130 likes | 267 Views
Kansas Privacy and Security Update AHRQ Annual Research Meeting Washington, DC • September 27, 2007. Robert F. St. Peter, M.D. President and CEO Kansas Health Institute. Kansas HIE Initiatives Overview. RWJ Information Links Grant. KS Privacy and Security (I) Project.
E N D
Kansas Privacy and Security UpdateAHRQ Annual Research MeetingWashington, DC • September 27, 2007 Robert F. St. Peter, M.D. President and CEO Kansas Health Institute
Kansas HIE Initiatives Overview RWJ Information Links Grant
KS Privacy and Security (I) Project • Project management team • Kansas Health Institute, Governor’s Commission • University of Kansas Center for Healthcare Informatics • Private attorneys • Process for assessing business scenarios and domains • Broad stakeholder input • Validation continuing today
Major Themes • Wide geographic variations in business practices – many parts of rural Kansas have few physicians and hospitals, limited health resources, while some cities have considerable duplication • Few physicians’ offices are “wired,” there are no RHIOs, little electronicization outside urban areas • HIPAA has been fully integrated into all stakeholder practices – yet some consider it a barrier, some neutral, and some an aid • Some physician offices and hospitals have extensive policy manuals, others rely on common practices
Major Barriers • Very little use of EMRs among physicians • Wide variety of non-interoperable software systems • Widely ranging interpretations of HIPAA • Varying policies on outside access to medical records complicates interoperability among different stakeholders • Obtaining patient consents, re-consents, authorizations of release is cumbersome
Key Findings • Patient focus: • Clarify patient consent • Business Operations focus: • “Electronicization” • Weak policies • Narrow policies • Legal focus: • Weak understanding of the law • Antiquated state laws • Regional focus: • Multi-state solutions
Solution Strategies • Patient focus: • Patient/Consumer education • Patient IDs, MPI and record locator services • Notifications, authorizations, access controls • Business Operations focus: • Promote adoption of electronic HIE through • “Learning communities” of providers • HIE/HIT Policy Initiative readiness assessment • Strengthen business policies and practices through • HIE Resource Center
Solution Strategies – cont’d • Legal focus: • Consistent and comprehensive statewide interpretation of HIPAA • Identification of state laws and regulations needing modernization to create compliance with HIPAA • Lobby for creation of safe harbors • Regional focus: • Medical service area analysis • Coordination with border states, starting with Missouri • Immunization registries • CareEntrust initiative by employers
KS Privacy and Security (II) Project • Legal Review • Catalog statutes and regulations related to health information privacy and security • Draft statutory language, specifying baseline privacy and security standards • HIT/HIE Privacy and Security Coordinating Entity and Educational Toolkit • Produce governance documents and principles acceptable to a majority of stakeholders for statewide implementation of health information privacy and security strategies. • Develop a curriculum targeted to a specific market segment, a teaching guide and a program evaluation plan.
KS Privacy and Security (II) Teams • Planning team produces business plan for a self-sustaining institution with an explicit early focus on privacy and security • Convene stakeholders to identify business goals, markets, services, distribution channels. • Describe staffing, operations, business alliances, service pricing model (and other revenue sources), success measures • Design legal organizational structure and governance • Legal team drafts legal organizational documents • Recommend governance structure, including relationships to existing organizations, e.g. HIEC, KHPA
Teams – cont’d • Curriculum team, in parallel with foregoing activities, develops HIE P&S Educational Toolkit as the first service offering of the Kansas HIE resource center • Educational objectives described by Planning team • Course content contributed by Legal team • Teaching strategies recommend by education experts • Multi-state collaboration teams • Harmonizing state privacy law: KS, ID, KY, MI, FL, NM, TX • Consumer education and engagement: KS, CO, GA, MA, NJ, NY, OR, WA, WV
Plans for 2008 • Provide resources for 2008 legislative session • Continue detailed review of statutes and regs • Continue participation in multi-state collaborations to secure new funding for joint activities • Organize and staff the HIE Coordinating Entity • Roll out first education program for consumers • Continue development of additional curricula
Kansas Health Institute Information for policy makers. Health for Kansans.