SlideShare a Scribd company logo

Interconnected Health 2012 Examining The Privacy Considerations For Secondary Uses Of Health Information

P
privacypros

Included in ARRA legislation, the Health Information Technology for Economic and Clinical Health (HITECH) Act has incentivized the health care industry to adopt the use of electronic health records (EHR) for leveraging technological innovations to improve patient outcomes. While there are many benefits to health information technology (HIT), privacy advocates are concerned EHR data may be aggregated and used for unintended or unspecified purposes.

1 of 10
Download to read offline
Examining the Privacy Considerations for Secondary Uses of Health Information Linda D. Koontz Alison R. Brunelle Monday April 2, 2012 | Track 2 | 3:15 PM to 3:45 PM For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
“Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.” Alan Westin, Author & Scholar (1967) Source: Westin, Alan, 1967, Privacy and Freedom, New York: Athenaeum. Page 2 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
Privacy Is Not Synonymous With Security Privacy Assures that information Security Guards against is disclosed improper only to information Fair Information Practice authorized modification individuals or Principles (FIPPs) and systems destruction Collection Limitation Data Quality Confidentiality Integrity Purpose Specification Use Limitation Security Safeguards Openness Availability Individual Participation Accountability Assures that information systems—and the data contained in them—are available to authorized users when needed Source: The MITRE Corporation, Systems Engineering at MITRE: Privacy Systems Engineering Guide. Page 3 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
What Are Secondary Uses of Data (SUD)? Outcome Analysis Data Quality Assurance Research Public Health and Reporting Commercialization Page 4 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
Identifiable Data Vs. De-Identified Data ■ There are no restrictions on the use or disclosure of de- Dates (e.g., DOB, Names Geographic Location Attributes DOD, Admission & identified health information. Discharge) ■ Under the HIPAA Privacy Medical Record & Health Plan Rule: Phone Numbers & SSN Beneficiary, Account, Email Addresses Certificate/License Numbers – Removing all 18 elements that could be used to identify the Vehicle Identifiers, individual or the individual's Serial Numbers, License Plate Device identifiers & Serial Numbers Web URLs, IP Address relatives, employers, or numbers household members; or – Using statistical methods to Biometric Identifiers, Full-face Including Photographic Images Any Other Unique Identifying Number, establish de-identification Fingerprints & & Any Comparable Voiceprints Images Characteristic, Code instead of removing all 18 identifiers. Source: U.S. Department of Health and Human Services (HHS), National Institutes of Health (NIH): Privacy Rule and Research. Page 5 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
What are the Privacy Considerations? • Retaining broad • Acknowledging • Meeting the rights to data in data “Common Rule” their Business commercialization requirements for Associate as an avenue human subjects Agreements towards financial research. (BAAs). sustainability. Electronic Health Health Information Record (EHR) and Exchange (HIE) Research Institutes Electronic Medical Organizations Record (EMR) Vendors Page 6 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
Backup Page 7 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
FIPPs Principles SELC and SDLC★ The collection of personal information should be limited, Design the system to use only the minimum amount of PII should be obtained by lawful and fair means, and, where Collection Limitation necessary to accomplish the system's purpose. The key appropriate, with the knowledge or consent of the individual. question to ask for each field of PII is: Can the purpose of the system be served without this particular field of PII? Personal information should be relevant to the purpose for Develop the system to meet the data quality standards which it is collected, and should be accurate, complete, and Data Quality established by the organization. current as needed for that purpose. The purposes for the collection of personal information Develop systems that interact directly with the public such should be disclosed before collection and upon any change to Purpose Specification that the purpose for the collection of PII is made available. that purpose, and its use should be limited to those purposes and compatible purposes. Personal information should not be disclosed or otherwise Develop the system such that each field of PII is used only in used for other than a specified purpose without consent of Use Limitation ways that are required to accomplish the project's purpose. the individual or legal authority. Each process associated with each field of PII should be reviewed to determine whether that use directly fulfills the project's purpose. If not, the function should not be developed. Personal information should be protected with reasonable Implement information security measures for each field of PII security safeguards against risks such as loss or unauthorized Security Safeguards to prevent loss, unauthorized access, or unintended use of access, destruction, use, modification, or disclosure. the PII. Use encryption, strong authentication procedures, and other security controls to make information unusable by unauthorized individuals. The public should be informed about privacy policies and Design the system to provide both a privacy and security practices, and individuals should have ready means of Openness statement at every entry point. Develop mechanisms to learning about the use of personal information. provide notice to the individual at the same time and through the same method that the PII is collected; for example, if PII is collected online, notice should also be provided online at the point of collection. Individuals should have the following rights: to know about Design the system to allow identification of all PII associated the collection of personal information, to access that Individual Participation with an individual to allow correction of all PII, including information, to request correction, and to challenge the propagating the corrected information to third parties with denial of those rights. whom the information was shared. Individuals controlling the collection or use of personal Accountability can be encouraged, in part, by the use of audit information should be accountable for taking steps to ensure Accountability logs that are capable of supporting a comprehensive audit of the implementation of these principles. collection and use of all fields of PII to ensure that actual collection and use is consistent with the notice provided. Source: The MITRE Corporation, Systems Engineering at MITRE: Privacy Systems Engineering Guide. ★ Systems Engineering Life Cycle (SELC) and Secure/Systems Development Life Cycle (SDLC) are often used interchangeably. Page 8 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
Source: Nationwide Health Information Network. Page 9 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
Source: Healthcare Information and Management Systems Society (HIMSS). Page 10 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.

Recommended

Interconnected Health 2012 Hitech 3 Years Later
Interconnected Health 2012 Hitech 3 Years LaterInterconnected Health 2012 Hitech 3 Years Later
Interconnected Health 2012 Hitech 3 Years Laterprivacypros
 
Ley protección de datos personales
Ley protección de datos personalesLey protección de datos personales
Ley protección de datos personalesJuan Carlos Carrillo
 
White Paper: Windstream's Position on Security Compliance
White Paper: Windstream's Position on Security ComplianceWhite Paper: Windstream's Position on Security Compliance
White Paper: Windstream's Position on Security ComplianceWindstream Enterprise
 
Data Without Borders
Data Without BordersData Without Borders
Data Without BordersNair and Co.
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionTrend Micro
 
Electronic data & record management
Electronic data & record managementElectronic data & record management
Electronic data & record managementGreenLeafInst
 
White Paper: Windstream's Position on Security Compliance
White Paper: Windstream's Position on Security ComplianceWhite Paper: Windstream's Position on Security Compliance
White Paper: Windstream's Position on Security ComplianceWindstream Enterprise
 
Threat Detect Hipaa Compliance
Threat Detect Hipaa ComplianceThreat Detect Hipaa Compliance
Threat Detect Hipaa Compliancetbeckwith
 

Recommended

Interconnected Health 2012 Hitech 3 Years Later
Interconnected Health 2012 Hitech 3 Years LaterInterconnected Health 2012 Hitech 3 Years Later
Interconnected Health 2012 Hitech 3 Years Laterprivacypros
 
Ley protección de datos personales
Ley protección de datos personalesLey protección de datos personales
Ley protección de datos personalesJuan Carlos Carrillo
 
White Paper: Windstream's Position on Security Compliance
White Paper: Windstream's Position on Security ComplianceWhite Paper: Windstream's Position on Security Compliance
White Paper: Windstream's Position on Security ComplianceWindstream Enterprise
 
Data Without Borders
Data Without BordersData Without Borders
Data Without BordersNair and Co.
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionTrend Micro
 
Electronic data & record management
Electronic data & record managementElectronic data & record management
Electronic data & record managementGreenLeafInst
 
White Paper: Windstream's Position on Security Compliance
White Paper: Windstream's Position on Security ComplianceWhite Paper: Windstream's Position on Security Compliance
White Paper: Windstream's Position on Security ComplianceWindstream Enterprise
 
Threat Detect Hipaa Compliance
Threat Detect Hipaa ComplianceThreat Detect Hipaa Compliance
Threat Detect Hipaa Compliancetbeckwith
 
Prevalence and incidence
Prevalence and incidencePrevalence and incidence
Prevalence and incidenceAdhin Antony Xavier
 
Social Uses of Personal Health Information Within PatientsLikeMe (4 Aud 1000 ...
Social Uses of Personal Health Information Within PatientsLikeMe (4 Aud 1000 ...Social Uses of Personal Health Information Within PatientsLikeMe (4 Aud 1000 ...
Social Uses of Personal Health Information Within PatientsLikeMe (4 Aud 1000 ...Gunther Eysenbach
 
Workshop - Disaster Health Information Sources: The Basics
Workshop - Disaster Health Information Sources: The BasicsWorkshop - Disaster Health Information Sources: The Basics
Workshop - Disaster Health Information Sources: The BasicsRobin Featherstone
 
Types of Health Information Sources
Types of Health Information SourcesTypes of Health Information Sources
Types of Health Information SourcesElisabeth White
 
Statistical methods
Statistical methods Statistical methods
Statistical methods rcm business
 
WHO CBR Matrix Health Component
WHO CBR Matrix Health ComponentWHO CBR Matrix Health Component
WHO CBR Matrix Health ComponentTamer Ajrami
 
Lec4 morbidity(revised07)
Lec4 morbidity(revised07)Lec4 morbidity(revised07)
Lec4 morbidity(revised07)Abeer Esmail
 
"Component metadata health" check fails with invalid state error
"Component metadata health" check fails with invalid state error"Component metadata health" check fails with invalid state error
"Component metadata health" check fails with invalid state errorVMware Cares
 
Himss13 patient consent v3 final
Himss13 patient consent v3 finalHimss13 patient consent v3 final
Himss13 patient consent v3 finalJeff McCloud
 
Health Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxHealth Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxArti Parab Academics
 
Protection of Patient Information.docx
Protection of Patient Information.docxProtection of Patient Information.docx
Protection of Patient Information.docxWawire Wycliffe
 
Wragge & Co Mobile Healthcare Industry Summit 2012 Bleddyn Rees
Wragge & Co Mobile Healthcare Industry Summit 2012 Bleddyn ReesWragge & Co Mobile Healthcare Industry Summit 2012 Bleddyn Rees
Wragge & Co Mobile Healthcare Industry Summit 2012 Bleddyn Rees3GDR
 
DATA ETHICS: BEST PRACTICES FOR HANDLING SENSITIVE DATA
DATA ETHICS: BEST PRACTICES FOR HANDLING SENSITIVE DATADATA ETHICS: BEST PRACTICES FOR HANDLING SENSITIVE DATA
DATA ETHICS: BEST PRACTICES FOR HANDLING SENSITIVE DATAUncodemy
 
Ecommerce Chap 10
Ecommerce Chap 10Ecommerce Chap 10
Ecommerce Chap 10Pimsat University
 
Data Protection In Ghana
Data Protection In GhanaData Protection In Ghana
Data Protection In GhanaEmmanuel K Asare
 
Information security in healthcare - a perspective on EMR Security
Information security in healthcare - a perspective on EMR SecurityInformation security in healthcare - a perspective on EMR Security
Information security in healthcare - a perspective on EMR SecurityMadhav Chablani
 
Closing the Governance Gap - Enabling Governed Self-Service Analytics
Closing the Governance Gap - Enabling Governed Self-Service AnalyticsClosing the Governance Gap - Enabling Governed Self-Service Analytics
Closing the Governance Gap - Enabling Governed Self-Service AnalyticsPrivacera
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDATAVERSITY
 
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for HealthcareIt's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for HealthcareMarie-Michelle Strah, PhD
 
Data Privacy and consent management .. .
Data Privacy and consent management .. .Data Privacy and consent management .. .
Data Privacy and consent management .. .ClinosolIndia
 
Mobile devices and applications in healthcare: Security and Compliance Risks
Mobile devices and applications in healthcare: Security and Compliance RisksMobile devices and applications in healthcare: Security and Compliance Risks
Mobile devices and applications in healthcare: Security and Compliance Risksdata brackets
 
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)ProductNation/iSPIRT
 

More Related Content

Viewers also liked

Social Uses of Personal Health Information Within PatientsLikeMe (4 Aud 1000 ...
Social Uses of Personal Health Information Within PatientsLikeMe (4 Aud 1000 ...Social Uses of Personal Health Information Within PatientsLikeMe (4 Aud 1000 ...
Social Uses of Personal Health Information Within PatientsLikeMe (4 Aud 1000 ...Gunther Eysenbach
 
Workshop - Disaster Health Information Sources: The Basics
Workshop - Disaster Health Information Sources: The BasicsWorkshop - Disaster Health Information Sources: The Basics
Workshop - Disaster Health Information Sources: The BasicsRobin Featherstone
 
Types of Health Information Sources
Types of Health Information SourcesTypes of Health Information Sources
Types of Health Information SourcesElisabeth White
 
Statistical methods
Statistical methods Statistical methods
Statistical methods rcm business
 
WHO CBR Matrix Health Component
WHO CBR Matrix Health ComponentWHO CBR Matrix Health Component
WHO CBR Matrix Health ComponentTamer Ajrami
 
Lec4 morbidity(revised07)
Lec4 morbidity(revised07)Lec4 morbidity(revised07)
Lec4 morbidity(revised07)Abeer Esmail
 
"Component metadata health" check fails with invalid state error
"Component metadata health" check fails with invalid state error"Component metadata health" check fails with invalid state error
"Component metadata health" check fails with invalid state errorVMware Cares
 

Viewers also liked (8)

Prevalence and incidence
Prevalence and incidencePrevalence and incidence
Prevalence and incidence
 
Social Uses of Personal Health Information Within PatientsLikeMe (4 Aud 1000 ...
Social Uses of Personal Health Information Within PatientsLikeMe (4 Aud 1000 ...Social Uses of Personal Health Information Within PatientsLikeMe (4 Aud 1000 ...
Social Uses of Personal Health Information Within PatientsLikeMe (4 Aud 1000 ...
 
Workshop - Disaster Health Information Sources: The Basics
Workshop - Disaster Health Information Sources: The BasicsWorkshop - Disaster Health Information Sources: The Basics
Workshop - Disaster Health Information Sources: The Basics
 
Types of Health Information Sources
Types of Health Information SourcesTypes of Health Information Sources
Types of Health Information Sources
 
Statistical methods
Statistical methods Statistical methods
Statistical methods
 
WHO CBR Matrix Health Component
WHO CBR Matrix Health ComponentWHO CBR Matrix Health Component
WHO CBR Matrix Health Component
 
Lec4 morbidity(revised07)
Lec4 morbidity(revised07)Lec4 morbidity(revised07)
Lec4 morbidity(revised07)
 
"Component metadata health" check fails with invalid state error
"Component metadata health" check fails with invalid state error"Component metadata health" check fails with invalid state error
"Component metadata health" check fails with invalid state error
 

Similar to Interconnected Health 2012 Examining The Privacy Considerations For Secondary Uses Of Health Information

Himss13 patient consent v3 final
Himss13 patient consent v3 finalHimss13 patient consent v3 final
Himss13 patient consent v3 finalJeff McCloud
 
Health Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxHealth Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxArti Parab Academics
 
Protection of Patient Information.docx
Protection of Patient Information.docxProtection of Patient Information.docx
Protection of Patient Information.docxWawire Wycliffe
 
Wragge & Co Mobile Healthcare Industry Summit 2012 Bleddyn Rees
Wragge & Co Mobile Healthcare Industry Summit 2012 Bleddyn ReesWragge & Co Mobile Healthcare Industry Summit 2012 Bleddyn Rees
Wragge & Co Mobile Healthcare Industry Summit 2012 Bleddyn Rees3GDR
 
DATA ETHICS: BEST PRACTICES FOR HANDLING SENSITIVE DATA
DATA ETHICS: BEST PRACTICES FOR HANDLING SENSITIVE DATADATA ETHICS: BEST PRACTICES FOR HANDLING SENSITIVE DATA
DATA ETHICS: BEST PRACTICES FOR HANDLING SENSITIVE DATAUncodemy
 
Information security in healthcare - a perspective on EMR Security
Information security in healthcare - a perspective on EMR SecurityInformation security in healthcare - a perspective on EMR Security
Information security in healthcare - a perspective on EMR SecurityMadhav Chablani
 
Closing the Governance Gap - Enabling Governed Self-Service Analytics
Closing the Governance Gap - Enabling Governed Self-Service AnalyticsClosing the Governance Gap - Enabling Governed Self-Service Analytics
Closing the Governance Gap - Enabling Governed Self-Service AnalyticsPrivacera
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDATAVERSITY
 
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for HealthcareIt's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for HealthcareMarie-Michelle Strah, PhD
 
Data Privacy and consent management .. .
Data Privacy and consent management .. .Data Privacy and consent management .. .
Data Privacy and consent management .. .ClinosolIndia
 
Mobile devices and applications in healthcare: Security and Compliance Risks
Mobile devices and applications in healthcare: Security and Compliance RisksMobile devices and applications in healthcare: Security and Compliance Risks
Mobile devices and applications in healthcare: Security and Compliance Risksdata brackets
 
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)ProductNation/iSPIRT
 
Privacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or PerishPrivacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or PerishRSIS International
 
The power of information - easy read version
The power of information - easy read versionThe power of information - easy read version
The power of information - easy read versionDepartment of Health
 
Information Assurance and Securitys.pptx
Information Assurance and Securitys.pptxInformation Assurance and Securitys.pptx
Information Assurance and Securitys.pptxChristianClienAbejo
 
Wearable Biometrics and Data Privacy
Wearable Biometrics and Data PrivacyWearable Biometrics and Data Privacy
Wearable Biometrics and Data PrivacyBahaa Abdulhadi
 

Similar to Interconnected Health 2012 Examining The Privacy Considerations For Secondary Uses Of Health Information (20)

Himss13 patient consent v3 final
Himss13 patient consent v3 finalHimss13 patient consent v3 final
Himss13 patient consent v3 final
 
Health Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxHealth Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptx
 
Protection of Patient Information.docx
Protection of Patient Information.docxProtection of Patient Information.docx
Protection of Patient Information.docx
 
Wragge & Co Mobile Healthcare Industry Summit 2012 Bleddyn Rees
Wragge & Co Mobile Healthcare Industry Summit 2012 Bleddyn ReesWragge & Co Mobile Healthcare Industry Summit 2012 Bleddyn Rees
Wragge & Co Mobile Healthcare Industry Summit 2012 Bleddyn Rees
 
DATA ETHICS: BEST PRACTICES FOR HANDLING SENSITIVE DATA
DATA ETHICS: BEST PRACTICES FOR HANDLING SENSITIVE DATADATA ETHICS: BEST PRACTICES FOR HANDLING SENSITIVE DATA
DATA ETHICS: BEST PRACTICES FOR HANDLING SENSITIVE DATA
 
Ecommerce Chap 10
Ecommerce Chap 10Ecommerce Chap 10
Ecommerce Chap 10
 
Data Protection In Ghana
Data Protection In GhanaData Protection In Ghana
Data Protection In Ghana
 
Information security in healthcare - a perspective on EMR Security
Information security in healthcare - a perspective on EMR SecurityInformation security in healthcare - a perspective on EMR Security
Information security in healthcare - a perspective on EMR Security
 
Closing the Governance Gap - Enabling Governed Self-Service Analytics
Closing the Governance Gap - Enabling Governed Self-Service AnalyticsClosing the Governance Gap - Enabling Governed Self-Service Analytics
Closing the Governance Gap - Enabling Governed Self-Service Analytics
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) Data
 
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for HealthcareIt's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
 
Data Privacy and consent management .. .
Data Privacy and consent management .. .Data Privacy and consent management .. .
Data Privacy and consent management .. .
 
Mobile devices and applications in healthcare: Security and Compliance Risks
Mobile devices and applications in healthcare: Security and Compliance RisksMobile devices and applications in healthcare: Security and Compliance Risks
Mobile devices and applications in healthcare: Security and Compliance Risks
 
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
 
Privacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or PerishPrivacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or Perish
 
(Spring 2013) Policy and Privacy/Disclosure for Biometric Systems
(Spring 2013) Policy and Privacy/Disclosure for Biometric Systems(Spring 2013) Policy and Privacy/Disclosure for Biometric Systems
(Spring 2013) Policy and Privacy/Disclosure for Biometric Systems
 
The power of information - easy read version
The power of information - easy read versionThe power of information - easy read version
The power of information - easy read version
 
Information Assurance and Securitys.pptx
Information Assurance and Securitys.pptxInformation Assurance and Securitys.pptx
Information Assurance and Securitys.pptx
 
Standardization and Interoperability
Standardization and InteroperabilityStandardization and Interoperability
Standardization and Interoperability
 
Wearable Biometrics and Data Privacy
Wearable Biometrics and Data PrivacyWearable Biometrics and Data Privacy
Wearable Biometrics and Data Privacy
 

Interconnected Health 2012 Examining The Privacy Considerations For Secondary Uses Of Health Information

  • 1. Examining the Privacy Considerations for Secondary Uses of Health Information Linda D. Koontz Alison R. Brunelle Monday April 2, 2012 | Track 2 | 3:15 PM to 3:45 PM For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
  • 2. “Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.” Alan Westin, Author & Scholar (1967) Source: Westin, Alan, 1967, Privacy and Freedom, New York: Athenaeum. Page 2 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
  • 3. Privacy Is Not Synonymous With Security Privacy Assures that information Security Guards against is disclosed improper only to information Fair Information Practice authorized modification individuals or Principles (FIPPs) and systems destruction Collection Limitation Data Quality Confidentiality Integrity Purpose Specification Use Limitation Security Safeguards Openness Availability Individual Participation Accountability Assures that information systems—and the data contained in them—are available to authorized users when needed Source: The MITRE Corporation, Systems Engineering at MITRE: Privacy Systems Engineering Guide. Page 3 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
  • 4. What Are Secondary Uses of Data (SUD)? Outcome Analysis Data Quality Assurance Research Public Health and Reporting Commercialization Page 4 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
  • 5. Identifiable Data Vs. De-Identified Data ■ There are no restrictions on the use or disclosure of de- Dates (e.g., DOB, Names Geographic Location Attributes DOD, Admission & identified health information. Discharge) ■ Under the HIPAA Privacy Medical Record & Health Plan Rule: Phone Numbers & SSN Beneficiary, Account, Email Addresses Certificate/License Numbers – Removing all 18 elements that could be used to identify the Vehicle Identifiers, individual or the individual's Serial Numbers, License Plate Device identifiers & Serial Numbers Web URLs, IP Address relatives, employers, or numbers household members; or – Using statistical methods to Biometric Identifiers, Full-face Including Photographic Images Any Other Unique Identifying Number, establish de-identification Fingerprints & & Any Comparable Voiceprints Images Characteristic, Code instead of removing all 18 identifiers. Source: U.S. Department of Health and Human Services (HHS), National Institutes of Health (NIH): Privacy Rule and Research. Page 5 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
  • 6. What are the Privacy Considerations? • Retaining broad • Acknowledging • Meeting the rights to data in data “Common Rule” their Business commercialization requirements for Associate as an avenue human subjects Agreements towards financial research. (BAAs). sustainability. Electronic Health Health Information Record (EHR) and Exchange (HIE) Research Institutes Electronic Medical Organizations Record (EMR) Vendors Page 6 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
  • 7. Backup Page 7 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
  • 8. FIPPs Principles SELC and SDLC★ The collection of personal information should be limited, Design the system to use only the minimum amount of PII should be obtained by lawful and fair means, and, where Collection Limitation necessary to accomplish the system's purpose. The key appropriate, with the knowledge or consent of the individual. question to ask for each field of PII is: Can the purpose of the system be served without this particular field of PII? Personal information should be relevant to the purpose for Develop the system to meet the data quality standards which it is collected, and should be accurate, complete, and Data Quality established by the organization. current as needed for that purpose. The purposes for the collection of personal information Develop systems that interact directly with the public such should be disclosed before collection and upon any change to Purpose Specification that the purpose for the collection of PII is made available. that purpose, and its use should be limited to those purposes and compatible purposes. Personal information should not be disclosed or otherwise Develop the system such that each field of PII is used only in used for other than a specified purpose without consent of Use Limitation ways that are required to accomplish the project's purpose. the individual or legal authority. Each process associated with each field of PII should be reviewed to determine whether that use directly fulfills the project's purpose. If not, the function should not be developed. Personal information should be protected with reasonable Implement information security measures for each field of PII security safeguards against risks such as loss or unauthorized Security Safeguards to prevent loss, unauthorized access, or unintended use of access, destruction, use, modification, or disclosure. the PII. Use encryption, strong authentication procedures, and other security controls to make information unusable by unauthorized individuals. The public should be informed about privacy policies and Design the system to provide both a privacy and security practices, and individuals should have ready means of Openness statement at every entry point. Develop mechanisms to learning about the use of personal information. provide notice to the individual at the same time and through the same method that the PII is collected; for example, if PII is collected online, notice should also be provided online at the point of collection. Individuals should have the following rights: to know about Design the system to allow identification of all PII associated the collection of personal information, to access that Individual Participation with an individual to allow correction of all PII, including information, to request correction, and to challenge the propagating the corrected information to third parties with denial of those rights. whom the information was shared. Individuals controlling the collection or use of personal Accountability can be encouraged, in part, by the use of audit information should be accountable for taking steps to ensure Accountability logs that are capable of supporting a comprehensive audit of the implementation of these principles. collection and use of all fields of PII to ensure that actual collection and use is consistent with the notice provided. Source: The MITRE Corporation, Systems Engineering at MITRE: Privacy Systems Engineering Guide. ★ Systems Engineering Life Cycle (SELC) and Secure/Systems Development Life Cycle (SDLC) are often used interchangeably. Page 8 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
  • 9. Source: Nationwide Health Information Network. Page 9 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
  • 10. Source: Healthcare Information and Management Systems Society (HIMSS). Page 10 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.