The Privacy and Security Project
RTI International has subcontracted with 33 states and 1 territory to create the Health Information Security and Privacy Collaboration (HISPC). These subcontractors have leveraged input from state leadership and a broad range of stakeholders in health information exchange to assess the variations that exist at the organization level with respect to privacy and security practices and policies - and the legal bases for such practices and polices, where applicable. HISPC's goals are to:
- identify both best practices and challenges,
- develop consensus-based solutions for interoperable electronic health information exchange (HIE) that protect the privacy and security of health information, and
- to develop detailed implementation plans to implement solutions.
The consensus-based solutions and implementation plans that are developed through this work could have far-reaching implications for all as we move toward achieving the goal of having nationwide interoperable electronic health records.
In addition to information about the Privacy and Security project overall, there are links to web pages devoted entirely to the activities of the 34 subcontractors. You are invited to learn more about each of the 34 individual programs and find out how to get involved.
The Goals of the Privacy and Security Project
The Privacy and Security project will play a key role in laying a policy groundwork to support widespread interoperable electronic health information exchange. The assessment of variations in organization-level privacy and security practices and policies, and any related laws and regulations, will identify the practices and policies that are currently in place across a broad array of stakeholders. Practices, policies and related laws will be reviewed to assess whether the particular practice, policy, or law would pose a challenge to the electronic exchange of health information. The HISPC will:
- Preserve privacy and security protections in a manner consistent with interoperable health information exchange;
- Promote stakeholder identification of practical solutions and implementation strategies through an open and transparent consensus-building process; and
- Create a knowledge base about privacy and security issues in electronic health information exchange in states and communities that endures to inform future HIE activities.
Outcomes of the Privacy and Security Project
The HIPSC has produced several outcomes, including:
- The Interim Assessment of Variation of Business Practices, Policies, and State Law report, a "first look" at the findings of the 34 subcontractors.
- A national conference where members of the 34 subcontractors assembled to discuss their outcomes. Day 1 included presentations and discussions of the key findings of the interim assessment reports. Day 2 included discussions about next steps and future directions.
- The Assessment of Variation and Analysis of Solutions report, a final summary of the work produced by the 34 subcontractors.
- The Final Implementation Plans, a summary of the documents that guided the work of each subcontractor.
- The Health Information Security and Privacy Collaboration Toolkit, designed to provide others with tools and resources to help facilitate privacy and security when exchanging electronic health information exchange.
- The Impact Analysis report, analyzes the impact of the HISPC on each participating State and their approach to privacy and security for electronic health information exchange.
Project Team
The project team led by RTI International includes:
RTI International
Linda Dimitropoulos, PhD. - Project Director
John Loft, PhD. - Sr Advisor, Assessment Methodology
FOR MORE INFORMATION: privacy.security@rti.org
National Governor's Association Center for Best Practices
Kathleen Nolan, MPH - Director, Health Division knolan@nga.org
Michelle Lim Warner, MPH - Senior Policy Analyst mwarner@nga.org
Technical Advisory Panel and Subcontractors Names
- Bill Braithwaite, MD eHI
- Gary Christoph, PhD, TeraData
- Mike Hubbard, Womble, Carlyle, Sandridge and Rice, PLLC
- John Christiansen, Christiansen IT Law
- Chris Apgar, CISSP Apgar & Associates
- Holt Anderson, Executive Director, NCHICA
- Ryan Bosch, MD, George Washington University
- Joy Pritts, Health Policy Institute, Georgetown University
- Walter Suarez, MD, MPH, Institute for HIPAA/HIT Education and Research
- AHRQ National Resource Center
- AHIMA