In phase 1 of HISPC, the Colorado team completed the work summarized above. In phase 2, each state implemented a state-specific project and planned for multi-state collaboration in phase 3. A formal governance structure for ensuring privacy and security has been established in Colorado through CORHIO, a state-level, federated, nonprofit organization. HISPC phase 2 enabled CORHIO to develop a core set of privacy policies and practices and define the components of secure electronic information architecture. The Policy and Compliance Committee of CORHIO developed and presented these policies to the CORHIO Board on November 29, 2007 for its approval. The policies address authentication, role-based access, specially protected information, consistent methods for obtaining and tracking patient authorization, and auditing. The policies were adopted by the board with minor changes and will be available on the CORHIO website. The Legal Working Group also presented interim Data Sharing Agreements to the CORHIO Board on November 29, 2007. Data exchange implementation continues on schedule for a mid-2008 "go live" deadline.
