computable privacy: state-focused activities privacy and security workgroup onc update october 26,...
TRANSCRIPT
Computable Privacy: State-Focused Activities
Privacy and Security Workgroup
ONC Update
October 26, 2015
2
Agenda
• Defining the Problem Current Privacy Rules Environment and Roadmap Stakeholders GAO
• ONC Approach Permitted UsesComputable Privacy Project and Model Criteria Basic Choice
3
Work with States on Interoperability: Why
• An identified source of confusion – e.g., mental health laws
• May impede military readiness• Too complex for technology to assist at this
time
44
Connecting Health
and Carefor the Nation
A Shared NationwideInteroperability
Roadmap
Interoperability (Roadmap Definition) The ability of a system to exchange electronic health
information with and use electronic health information from other systems without special effort on the part of the user.
Differing Legal Requirements Though legal requirements differ across the states,
nationwide interoperability requires a consistent way to represent an individual's permission to collect, share, and use his/her individually identifiable health information, including with whom and for what purpose(s).
Interoperability Roadmap
5
What Did the HITPC PSWG Recommend?
• Clarify relationship between “basic choice” and existing privacy laws that permit sharing without consent
• Near Term Goals: Harmonize categories/conditions legislatively defined
under federal and state law (e.g., mental health). All states should consider having operational plans for supporting interoperability in their health-related strategic plans.
April 29, 2015 HITPC Transmittal to National Coordinator: https://www.healthit.gov/facas/health-it-policy-committee/health-it-policy-committee-recommendations-national-coordinator-health-it
6
Laws, Regulations, and Policies for Patient Consent and Sensitive
Information
Patient Consent(paper/electronic)
EHR System Interoperability
Consent Models (opt-in, opt-out, with restrictions, etc.)
HIPAA
HIPAA
HIPAA
HIPAA
HIPAA
HIPAA
HIPAAHIPAA
HIPAA
HIPAA
HIPAAHIPAA
HIPAA
HIPAA
HIPAA
HIPAA
HIPAA
HIPAA
HIPAA
HIPAA
HIPAA
HIPAA
HIPAA
HIPAA
HIPAA
Current U.S. Privacy Rules EnvironmentHIPAA
HIPAA
HIPAA
HIPAA
7
D.C. Code § 7-1201.01 DefinitionsDistrict of Columbia Official Code—Division I. Government of District—Title 7. Human Health Care and Safety—Subtitle C. Mental Health—Chapter 12. Mental Health Information—Subchapter I. Definitions; General provisions
Mental health information means any written, recorded or oral information acquired by a mental health professional in attending a client in a professional capacity which:
(A) Indicates the identity of a client; and(B) Relates to the diagnosis or treatment of a client’s mental or emotional condition.
N.C. Gen. Stat. § 122C-3 DefinitionsGeneral Statues of North Carolina—Chapter 122C. Mental Health, Developmental Disabilities, and Substance Abuse Act of 1985—Article I. General Provisions
Confidential information means any information, whether recorded or not, relating to an individual served by a facility that was received in connection with the performance of any function of the facility. Confidential information does not include statistical information from reports and records or information regarding treatment or services which is shared for training, treatment, habilitation, or monitoring purposes that does not identify clients either directly or by reference to publicly known or available information.
Sample State Definitions of Mental Health Information (for Disclosure Purposes)
8
The GAO Agrees
• GAO Report 15-817 identified Key Barriers to Interoperability: State laws that are more stringent than HIPAAVariations in state privacy laws and particularly, patient
consent requirements across statesVariations between “opt-in” and “opt-out” states (e.g., opt-
in state providers may avoid disclosing health information to providers in opt-out states explicit patient consent is not documented or available)
State variations in patient consent requirements for sensitive information
http://www.gao.gov/products/GAO-15-817
9
• ONC national survey shows strong patient support for electronic HIE, despite any privacy or security concerns (1) In 2012, 74% support electronic HIE among
healthcare providers treating them in 2013, 70% expressed such support
Patients Support Electronic HIE
(1) 2012, 2013 Consumer Survey of Attitudes Toward the Privacy and Security Aspects of Electronic Health Records and Health Information Exchange. The difference between 2012 and 2013 is not statistically significant.
(2) O’Donnell, HC et al. (2011) “Healthcare consumers’ attitudes towards physicians and personal use of health information exchange.” Journal of General Internal Medicine 26(9): 1019-1026.
(3) National Partnership for Women and Families. Engaging Patients and Families: How Consumers Value and Use HIT, 2014
• Other national surveys also show support: 67% of patients support the idea of their medical records being shared
electronically with providers caring for them (2) 38% of patients want to be able to download their health information;
and of those, 46% want to share that information with another doctor (3)
10
• Patients with mental health and medical comorbidities have higher costs – on average, $450 more per month than patients without mental illness (1)
• Numerous studies document the cost benefits of integrating primary care and behavioral health– Study of 551 patients receiving integrated care showed lower costs
of $3,363 per patient over a four year periods (2)– Intermountain Healthcare program integrating care saved $667
per patient in the first 12 months (3)– Group Health Cooperative’s coordinated care of patients with
diabetes and major depression reduced 5-year costs by $3,900 per patient (4)
Cost Savings From Sharing Mental Health Information
(1) Melek, S., and Norris, D. (2008) Chronic conditions and comorbid psychological disorders. Research Synthesis Report No. 21. Princeton, NJ: The Robert Wood Johnson Foundation
(2) Unutzer J, Katon Wj, Fan MY, et al. Long-term costs effects of collaborative care for late-life depression. Am J Manag. Care. 2008; 14:95-100.
(3) Reiss-Brennan B et al,. Cost and quality impact of Intermountain’s mental health integration program, J Healthc Manag, 55(2). Mar. – Apr. 2010; 97-113.
(4) Katon W. et al. Long-term effects on medical costs of improving depression outcomes in patients with depression and diabetes. Diabetes Care, 31(6). Jun. 2008; 1155-1159.
Military Readiness
Large, dispersed, federally funded beneficiary populations: DOD: 9.5 million VHA: 8.3 million In every state
• 50,000 wounded Service Members from Iraq and Afghanistan 10,000 are National Guard or Reserve
• 300,000 of the 1.7 million Veterans who deployed to Iraq or Afghanistan suffer from PTSD
• 22% of Veterans receive mental health care outside the VA system
• To be ready to be recalled to active duty, service members need the right care when inactive, including comprehensive care that includes mental health services.
11
12
ONC’s Plan
• Educate: What Can Be Disclosed Individual Permissions should be Computable
• Collaborate with appropriate organizations of state health policy officials and other stakeholders, such as NASHP
• Implement State Computable Privacy Project with NGA
13
Consistent Understanding and Technical Representation of Permission to Collect, Share and Use Identifiable Electronic Health InformationF3. Examples of Commitments
• ONC, in collaboration with states, national and local associations, and other federal agencies will launch a project to better understand the complexity of the rules environment, especially the diversity among more privacy restrictive state laws and their impact on computable privacy.
• ONC will identify a definition of “Basic Choice” and provide policy guidance regarding if/when Basic Choice should be offered, even when not required by law based on recommendations from the HITPC by the end of CY 2016.
• ONC will convene a group of industry stakeholders to determine if it is possible to create an open source mapping of the codes that capture clinical care to sensitive health conditions such as mental health. These mappings can serve as the foundation for common rules to be used by rules engines for determining what data may be shared based on individual permission.
14
National Governors Association (NGA) Project
• Convene 5-8 states
• Utilize Focused Approach Analyze health implications of lack of harmony
Focus on mental and behavioral health co-morbid conditions
• Explore Model criteria Document a standard definition of health information,
e.g., PHI (protected health information) as defined under HIPAA.
Develop a list of providers to which laws apply. Develop standard language for when health
information can be disclosed without patient consent for TPO.
Explore how to map ICD-10 codes to the law (SHARPS project: http://sharps.org/clusters/automated-policy-cluster/logical-representation-of-privacy-laws)
15
Basic Choice: ONC commitment
• Our Final Interoperability Roadmap states:By the end of CY 2016 ONC will identify a definition of “Basic Choice” and provide policy guidance regarding if/when Basic Choice should be offered, even when not required by law, based on recommendations from the HITPC by the end of CY 2016.
• ONC can Clarify the interoperability and health implications of
offering choices about electronic exchange that are not offered about other media
Translate complex policy recommendations from the HITPC into actionable information by states and organizations
16
• Are there specific examples of state privacy laws that are emblematic of this issue?
• Should model criteria be considered to support state computable privacy? What criteria are missing?What criteria could be used to enable computability?
Discussion Questions