Tiger Team Sets 2014 Privacy Agenda

Advisory Group Also Picks New Co-Chair
Tiger Team Sets 2014 Privacy Agenda

Privacy issues involved when patients authorize individuals to securely access their electronic health information on their behalf are among the topics the Privacy and Security Tiger Team will tackle this year.

See Also: The Application Security Team's Framework For Upgrading Legacy Applications

Other topics that the team of federal policy advisers will tackle include security issues related to certain business associates as well as records downloads by patients.

The tiger team makes recommendations to the HIT Policy Committee, which advises the Office of the National Coordinator for Health IT on policy issues tied to the HITECH Act electronic health records incentive program. The committee also provides advice on policies for the development and adoption of a nationwide health information infrastructure, including standards for the exchange of health information.

The tiger team also announced at its Jan. 13 meeting that it has a new co-chair, Micky Tripathi, CEO of the Massachusetts eHealth Collaborative, a not-for-profit consultancy. He replaces Paul Egerman, a software entrepreneur, who stepped down from the panel. Deven McGraw, director of the health privacy project at the Center for Democracy & Technology, a consumer advocacy group, continues as the other co-chair.

McGraw and Tripathi also will co-chair the Health Information Exchange Workgroup, which tackles issues that often overlap with the tiger team, McGraw explains.

Agenda Items

During the first quarter of 2014, the tiger team will discuss the privacy and security issues involved when adult patients authorize others to access their electronic health information, McGraw says. That includes policy implementation issues that arise when, for instance, an adult is authorized to access a parent's medical information to help make care decisions, or when agencies, such as the Social Security Administration, are given permission by an individual to access health records as part of disability benefits determinations.

In the third quarter, the team will discuss similar issues tied to access to records of minors. The team decided to tackle adult representative and proxy matters first because issues involving the health data privacy of minors - especially adolescents - are much more complex, some tiger team members noted during the group's meeting.

Among the complex factors related to parents accessing their adolescent children's health records are the varying state laws related to minors obtaining certain healthcare services without the consent of parents. That creates the potential need for healthcare providers to segment sensitive records, such as reproductive health information, that some minor patients might not want their parents to view, says tiger team member John Houston, chief information security officer at the University of Pittsburgh Medical Center.

Other Hot Topics for 2014

Another topic on the tiger team's 2014 agenda include business associate data practices, which is slated for discussion in the second quarter. That will include discussions about data intermediaries, such as firms that provide data analysis and other functions on behalf of a covered entity.

In the fourth quarter, the team plans to discuss ways to improve patients' secure access to electronic information, including "pulling" data from provider systems using methods such as Blue Button Plus, McGraw says.

Blue Button Plus is an initiative of the ONC's Standards and Interoperability Framework collaborative to advance the implementation standards, tools and services associated with the Blue Button effort to provide consumers with automated updates to their health information. For the push scenario, the collaborative has demonstrated the automation of private and secure transmission of personal health data to a specific location of the consumer's choosing. For the pull scenario, the collaborative is working on allowing a third-party application of the consumer's choosing to privately and securely access personal health data on demand.

The tiger team will host public hearings on various topics of its 2014 agenda to get industry input about the challenges involved in each matter.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site, and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.