The HISPC summary report on the work of its final phase is out. Styled an “action and implementation manual,” it presents the work of the privacy and security group’s year-long third phase.

In addition to the summary report, the seven subgroups that comprise the collaboration are presenting their work through free webinars on Tuesdays and Thursdays this month. The sessions focus on the tools and processes developed by each group, as well as how individual, local, regional, and state-level stakeholders can use them. (more…)

ONC published a draft description of the health IT extension program in today’s Federal Register, requesting comments within two weeks—by June 11.

The extension program is called for under the HITECH Act in ARRA, the American Recovery and Reinvestment Act. It authorizes creation of a National Health Information Technology Research Center and affiliated regional extension centers to assist providers in selecting and implementing certified electronic health records.

The program also will assist providers in becoming “meaningful users” of the systems, a prerequisite to receiving bonus Medicare and Medicaid payments under a separate ARRA provision.

The extension program is to give preference to providers serving uninsured, underinsured, underserved, and special-needs populations. (more…)

Continuing this week’s focus on privacy, today’s guest author Stacie Durkin, RN-C, RHIA, MBA, owner, Durkin & Associates, explains what ARRA’s privacy provisions might mean for health information exchange. Durkin co-chairs an AHIMA/HIMSS collaborative workgroup focused on privacy and security in the HIE/RHIO environment. 

HIPAA has sharper teeth and a wider net due to the American Recovery and Reinvestment Act of 2009 (ARRA).  A section of ARRA called The Health Information Technology for Economic and Clinical Health Act (HITECH Act) is the healthcare portion of the stimulus package that provides $19 billion for health information technology and the Federal financial commitment which supports and promotes the adoption of electronic health records (EHRs) by 2014.  Some of the perceived weaknesses in HIPAA’s privacy and security regulations will be rectified by ARRA, dubbed “HIPAA II.”

There has been much discussion around the privacy and security issues of shared data.   Before the stimulus package, health information exchanges (HIE) were not directly regulated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The new legislation is loaded with requirements, new enforcement provisions and penalties for covered entities, business associates, vendors and others. (more…)

The Health Information Security and Privacy Collaboration (HISPC) will continue its work to foster nationwide health information exchange through a recently announced extension. The Office of the National Coordinator for Health IT (ONC) set the extension to begin April 1 after determining funds remained from the most recent phase of the project, which was scheduled to end last month.

Under HISPC, 42 US states and territories have worked to identify and solve privacy and security barriers to health information exchange (HIE). Formed in 2006, HISPC organized into seven multistate collaboratives in its most recent phase, each focused on a specific issue such as interstate disclosure and patient consent requirements or consumer education. (more…)

Washington State’s experiment in consumer-controlled health records has moved into a pilot phase, transforming the health record banking model from theory to testing. Earlier this month the Washington State Health Care Authority (HCA) announced the launch of three pilot sites that will try out the feasibility of a permanent statewide health record bank network.

Health record banks centrally store copies of consumer’s health records, which providers “deposit” into the accounts. Consumers control which providers can contribute information and which providers and individuals can view their records.

This model of health information exchange, where many providers send patient information to one central location, is seen as an alternative to the many-to-many exchange model, where several organizations directly exchange copies of patient’s records. If the pilot project is successful, Washington State hopes to show by example that health record banks are the ideal model for nationwide information exchange, says Juan Alaniz, health record bank pilot project manager for HCA. (more…)

Google Health, the Internet giant’s free online personal health record service, is nearing a year old. This week the company rolled out some changes to the service, some of which the company anticipated last spring.

Users may now share their health profiles with others, such as doctors and family. Account owners grant access to others via e-mail addresses. Viewers cannot edit or share a profile. Account owners control how much of the profile others see, another change.

Google’s list of partners continues to grow. Partners are primarily national pharmacy chains that can feed medication information into Google Health accounts. However, patients of the Cleveland Clinic and Beth Israel Deaconess Medical Center can import their records through those facilities’ patient portals.

“Redisclosure of Patient Health Information (Updated),” the practice brief in this month’s print issue, offers guidance on one of HIM’s trickier issues. Redisclosure is the sharing or release of patient health information that the organization received from another source (such as a facility or provider) and subsequently made part of the patient’s health record or the organization’s designated record set. A glance at the sample situations in the brief shows just how complicated this issue can become.

AHIMA’s library contains additional related guidance on redisclosure. Look for these practice briefs:

• “Defining and Disclosing the Designated Record Set and the Legal Health Record”
• “Notice of Privacy Practices”
• “Patient Access and Amendment to Health Records (Updated)”
• “Understanding the Minimum Necessary Standard (Updated)”

Healthcare is badly in need of some cost-savings. A new study suggests that a change in the way we keep health records could save billions. Last week the industry got a look at a cost-benefit model for personal health records. According to the report, widespread use of PHRs could save the US healthcare industry between $13 and $21 billion a year.

The Center for Information Technology Leadership (CITL), a nonprofit IT research center based at Partners HealthCare System in Boston, offers the projections in the study “The Value of Personal Health Records.” The study describes an evidence-based model that estimates the industry costs and benefits of four different PHR architectures. The study is the first of its kind to examine the different PHR architectures and show their direct cost savings to healthcare providers and payers, CITL officials say. (more…)

Banking health data like a financial transaction is the simplest solution to healthcare’s networking challenges, says William Yasnoff, MD, PhD, founder of the Health Record Banking Alliance, in the May feature “Taking Medical Records to the Bank.”

So far no one has started a health record bank, though several states are considering or planning them. One question still to answer is how to finance their ongoing operation. There are several options, Yasnoff says. (more…)

Three-quarter of states are pursuing some form of health information exchange (HIE), including the creation of public-private entities to provide statewide governance and interoperability. Promoting these efforts fosters both state and national HIE efforts, according to research by the State-Level Health Information Exchange Consensus Project. (more…)