A state-based approach to privacy and security for interoperable health information exchange

Health Affairs

Volumn 28, Issue 2, 2009, Pages 428-434

  Dimitropoulos, Linda ^a   Rizk, Stephanie ^a  

^a RTI International's Survey Research Division   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ARTICLE; COORDINATION; ELECTRONIC DATA INTERCHANGE; GOVERNMENT; HEALTH CARE POLICY; INFORMED CONSENT; MEDICAL INFORMATION; ORGANIZATION AND MANAGEMENT; PRIVACY; TRUST; UNITED STATES;

EFFICIENCY, ORGANIZATIONAL; HEALTH RECORDS, PERSONAL; HUMANS; PROCESS ASSESSMENT (HEALTH CARE);

EID: 66149190569     PISSN: 02782715     EISSN: 15445208     Source Type: Journal    
DOI: 10.1377/hlthaff.28.2.428     Document Type: Article

References (12)

1. Office of the National Coordinator for Health Information Technology, Summary of Nationwide Health Information Network (NHIN) Request for Information (RFI) Responses, June 2005, http://www.hhs.gov/healthit/rfisummaryreport.pdf (accessed 19 December 2008).
2. The governor in each jurisdiction designated a single organization to represent the state or territory in the project. In turn, each designated organization enlisted a broad range of stakeholder organizations. Stakeholder organizations were defined as entities that collect, store, or exchange health information, including clinicians, physician groups and other providers, federal health facilities (such as the Department of Defense, Indian Health Service, and Department of Veterans Affairs), hospitals, payers, public health agencies, community clinics and health centers, laboratories, pharmacies, long-term care facilities and nursing homes, home care and hospice, correctional facilities, professional associations and societies, medical and public health schools that undertake research, quality improvement organizations, consumers or consumer organizations, and state government (Medicaid, public health departments, and so forth). See L.L. Dimitropoulos, Privacy and Security Solutions for Interoperable Health Information Exchange: Assessment of Variation and Analysis of Solutions, Pub. no. 07-0080-1-EF, June 2007, http://healthit.ahrq.gov/portal/ server.pt/gateway/PTARGS-0-1248-661882-0-0-18/AVAS.pdf (accessed 23 December 2008).
3. L.L. Dimitropoulos, Privacy and Security Solutions for Interoperable Health Information Exchange: Assessment of Variation and Analysis of Solutions, 2007, http://healthit.ahrq.gov/portal/server.pt/gateway/PTARGS-0-1248-661882-0- 0-18/AVAS.pdf Ibid.
4. West Virginia Medical Institute, "Privacy and Security Solutions Interim Assessment of Variation from West Virginia," December 2007, http://www.wvhima.org/HISPC-PrivacyandSecurity012007.doc (accessed 29 December 2008).
5. See 45 C.F.R., sec. 164.506, which covers consent for uses or disclosures to carry out treatment, payment, or operation; and 45 C.F.R., sec. 164.508, which covers uses and disclosures for which an authorization is required. U.S. Department of Health and Human Services, Office for Civil Rights-HIPAA, "Medical Privacy-National Standards to Protect the Privacy of Personal Health Information," 16 May 2006, http://www.hhs.gov/ocr/hipaa/finalreg. html (accessed 29 December 2008).
6. For the final rule adopting the HIPAA standards for the security of electronic health information, see Federal Register 68, no. 34 (20 February 2003). http://www.cms.hhs.gov/SecurityStandard/Downloads/ securityfinalrule.pdf (accessed 29 December 2008).
7. For the Proposed Rule, see Federal Register 63, no. 155 (12 August 1998), http://www.cms.hhs.gov/SecurityStandard/Downloads/securityproposedrule.pdf (accessed 29 December 2008).
8. L. Fernandez and M. O'Connor, "The Future of Patient Identification," Journal of AHIMA 77, no. 1 (2006): 36-40, http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1-029033.hcsp? dDocName= bok1-029033 (accessed 29 December 2008).
9. See 45 CFR 160(b), for the section of the rule describing federal preemption of state privacy law. Federal Register 65, no. 250 (28 December 2000), http://www.hhs.gov/ocr/part1.pdf (accessed 29December 2008).
10. For a description of these models, see the online Supplement at http://content.healthaffairs.org/cgi/content/full/28/2/428/DC1.
11. http://content.healthaffairs.org/cgi/content/full/28/2/428/DC1 Ibid., for details about the organizations participating in the development of these tools.
12. L.L. Dimitropoulos, Privacy and Security Solutions for Interoperable Health Information Exchange: Impact Analysis, 20 December 2007, http://healthit.ahrq.gov/portal/server.pt/gateway/PTARGS-0-1248-815829-0-0-18/ PrivacyandSecuritySolutionsProject-ImpactAnalysis.pdf (accessed 23 December 2008). This report provides a detailed discussion of the impacts of Phases 1 and 2 of the Privacy and Security Solutions project, including state legislative activity.