4 chapter12 VIEW
RDBMS Lecture Notes Unit4 chapter12 VIEWRDBMS Lecture Notes Unit4 chapter12 VIEW
RDBMS Lecture Notes Unit4 chapter12 VIEW
Murugan Solaiyappan
 
How to Manage Large Scrollbar in Odoo 17 POS
How to Manage Large Scrollbar in Odoo 17 POSHow to Manage Large Scrollbar in Odoo 17 POS
How to Manage Large Scrollbar in Odoo 17 POS
Celine George
 
How to Add a Filter in the Odoo 17 - Odoo 17 Slides
How to Add a Filter in the Odoo 17 - Odoo 17 SlidesHow to Add a Filter in the Odoo 17 - Odoo 17 Slides
How to Add a Filter in the Odoo 17 - Odoo 17 Slides
Celine George
 
Independence Day Quiz 2K17 - School India Quiz
Independence Day Quiz 2K17 - School India QuizIndependence Day Quiz 2K17 - School India Quiz
Independence Day Quiz 2K17 - School India Quiz
Kashyap J
 
formative Evaluation By Dr.Kshirsagar R.V
formative Evaluation By Dr.Kshirsagar R.Vformative Evaluation By Dr.Kshirsagar R.V
formative Evaluation By Dr.Kshirsagar R.V
DrRavindrakshirsagar1
 
Lecture_Notes_Unit4_Chapter_8_9_10_RDBMS for the students affiliated by alaga...
Lecture_Notes_Unit4_Chapter_8_9_10_RDBMS for the students affiliated by alaga...Lecture_Notes_Unit4_Chapter_8_9_10_RDBMS for the students affiliated by alaga...
Lecture_Notes_Unit4_Chapter_8_9_10_RDBMS for the students affiliated by alaga...
Murugan Solaiyappan
 
Individual Performance Commitment Review Form-Developmental Plan.docx
Individual Performance Commitment Review Form-Developmental Plan.docxIndividual Performance Commitment Review Form-Developmental Plan.docx
Individual Performance Commitment Review Form-Developmental Plan.docx
monicaaringo1
 
New Features in Odoo 17 Sign - Odoo 17 Slides
New Features in Odoo 17 Sign - Odoo 17 SlidesNew Features in Odoo 17 Sign - Odoo 17 Slides
New Features in Odoo 17 Sign - Odoo 17 Slides
Celine George
 
The Cruelty of Animal Testing in the Industry.pdf
The Cruelty of Animal Testing in the Industry.pdfThe Cruelty of Animal Testing in the Industry.pdf
The Cruelty of Animal Testing in the Industry.pdf
luzmilaglez334
 
"DANH SÁCH THÍ SINH XÉT TUYỂN SỚM ĐỦ ĐIỀU KIỆN TRÚNG TUYỂN ĐẠI HỌC CHÍNH QUY ...
"DANH SÁCH THÍ SINH XÉT TUYỂN SỚM ĐỦ ĐIỀU KIỆN TRÚNG TUYỂN ĐẠI HỌC CHÍNH QUY ..."DANH SÁCH THÍ SINH XÉT TUYỂN SỚM ĐỦ ĐIỀU KIỆN TRÚNG TUYỂN ĐẠI HỌC CHÍNH QUY ...
"DANH SÁCH THÍ SINH XÉT TUYỂN SỚM ĐỦ ĐIỀU KIỆN TRÚNG TUYỂN ĐẠI HỌC CHÍNH QUY ...
thanhluan21
 
matatag curriculum education for Kindergarten
matatag curriculum education for Kindergartenmatatag curriculum education for Kindergarten
matatag curriculum education for Kindergarten
SarahAlie1
 
H. A. Roberts: VITAL FORCE - Dr. Niranjan Bapat
H. A. Roberts: VITAL FORCE - Dr. Niranjan BapatH. A. Roberts: VITAL FORCE - Dr. Niranjan Bapat
H. A. Roberts: VITAL FORCE - Dr. Niranjan Bapat
Niranjan Bapat
 
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH LỚP 12 - GLOBAL SUCCESS - FORM MỚI 2025 - ...
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH LỚP 12 - GLOBAL SUCCESS - FORM MỚI 2025 - ...BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH LỚP 12 - GLOBAL SUCCESS - FORM MỚI 2025 - ...
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH LỚP 12 - GLOBAL SUCCESS - FORM MỚI 2025 - ...
Nguyen Thanh Tu Collection
 
How To Update One2many Field From OnChange of Field in Odoo 17
How To Update One2many Field From OnChange of Field in Odoo 17How To Update One2many Field From OnChange of Field in Odoo 17
How To Update One2many Field From OnChange of Field in Odoo 17
Celine George
 
modul ajar kelas x bahasa inggris 2024-2025
modul ajar kelas x bahasa inggris 2024-2025modul ajar kelas x bahasa inggris 2024-2025
modul ajar kelas x bahasa inggris 2024-2025
NurFitriah45
 
Bedok NEWater Photostory - COM322 Assessment (Story 2)
Bedok NEWater Photostory - COM322 Assessment (Story 2)Bedok NEWater Photostory - COM322 Assessment (Story 2)
Bedok NEWater Photostory - COM322 Assessment (Story 2)
Liyana Rozaini
 
CTD Punjab Police Past Papers MCQs PPSC PDF
CTD Punjab Police Past Papers MCQs PPSC PDFCTD Punjab Police Past Papers MCQs PPSC PDF
CTD Punjab Police Past Papers MCQs PPSC PDF
hammadmughal76316
 

Recently uploaded (20)

(T.L.E.) Agriculture: Essentials of Gardening
(T.L.E.) Agriculture: Essentials of Gardening(T.L.E.) Agriculture: Essentials of Gardening
(T.L.E.) Agriculture: Essentials of Gardening
 
BRIGADA ESKWELA OPENING PROGRAM KICK OFF.pptx
BRIGADA ESKWELA OPENING PROGRAM KICK OFF.pptxBRIGADA ESKWELA OPENING PROGRAM KICK OFF.pptx
BRIGADA ESKWELA OPENING PROGRAM KICK OFF.pptx
 
C# Interview Questions PDF By ScholarHat.pdf
C# Interview Questions PDF By ScholarHat.pdfC# Interview Questions PDF By ScholarHat.pdf
C# Interview Questions PDF By ScholarHat.pdf
 
RDBMS Lecture Notes Unit4 chapter12 VIEW
RDBMS Lecture Notes Unit4 chapter12 VIEWRDBMS Lecture Notes Unit4 chapter12 VIEW
RDBMS Lecture Notes Unit4 chapter12 VIEW
 
How to Manage Large Scrollbar in Odoo 17 POS
How to Manage Large Scrollbar in Odoo 17 POSHow to Manage Large Scrollbar in Odoo 17 POS
How to Manage Large Scrollbar in Odoo 17 POS
 
How to Add a Filter in the Odoo 17 - Odoo 17 Slides
How to Add a Filter in the Odoo 17 - Odoo 17 SlidesHow to Add a Filter in the Odoo 17 - Odoo 17 Slides
How to Add a Filter in the Odoo 17 - Odoo 17 Slides
 
Independence Day Quiz 2K17 - School India Quiz
Independence Day Quiz 2K17 - School India QuizIndependence Day Quiz 2K17 - School India Quiz
Independence Day Quiz 2K17 - School India Quiz
 
formative Evaluation By Dr.Kshirsagar R.V
formative Evaluation By Dr.Kshirsagar R.Vformative Evaluation By Dr.Kshirsagar R.V
formative Evaluation By Dr.Kshirsagar R.V
 
Lecture_Notes_Unit4_Chapter_8_9_10_RDBMS for the students affiliated by alaga...
Lecture_Notes_Unit4_Chapter_8_9_10_RDBMS for the students affiliated by alaga...Lecture_Notes_Unit4_Chapter_8_9_10_RDBMS for the students affiliated by alaga...
Lecture_Notes_Unit4_Chapter_8_9_10_RDBMS for the students affiliated by alaga...
 
Individual Performance Commitment Review Form-Developmental Plan.docx
Individual Performance Commitment Review Form-Developmental Plan.docxIndividual Performance Commitment Review Form-Developmental Plan.docx
Individual Performance Commitment Review Form-Developmental Plan.docx
 
New Features in Odoo 17 Sign - Odoo 17 Slides
New Features in Odoo 17 Sign - Odoo 17 SlidesNew Features in Odoo 17 Sign - Odoo 17 Slides
New Features in Odoo 17 Sign - Odoo 17 Slides
 
The Cruelty of Animal Testing in the Industry.pdf
The Cruelty of Animal Testing in the Industry.pdfThe Cruelty of Animal Testing in the Industry.pdf
The Cruelty of Animal Testing in the Industry.pdf
 
"DANH SÁCH THÍ SINH XÉT TUYỂN SỚM ĐỦ ĐIỀU KIỆN TRÚNG TUYỂN ĐẠI HỌC CHÍNH QUY ...
"DANH SÁCH THÍ SINH XÉT TUYỂN SỚM ĐỦ ĐIỀU KIỆN TRÚNG TUYỂN ĐẠI HỌC CHÍNH QUY ..."DANH SÁCH THÍ SINH XÉT TUYỂN SỚM ĐỦ ĐIỀU KIỆN TRÚNG TUYỂN ĐẠI HỌC CHÍNH QUY ...
"DANH SÁCH THÍ SINH XÉT TUYỂN SỚM ĐỦ ĐIỀU KIỆN TRÚNG TUYỂN ĐẠI HỌC CHÍNH QUY ...
 
matatag curriculum education for Kindergarten
matatag curriculum education for Kindergartenmatatag curriculum education for Kindergarten
matatag curriculum education for Kindergarten
 
H. A. Roberts: VITAL FORCE - Dr. Niranjan Bapat
H. A. Roberts: VITAL FORCE - Dr. Niranjan BapatH. A. Roberts: VITAL FORCE - Dr. Niranjan Bapat
H. A. Roberts: VITAL FORCE - Dr. Niranjan Bapat
 
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH LỚP 12 - GLOBAL SUCCESS - FORM MỚI 2025 - ...
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH LỚP 12 - GLOBAL SUCCESS - FORM MỚI 2025 - ...BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH LỚP 12 - GLOBAL SUCCESS - FORM MỚI 2025 - ...
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH LỚP 12 - GLOBAL SUCCESS - FORM MỚI 2025 - ...
 
How To Update One2many Field From OnChange of Field in Odoo 17
How To Update One2many Field From OnChange of Field in Odoo 17How To Update One2many Field From OnChange of Field in Odoo 17
How To Update One2many Field From OnChange of Field in Odoo 17
 
modul ajar kelas x bahasa inggris 2024-2025
modul ajar kelas x bahasa inggris 2024-2025modul ajar kelas x bahasa inggris 2024-2025
modul ajar kelas x bahasa inggris 2024-2025
 
Bedok NEWater Photostory - COM322 Assessment (Story 2)
Bedok NEWater Photostory - COM322 Assessment (Story 2)Bedok NEWater Photostory - COM322 Assessment (Story 2)
Bedok NEWater Photostory - COM322 Assessment (Story 2)
 
CTD Punjab Police Past Papers MCQs PPSC PDF
CTD Punjab Police Past Papers MCQs PPSC PDFCTD Punjab Police Past Papers MCQs PPSC PDF
CTD Punjab Police Past Papers MCQs PPSC PDF
 

Case Study “HIE Consumer & Stakeholder Engagement: Privacy and Security of Patient Data”

  • 1. Maggie Gunter, PhD President, LCF Research iHT2 Health IT Summit January 18, 2012 Phoenix, Arizona
  • 2. New Mexico Health Information Collaborative ◦ Key Accomplishments/Current Status  Privacy and Security Issues Encountered ◦ Federal vs. State Privacy Laws ◦ The Patient Consent Model ◦ Engaging and educating consumers and stakeholders about privacy ◦ What about interstate health information exchange? ◦ Security—how to protect patient data ◦ What about other HIE uses than treatment? ◦ Lessons learned and future privacy policy 2
  • 3. Created by LCF Research in 2004 to establish a health information exchange  AHRQ funding with community matching funds  LCF Research ◦ non-profit applied health research and innovation institute created in 1990 ◦ Key interest in designing, implementing, and evaluating interventions to improve health care ◦ History of innovation in provider-based disease mgt.  Impetus to HIT Involvement ◦ Major barrier to health care improvement/cost reduction ◦ Lack of use and exchange of electronic medical records ◦ Hence, LCF’s interest in creating the health information exchange (HIE) 3
  • 4. Clinician Requests Access to Patient Records with Patient Consent EHR Gateway State Public Health Depts. Hospital Locates the Patient’s Records Patient NMHIC Clinician Office HIE Network Gathers & Lab Assembles the Patient’s Records Clinician Emergency Room Nationwide Health Information Network (NwHIN) 4
  • 5. Funding ◦ primarily federal (AHRQ, ONC, SSA) ◦ some state and community match in development phase  State-designated entity for HIE and lead agency for HIT Regional Extension Center  Current funding ◦ State HIE (ONC) ◦ NM Regional Extension Center (ONC) ◦ Soc. Sec. Admin. Disability Claims submission using HIE  Sustainability Task Force ◦ 2011-2012-federal requirement-community match ◦ Funding framework for 2013-2014 and after federal funding ends 5
  • 6. $15 million funding invested to date (more funding awarded through 2014)  One of 9 HIEs awarded ONC NwHIN Trial Implementation Contract (2007-2010)  Designated by State of NM to lead the Health Information Security and Privacy Collaborative (2006-2009) ◦ Initiated legislation to update state privacy laws and enact NM Electronic Medical Record Act 2009  Designated by Governor as NM’s Statewide HIE Network— May, 2009  First state to have its HIE plan approved by ONC  Recognized by ONC as a national leader in public health reporting using the HIE  Awarded NM HIT Regional Extension Ctr.-2010 6
  • 7. Statewide health information exchange  Established broadly representative statewide Board-2010  Data suppliers: all major Albuquerque area health systems and hospitals, all the large medical groups, 2 largest testing labs (70% of state’s population), a number of rural hospitals (total participating hospitals:15)  1.3 million unique patients in the Master Patient Index (NM pop.—2 million)  Live public health reporting to NM DOH (mandated lab results, ED syndromic surveillance, immunizations)  Live clinical use underway—large cancer center  ED clinical use in 2 major hospitals in early 2012  Statewide HIE use by 2014 7
  • 8. Innovation is exciting but “messy” ◦ NOT a linear process  Building an HIE network requires “persistence beyond all reason” (to quote a participant)  The Big HIE Challenges ◦ Community Engagement  Sharing data across competing organizations was new and threatening  Early years—HIE had great promise, but was new concept, so limited hard evidence of impact on cost/quality ◦ Adequate funding for development ◦ Short and long-term sustainability ◦ PRIVACY AND SECURITY! 8
  • 9. Much more difficult than anticipated, even though team had much privacy experience  HIPAA standards were not sufficient  Much complexity beyond HIPAA (more restrictive state laws in NM and other states)  HITECH privacy regs. (“HIPAA on steroids”)  What do the laws say—but also how do community stakeholders feel about privacy?  What model of consent will be compatible with both legal and community standards/concerns?  How to best engage community in addressing privacy challenges? 9
  • 10. Tricky to balance important HIE benefits to patients vs. patients’ right to privacy and control of disclosures  Providers concerned about liability  Patients want a system to “filter” their data (share only certain data or only with certain providers)  Technical barriers to such filtering  Clinical barriers to filtering (“illusion of completeness”)  What about use of HIE data for non-treatment purposes (e.g., public health reporting, quality reporting, research, health plan use)? 10
  • 11. Researched NM state laws and health data laws in other states  Found NM laws outdated, oriented to paper records, and did not address HIE disclosure  NM laws stricter than HIPAA ◦ Written patient consent required for disclosure of sensitive conditions, even for treatment (e.g. AIDs, behavioral health, substance abuse, genetic tests)  Impediment to sharing of data between HIEs across state lines if state laws differ (despite the national DURSA agreement developed to facilitate such exchange) 11
  • 12. Identified stakeholders with different frames of reference to help draft privacy legislation ◦ Attorneys, compliance officers, consumer advocacy groups, providers, hospitals, public health entities, legislators, HIE advocates  Iterative and political process requiring two years  Provider concerns about sharing data with competitors and liability if data incorrect or unavailable due to opting out  Consumer concerns about inadvertent disclosure of sensitive information and desire to decide which data should be shared  Issue of all data being shared with the HIE, but only disclosed by HIE to providers with patient consent  What security measures would ease consumer fears 12
  • 13. Recognizes electronic patient records as legal  Allows disclosure to HIE for development and operations  Requires written patient consent for sensitive information disclosure ◦ Except for “break the glass” override in medical emergencies  Requires HIE to maintain an audit log of access  HIE must provide an opt-out capability  Provides liability protection for HIE and provider if patient chooses to opt out 13
  • 14. A hybrid model  Patients have three consent options 1) Provide written consent for HIE to disclose data to providers for treatment purposes (all data or no data— no filtering capability) 2) No written consent to disclose data (exception only in medical emergencies—”break the glass”) 3) Opt-out—no data shared by the HIE with anyone, even in a medical emergency  No technical ability to “filter out” sensitive information, so patient consent is “all or nothing” today 14
  • 15. Data security very important to both patients and providers, given publicized breaches  User authorization and authentication  Encryption of data “in motion and at rest”  System includes detailed audit log documentation  Patient review of audit logs (upon request) 15
  • 16. Cumbersome consent process can undermine HIE use and benefits—still working on this one  How to obtain consent quickly in emergency department setting for non-emergent patients  What about use of and access to HIE for purposes other than treatment? ◦ Health plan access ◦ Public health reporting ◦ Quality reporting ◦ Public reporting to guide consumer choice ◦ Research  NM has created two important community task forces, one for non-treatment access and another for sustainability 16
  • 17. Broad representation on decision making Board for HIE is essential  Communication plan is critical for patients, providers, and other community stakeholders ◦ Must educate all groups ◦ Must emphasize HIE benefits and security protections as well as patient right to consent/opt out  Must understand that “what is legal and what is wise” are often two different things  Public trust is critical—so stakeholder engagement and ownership is essential 17
  • 18. Privacy and security will continue to be hard, time-consuming issues for the foreseeable future—shortcuts won’t work. Often must ”go slow to go fast”  Be sure to understand your state’s health data laws, the local culture concerning privacy, and attitudes of influential stakeholders  Community “ownership” of the HIE is essential, as is community trust  Be willing to invest the time and expertise needed to communicate carefully and extensively with providers and consumers  Public trust is a fragile thing but essential to an HIE’s success and sustainability  A major factor is trust in the privacy and security of the HIE network and its leaders 18
  • 19. Contact Information Maggie Gunter, PhD President, LCF Research 2309 Renard Place SE, Suite 103 Albuquerque, NM 87106 Maggie@LCFresearch.org 505-938-9900 19