Security: An HIE Success FactorMaking Sure Privacy, Security Are 'Not an Afterthought'
Privacy and security are "absolutely essential to everything that a health information exchange does," she stresses. The issues should be tackled as HIEs develop and deploy new functions and technical features, she contends.
Treating privacy and security as an afterthought, she stresses, "is a real mistake."
Up and Running
This spring, BHIX, initiated in 2007, relaunched using new technologies from Initiate Systems, now a unit of IBM Corp.; InterSystems Corp.; and Dell Inc.
Participants include seven hospitals, four home health agencies, eight nursing homes and four payer organizations, among others.
In the first phase of the relaunch, users gain access to patient information through a centralized portal. For example, physicians can gain read-only access to key information on patients they're treating in a hospital emergency department.
In the months to come, the exchange will enable physicians to "push a button" within their electronic health records system to retrieve data from others via BHIX.
The exchange encrypts all messages and verifies the identities of all senders and recipients.
Eventually, BHIX will link to other emerging HIEs in New York. So the leaders of all the exchanges are discussing how to ensure those links are secure, Koch says.
"And as we think of the national health information network that's developing, we really need to make sure that the privacy and security issues that get resolved in each region and each state then get harmonized with one another so that we can actually effectuate the kind of exchange we need to do," Koch says.
Under the HITECH Act, part of the federal economic stimulus package, states have received grants to help support HIE efforts. This support of exchanges is in tandem with federal incentive payments to physicians and hospitals for the use of electronic health records.
A new federal task force is creating recommendations for privacy and security policies for HIEs.