Health Information Compliance Alert

Published on Tue May 25, 2010 PDF

Privacy, Security Should Not Be An 'Afterthought'.

Privacy and security issues must be a top priority in building trust between physicians and consumers and if emerging healthcare information exchanges are to be a success. Privacy and security "absolutely essential to everything that a health information exchange does," says Irene Koch, executive director, Brooklyn Health Information Exchange (BHIX), in a recent post on www.healthcareinfosecurity.com.

The issues should be tackled as HIEs develop and deploy new functions and technical features, she further stressed. Treating privacy and security as an afterthought, according to Koch, "is a real mistake."

This spring, BHIX, initiated in 2007, re-launched using new technologies from Initiate Systems, now a unit of IBM Corp.; InterSystems Corp.; and Dell Inc. Participants in BHIX include seven hospitals, four home health agencies, eight nursing homes and four payer organizations, amongst a host of others.

To start with, in the first phase of the re-launch, users gain access to patient information through a centralized portal. For example, physicians can gain read-only access to key information on patients they're treating in a hospital's emergency department.

As far as their plans for its future are concerned, in the months to come, the exchange will let physicians "push a  button" within their EHR system to retrieve data from others via BHIX.

BHIX encrypts all messages and verifies the identities of all senders and recipients. Eventually, BHIX has plans to link with other emerging HIEs in New York. At present, leaders of all the exchanges are discussing how to ensure those links are secure, Koch said in the post.

"And as we think of the national health information network that's developing, we really need to make sure that the privacy and security issues that get resolved in each region and each state then get harmonized with one another so that we can actually effectuate the kind of exchange we need to do," says Koch. Under the HITECH Act, part of the federal economic stimulus package, states have received grants to help support HIE efforts. This support of exchanges is in tandem with federal incentive payments to physicians and hospitals for the use of electronic health records.

A new federal task force is creating recommendations for privacy and security policies for HIEs.

(Editor's note: Read the complete post at: www.healthcareinfosecurity.com/articles.php?art_id=2641)