Thursday, April 1, 2010

April 1, 2010 Privacy & Security Standards Workgroup

The Privacy & Security Standards Workgroup of the HIT Standards Committee met on April 1, 2010. The workgroup is tasked with making recommendations to the HIT Standards Committee on specific privacy and security safeguards that should be included in the definition of Meaningful Use, with a specific focus on the eight (8) areas listed in Section 3002(b)(2)(B):

(1) Technologies that protect the privacy of health information and promote security in a qualified electronic health record, including for the segmentation and protection from disclosure of specific and sensitive individually identifiable health information with the goal of minimizing the reluctance of patients to seek care (or disclose information about a condition) because of privacy concerns, in accordance with applicable law, and for the use and disclosure of limited data sets of such information;

(2) A nationwide health information technology infrastructure that allows for the electronic use and accurate exchange of health information;

(3) The utilization of a certified electronic health record for each person in the United States by 2014;

(4) Technologies that as a part of a qualified electronic health record allow for an accounting of disclosures made by a covered entity (as defined for purposes of regulations promulgated under section 264(c) of the Health Insurance Portability and Accountability Act of 1996) for purposes of treatment, payment, and health care operations (as such terms are defined for purposes of such regulations);

(5) The use of certified electronic health records to improve the quality of health care, such as by promoting the coordination of health care and improving continuity of health care among health care providers, by reducing medical errors, by improving population health, by reducing health disparities, by reducing chronic disease, and by advancing research and education;

(6) Technologies that allow individually identifiable health information to be rendered unusable, unreadable, or indecipherable to unauthorized individuals when such information is transmitted in the nationwide health information network or physically transported outside of the secured, physical perimeter of a health care provider, health plan, or health care clearinghouse;

(7) The use of electronic systems to ensure the comprehensive collection of patient demographic data, including, at a minimum, race, ethnicity, primary language, and gender information; and

(8) Technologies that address the needs of children and other vulnerable populations.

Below are the slides from a presentation by the International Security Trust and Privacy Alliance (ISTPA)during the meeting.