Date post: | 19-Dec-2015 |
Category: |
Documents |
View: | 214 times |
Download: | 0 times |
1
HIT Standards CommitteeHIT Standards Committee
Privacy and Security Workgroup: Privacy and Security Workgroup: RecommendationsRecommendations
Dixie Baker, SAIC
Steven Findlay, Consumers Union
July 21, 2009
2
Most Americans Rate the Healthcare System Fair or Poor
How would you rate the health care system in America today? (2009 n=1,000)
Source: Employee Benefit Research Institute and Mathew Greenwald & Associates,2008-2009 Health Confidence Survey
3
Consumers Have Little Confidence that Electronic Health Records Will Remain Confidential
If medical records and personal health information were to be stored electronically and shared through the Internet, how confident are you that those records and information would remain confidential? (2009 n=1,000)
Source: Employee Benefit Research Institute and Mathew Greenwald & Associates,2008-2009 Health Confidence Survey
4
ARRA Addresses These Concerns by Stimulating Adoption of Health Information Technology (HIT)
• Current paper- and fax-based system is inefficient and costly, and perpetuates medical practice as a “cottage industry” moving to electronic records and exchanges will reduce inefficiencies and cost, while improving patient safety and care quality
• Recording and exchanging health information electronically will improve the quality of care, and reduce costs, by:– Reducing reliance on physicians’ (oft-illegible) handwritten and faxed
prescriptions and notes – Making health information available whenever and wherever it is
needed– Facilitating the measurement of outcomes and comparison of
effectiveness– Streamlining medical research– Facilitating the detection of potential health threats to the public
5
But There’s a Caveat…
• Use of computers and networks introduces new risks to personal privacy
• As providers become more dependent on EHRs, the potential impacts of data corruption and service interruption will increase
• Privacy and security mechanisms are designed to help protect personal privacy and to assure quality care by providing:1. Ability to record and enforce consumers’ individual preferences on
who can see or use their personal health information and for what purposes – whether it’s within a hospital or between their family doctor and the specialist she has chosen to help diagnose a problem
2. Ability to protect their health information from being changed or deleted
3. Ability to make sure that their health information is available to their family physician, the specialists he/she consults, and physicians providing emergency care in their local emergency room and the clinic in the remote mountain community where they vacation
6
ARRA EHR-Adoption Reimbursement Requirements
• To encourage broad adoption of EHRs, ARRA offers reimbursement to eligible providers who meet two requirements:1. Acquire a certified EHR product or service
2. Demonstrate that he/she is using that product/service “meaningfully”
• The Standards Committee needs to recommend both:1. Criteria for certifying products
2. Criteria for demonstrating that an applicant is using that product meaningfully
7
EHR-Adoption Privacy and Security
• For privacy and security, certification that a defined function or service has been implemented in a product is not sufficient to demonstrate “meaningful use” (or even “use”) of that function or service
• The Privacy and Security Workgroup has adopted an approach that addresses both the certification of products and the demonstration that a user is using the certified product “meaningfully”
8
Mapping “ARRA 8” to Product Certification Criteria
9
Mapping “ARRA 8” to Meaningful Use Criteria
10
“ARRA 8” Requirements and Standards
ARRA Priority Areas of Focus Derived Privacy & Security Services
HITSP Standards?
1) Technologies that protect the privacy of health information and promote security in a qualified electronic health record, including for the segmentation and protection from disclosure of specific and sensitive individually identifiable health information
Identity management Yes
User/entity authentication Yes
Identity- / role-based access control
Yes
Label-based access control No
Consent management Partial
Transmission integrity protection Yes
Transmission confidentiality protection
Yes
2) Nationwide HIT infrastructure for electronic use and exchange of EHR
Secure communications channel Yes
Secure email Yes
11
“ARRA 8” Requirements and Standards
ARRA Priority Areas of Focus Derived Privacy & Security Services
HITSP Standards?
3) EHR certification (all) --
4) Technologies that as a part of a qualified electronic health record allow for an accounting of disclosures made by a covered entity
Auditing Yes
Consistent time Yes
Inter-enterprise traceability No
Non-repudiation Yes
5) The use of certified electronic health records to improve the quality of health care
Document integrity protection Yes
Transmission integrity protection Yes
Non-repudiation Yes
Service availability No
12
“ARRA 8” Requirements and Standards
ARRA Priority Areas of Focus Derived Privacy & Security Services
HITSP Standards?
6) Technologies that allow individually identifiable health information to be rendered unusable, unreadable, or indecipherable to unauthorized individuals
Transmission confidentiality protection
Yes
Deidentification Yes
Anonymization Yes
Pseudonymization Partial
Limited data set No
7) Demographic data N/A --
8) Special populations N/A --
13
Privacy and Security WG Recommendations
• Certification criteria should not dictate policy beyond what is specified in ARRA and the HIPAA Security and Privacy Rules – Allow adopter to configure products to its individual policy
based on its own risk factors
• Product certification should address both functional requirements (services provided) and assurance levels (strength of mechanisms and implementations) – Use ISO/IEC 15408, Common Criteria for Information
Technology Security Evaluation, to specify Evaluation Assurance Levels (EAL) for use cases
• For greater openness and broader interoperability, prefer standards developed by international Standards Development Organizations (SDOs)
14
Privacy and Security WG Recommendations
• Certification criteria and standards should enable design possibilities that leverage fundamental principles and open standards
• Product certification criteria should build toward full interoperability with both healthcare partners (providers, payers, HIEs, etc.) and consumers; for example:– 2011: secured enterprises + simple, secured sharing with
healthcare partners and consumers – 2013: secured health exchanges with healthcare partners and
consumers– 2015: full integration of consumer preferences with enterprise
and exchange access controls
15
Privacy and Security WG Recommendations
• “Meaningful use” criteria should be rules-based and should specify what certified features must be used and how, within the context of defined, operational use cases
• “Meaningful use” should include at least:– Required certified features and their configuration within
applicable use case– Secure IT infrastructure– Current HIPAA risk analysis and risk-management plan– Current HIPAA contingency plan (back-up, disaster recovery,
emergency operations, testing and revision, criticality analysis)
16
Consent Management – the Widest, and Perhaps Most Urgent, Gap
• Consent management involves several functions:1. Recording patient elections (privacy authorizations and
informed consents) in a consistent way such that both humans and computers can interpret the elections consistently across systems and organizations
2. Transferring these elections among all entities that handle their PHI (e.g., providers, labs, pharmacies, payers, researchers, PHI vendors)
3. Translating these elections into access control rules
4. Managing the continually changing elections
17
Consent Management – the Widest, and Perhaps Most Urgent, Gap
• Some standards-development work is under way– HL7, primarily focusing on privacy and security authorizations– Consent Assertion Markup Language (CAML, John Halamka) – XML data
model representing all patient authorizations and consents– HITSP TP30 and the Integrating the Healthcare Enterprise (IHE) Basic
Patient Privacy Consent (BPPC) profile • HIE, OASIS, and ASTM are addressing the exchange of consumer
elections• No significant efforts addressing translation into access-control rules, or
change management• Consumers are beginning to play a much greater role in defining how
their information is shared and used – standards are needed
• HHS should encourage and support the rapid, well informed, development of consent management standards comprehensively addressing 1-4 above
18
Recommended Standards – Readiness Ratings
1. Mature; known or certain to be implementable in 2011; implemented widely (>20%) in industry
2. Ready for introduction; known/certain for 2013
3. Well developed; work in progress for 2013 / 2015
4. In development; standards to be determined
19
Recommended Standards*
*See hand-out for further details
Short Title Services Supported 1 2 3 4
HL7 Version 3 Standard: Role Based Access Control (RBAC) Access control x
OASIS eXtensible Access Control Markup Language (XACML)
Access control x
OASIS Security Assertion Markup Language (SAML) v2.0 Access control x
OASIS WS-Trust Access control x
ISO/IEC Common Criteria for Information Technology Security Evaluation
Assurance certification x
IHE Audit Trail and Node Authentication (ATNA) Profile Audit x
ASTM Standard Guide for Electronic Authentication of Health Care Information
Authentication x
IETF Kerberos Authentication x
IHE ITI-TF Authentication Authentication x
IHE ITI-TF Cross-Enterprise Document Sharing-B (XDS.b) Authentication; Consent management
x
IHE ITI-TF Enterprise User Authentication (EUA) Authentication x
IHE ITI-TF Cross Enterprise User Assertion (XUA) Authentication x
OASIS Simple Object Access Protocol (SOAP) Authentication x
20
Recommended Standards
Short Title Services Supported 1 2 3 4
HL7 V3 Data Consent Consent management x
IHE ITI-TF Basic Patient Privacy Consents (BPPC) Consent management x
IHE ITI-TF Registry Stored Query Transaction for XDS Profile Supplement
Consent management x
OASIS/ebXML Registry Information Model v3.0 Consent management x
OASIS/ebXML Registry Services (ebRS) Specifications Consent management x
IETF Network Time Protocol (NTP) Consistent time x
IETF Simple Network Time Protocol (SNTP) Consistent time x
IHE ITI-TF Consistent Time (CT) Consistent time x
HIPAA Privacy Rule: Deidentification Deidentification x
HIPAA Privacy Rule: Pseudonymization Deidentification x
HL7 Version 3.0 Clinical Genomics; Pedigree (Anonymization)
Deidentification x
IETF Domain Name Service (DNS) Identity Management x
IETF Lightweight Directory Access Protocol (LDAP) Identity Management x
IHE ITI-TF Personnel White Pages (PWP) Identity Management x
IETF Language Tags Identity Management x
21
Recommended Standards
Short Title Services Supported 1 2 3 4
IHE ITI-TF Cross Community Access (XCA) Infrastructure x
IHE ITI-TF Cross-Enterprise Document Sharing-B (XDS.b) Infrastructure x
ETSI XML Advanced Electronic Signatures (XadES) Non-repudiation x
HIE ITI-TF Document Digital Signature (DSG) Content Non-repudiation x
IETF Cryptographic Message Syntax Non-repudiation; secure email
x
ISO Health Informatics, Public Key Infrastructure (PKI) Non-repudiation x
FIPS 197, Advanced Encryption Standard (AES) Secure transmission x
IETF Transport Layer Security (TLS) Protocol Secure transmission x
IHE ITI-TF Cross-Enterprise Document Media Interchange (XDM)
Secure email x