Health IT - AHRQ

Skip Navigation

U.S. Department of Health and Human Services

www.ahrq.gov

Print |

Collaborations & Activities

Emerging Lessons

Health IT Implementation Stories

Project News and Publications

Privacy and Security Project

State and Regional Demonstration Projects

Medicaid - SCHIP

Medicaid - SCHIP Fast Facts

Health IT Tools

Knowledge Library

Funding Opportunities

FAQS

Press Room

Key Topics

Background information and the latest evidence on key topics from the field of health IT.

All Key Topics

Stay Informed

Subscribe to Updates

Feedback/Suggestions

AHRQ National Resource Center for Health Information Technology

RTI Privacy and Security Landing Page

*NEW* Impact Analysis report and other project deliverables are now available via the Outcomes section below.

The Privacy and Security Project

RTI International has subcontracted with 33 states and 1 territory to create the Health Information Security and Privacy Collaboration (HISPC). These subcontractors have leveraged input from state leadership and a broad range of stakeholders in health information exchange to assess the variations that exist at the organization level with respect to privacy and security practices and policies - and the legal bases for such practices and polices, where applicable. HISPC's goals are to:

1. identify both best practices and challenges

2. develop consensus-based solutions for interoperable electronic health information exchange (HIE) that protect the privacy and security of health information, and

3. to develop detailed implementation plans to implement solutions.

The consensus-based solutions and implementation plans that are developed through this work could have far-reaching implications for all as we move toward achieving the goal of having nationwide interoperable electronic health records.

In addition to information about the Privacy and Security project overall, there are links to web pages devoted entirely to the activities of the 34 subcontractors. You are invited to learn more about each of the 34 individual programs and find out how to get involved.

The Goals of the Privacy and Security Project

The Privacy and Security project will play a key role in laying a policy groundwork to support widespread interoperable electronic health information exchange. The assessment of variations in organization-level privacy and security practices and policies, and any related laws and regulations, will identify the practices and policies that are currently in place across a broad array of stakeholders. Practices, policies and related laws will be reviewed to assess whether the particular practice, policy, or law would pose a challenge to the electronic exchange of health information. The HISPC will:

Preserve privacy and security protections in a manner consistent with interoperable health information exchange;
Promote stakeholder identification of practical solutions and implementation strategies through an open and transparent consensus-building process; and
Create a knowledge base about privacy and security issues in electronic health information exchange in states and communities that endures to inform future HIE activities.

Outcomes of the Privacy and Security Project

The HIPSC has produced several outcomes, including:

The Interim Assessment of Variation of Business Practices, Policies, and State Law report, a "first look" at the findings of the 34 subcontractors.
A national conference where members of the 34 subcontractors assembled to discuss their outcomes. Day 1 included presentations and discussions of the key findings of the interim assessment reports. Day 2 included discussions about next steps and future directions. Presentations from the conference are now available in the AHRQ health IT knowledge library.
The Assessment of Variation and Analysis of Solutions report, a final summary of the work produced by the 34 subcontractors.
The Final Implementation Plans, a summary of the documents that guided the work of each subcontractor.
The Health Information Security and Privacy Collaboration Toolkit, designed to provide others with tools and resources to help facilitate privacy and security when exchanging electronic health information exchange.
The Impact Analysis report, analyzes the impact of the HISPC on each participating State and their approach to privacy and security for electronic health information exchange.

Project Team

The project team led by RTI International includes:

RTI International

Linda Dimitropoulos, PhD. - Project Director
John Loft, PhD. - Sr Advisor, Assessment Methodology

FOR MORE INFORMATION:  privacy.security@rti.org

National Governor's Association Center for Best Practices

Kathleen Nolan, MPH - Director, Health Division knolan@nga.org
Michelle Lim Warner, MPH - Senior Policy Analyst mwarner@nga.org

Technical Advisory Panel and Subcontractors Names

Bill Braithwaite, MD eHI
Gary Christoph, PhD, TeraData
Mike Hubbard, Womble, Carlyle, Sandridge and Rice, PLLC
John Christiansen, Christiansen IT Law
Chris Apgar, CISSP Apgar & Associates
Holt Anderson, Executive Director, NCHICA
Ryan Bosch, MD, George Washington University
Joy Pritts, Health Policy Institute, Georgetown University
Walter Suarez, MD, MPH, Institute for HIPAA/HIT Education and Research
AHRQ National Resource Center
AHIMA

Project Milestones:

Click on the links below to view State Information.

Alaska

Arizona

Arkansas

California

Colorado

Connecticut

Florida

Illinois

Indiana

Iowa

Kansas

Kentucky

Louisiana

Maine

Massachusetts

Michigan

Minnesota

Mississippi

New Hampshire

New Jersey

New Mexico

New York

North Carolina

Ohio

Oklahoma

Oregon

Puerto Rico

Rhode Island

Utah

Vermont

Washington

West Virginia

Wisconsin

Wyoming

A computer-generated message generated when specific criteria are met; e.g., entry of a critically abnormal laboratory test value generates a warning message to the care provider who ordered the test.

The American Medical Association (AMA) is an organization of physicians which works on the most important professional and public health issues including health information technology (HIT).

The American Medical Informatics Association (AMIA) is an organization dedicated to the development and application of biomedical and health informatics in support of patient care, teaching, research, and health care administration.

Ambulatory medical record system (AMRS), which is a clinical information system that supports the functions of an outpatient clinic, generally including registration, appointment scheduling, order entry, reporting of results, clinical documentation, and billing.

The American Nurses Association (ANA) is a professional organization representing registered nurses with the goal of advancing the nursing profession by fostering high standards of nursing practice and lobbying Congress and regulatory agencies on health care issues affecting nurses and the public, including the use of information technology (IT) in nursing practice.

The American National Standards Institute (ANSI) oversees the creation, promulgation, and use and thousands of standards and guidelines, in nearly every sector of the economy, in order to strengthen the U.S. market in the world economy and to improve the health and safety of consumers.

A computer program designed to help physicians in the proper ordering of antibiotics.

The Arden Syntax standard, which is maintained by HL7, is a coding scheme which provides a standard means for writing rules designed to relate specific patient situations to appropriate actions.

Application Service Provider (ASP) is a type of client-server installation where a business hosts computer-based services for customers to access across a network, such as electronic health record (EHR) solutions accessed over the Internet.

A mode of communication in which exchange of data does not require both parties to be actively involved at the same time.

Asynchronous transfer mode (ATM) is a network protocol for sending small, fixed-length packets of data over network connections.

A record of all accesses and updates to medical data, which is generally maintained in chronological order, which is used to promoted accountability of access to the data.

A process for the positive identification of system users; this process is used to control access to the system.

A process for limiting user access and activities to only the actions deemed appropriate for that user.

The American Academy of Family Physicians (AAFP) is the national association of family doctors; its mission is to improve the health of patients, families, and communities which includes the introduction and use of health information technology (HIT).

A level of encoding of medical data which involves reviewing the data and labeling the data based on an item from a terminology.

A security function in which users are responsible for their access to and use of medical information. The users must have a right to know and a need to know the information they access.

Time between learning sessions when teams work on improvements within their organization. The teams are supported by collaborative faculty/staff.

An adverse drug event (ADE) is an unexpected or dangerous reaction to a drug.

Admission-discharge-transfer (ADT), which is a component of a health information system (HIS) designed to maintain and update the hospital census.

Computer software designed to operate with a degree of autonomy from its programmer (e.g., an agent may be used to search the Internet for specified information).

The American Hospital Association (AHA) is the national organization representing all types of hospitals, health care networks, and their patients plus communities. It strives to ensure that its membersâ€™ perspectives and needs are addressed in national health policy development, legislative and regulatory debates, and judicial matters; this includes issues related to health information technology (HIT).

The American Health Information Community (AHIC) is a federal government advisory body chartered to provide recommendations to the Secretary of the U.S. Department of Health and Human Services (HHS) on how to accelerate the development and adoption of health information technology (HIT).

The American Health Information Management Association (AHIMA) is a professional organization devoted to improving healthcare by advancing best practices and standards for health information management (HIM).

Agency for Healthcare Research and Quality (AHRQ) is the lead federal government agency charged with improving the quality, safety, efficiency, and effectiveness of health care for all Americans. As one of 12 agencies within the Department of Health and Human Services (HHS), AHRQ supports health services research that will improve the quality of health care and promote evidence-based decision making.

This refers to the amount of data that can be transmitted over a communication channel in a given period of time.

A measurement obtained prior to an intervention and used for comparison to post-intervention measurements.

The College of American Pathologists (CAP) is a professional organization of pathologists which fosters and advocates excellence in the practice of pathology and laboratory medicine. It was responsible for developing the Systematized Nomenclature of Medicine (SNOMED).

U.S. Department of Health & Human Services | The White House | USA.gov: The U.S. Government's Official Web Portal

Agency for Healthcare Research and Quality

540 Gaither Road Rockville, MD 20850 Telephone: (301) 427-1364