HIPAA News

HHS Releases New Reports on Privacy and Security Solutions for Interoperable Health Information

(Aug 01, 2007)-- HHS' Agency for Healthcare Research and Quality released a set of reports titled Privacy and Security Solutions for Interoperable Health Information Exchange. The reports review 34 state Health Information Exchange plans and identify the challenges and feasible solutions for ensuring the safety and security of electronic health information exchange.

This work was funded under a contract with AHRQ, the Office of the National Coordinator for Health Information Technology and RTI International. All states followed a standard core methodology, but each was provided an opportunity to tailor the process to meet their needs. As a result, states varied on several key dimensions, including degree of adoption of electronic health information exchange, health care market forces in the state, legal and regulatory conditions related to health information, demographic composition of the state, and financial status of the state.

"These reports address one of the greatest concerns that Americans have about health information technology: Will their personal data be safe?" said AHRQ Director Carolyn M. Clancy, M.D. "This work presents information on how to develop privacy and security solutions that allow for the exchange of information safely and securely."

"Work at the state and local levels is integral to our success. The number of stakeholders involved in this initiative demonstrates the magnitude of this work," said Robert Kolodner, M.D., National Coordinator for Health Information Technology. "The report findings and recommendations will provide ongoing guidance for local, state and federal governments as we move toward greater interoperability."

Some of the key findings point to the need for additional research and guidance on:

-- Identifying different interpretations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule among states and increasing awareness among stakeholders;

-- Addressing variations regarding the potential intersections between federal/state privacy laws;

-- Evaluating the technologies available to protect security and privacy of individuals as well as the associated administrative processes and liabilities;

-- Developing a system that accurately and consistently matches individual patients with their health record information -- one that is created and updated by various health care providers/organizations; and,

-- Developing a standard set of definitions and terms to facilitate sharing of health information. For example, terms such as medical emergency, current treatment, related entity, and minimum necessary do not have agreed-upon definitions and may increase variation as organizations attempt to meet compliance.

Share or bookmarklet this web page at: