hit standards committee privacy and security workgroup dixie baker, chair, privacy and security...

13
HIT Standards Committee HIT Standards Committee Privacy and Security Workgroup Privacy and Security Workgroup Dixie Baker, Chair, Privacy and Security Workgroup Walter Suarez, Co-Chair, Privacy and Security Workgroup April 20, 2011 1

Upload: polly-rice

Post on 01-Jan-2016

221 views

Category:

Documents


3 download

TRANSCRIPT

Page 1: HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair, Privacy and Security Workgroup Walter Suarez, Co-Chair, Privacy and Security

HIT Standards CommitteeHIT Standards CommitteePrivacy and Security WorkgroupPrivacy and Security Workgroup

Dixie Baker, Chair, Privacy and Security WorkgroupWalter Suarez, Co-Chair, Privacy and Security Workgroup

April 20, 2011

1

Page 2: HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair, Privacy and Security Workgroup Walter Suarez, Co-Chair, Privacy and Security

Privacy and Security Workgroup

• Dixie Baker, SAIC• Anne Castro, BlueCross BlueShield of South Carolina• Aneesh Chopra, Federal Chief Technology Officer• Mike Davis, Veterans Health Administration• Lisa Gallagher, HIMSS• Ed Larsen• David McCallie, Cerner Corporation• John Moehrke, General Electric• Steve Findlay, Consumers Union• Jeff Jonas, IBM• Wes Rishel, Gartner • Walter Suarez, Kaiser Permanente• Sharon Terry, Genetic Alliance

2

Page 3: HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair, Privacy and Security Workgroup Walter Suarez, Co-Chair, Privacy and Security

Agenda

• Digital Certificate Standard Update

• Update on Recommendations for Provider Directory Standard

3

Page 4: HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair, Privacy and Security Workgroup Walter Suarez, Co-Chair, Privacy and Security

Digital Certificate Standard Update

• Transmittal letter from HITSC sent to ONC

1. Recommended requirements and evaluation criteria for standard

2. Recommendation to investigate benefits and alternatives for cross-certifying Direct Certificate Authorities (CAs) with Federal Bridge CA

• To enable Direct users to exchange health information with federal health agencies, the HITSC Privacy and Security Workgroup recommends that the ONC investigate architectural and operational alternatives for cross-certifying Direct CAs with the Federal Bridge CA, including an examination of potential benefits, and implications on cost, market dynamics, and complexity

3. Recommendation that HIT Policy Committee recommend policy and governance to establish a minimum level of trustworthiness for CAs issuing certificates for Direct exchanges

4

Page 5: HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair, Privacy and Security Workgroup Walter Suarez, Co-Chair, Privacy and Security

Provider Directories Update

• Outcomes from March HITSC meeting

• Approval to proceed to develop recommendations for Enterprise-Level and Individual-Level Provider Directory standards in concert

• ONC identified immediate need for recommendations for standard for certifying EHR capability to query Provider Directories, for consideration for Stage 2 Meaningful Use

• HITPC’s Information Exchange Workgroup (IE WG) presentation of recommendations for Individual-Level Provider Directories (ILPDs) to Policy Committee, originally scheduled for April 13, postponed to May 11 meeting

• Recognizing the immediate need for a standard for EHR provider-directory query, we are implementing measures to minimize the potential impact of this delay

• Including IE WG’s public materials addressing ILPDs in our deliberations

• Preparing to make adjustments as needed post May 11 HITPC meeting

5

Page 6: HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair, Privacy and Security Workgroup Walter Suarez, Co-Chair, Privacy and Security

Provider Directories Continuing Testimony

• Privacy and Security WG received testimony on provide directory standards work

• Social Security Administration (SSA) experience developing Integrating the Healthcare Enterprise (IHE) Provider Directory Profile

• ASC X12 Provider Directory transaction

• Confirming additional testimony from:

• HL7/OMG’s efforts on provider directories

• Massachusetts HIE

6

Page 7: HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair, Privacy and Security Workgroup Walter Suarez, Co-Chair, Privacy and Security

IHE Healthcare Provider Directory Profile

• Social Security Administration led development and proof-of-concept (POC) of Healthcare Provider Directory (HPD) Profile

• Demonstrated 2 use cases at HIMSS interoperability showcase

• Profile and POC cover both ELPD and ILPD

7

Page 8: HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair, Privacy and Security Workgroup Walter Suarez, Co-Chair, Privacy and Security

Standards Adopted for IHE HPD Profile

8

Page 9: HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair, Privacy and Security Workgroup Walter Suarez, Co-Chair, Privacy and Security

ASC X12 Provider Directory

• ASC X12 Transaction 274 – Health Care Provider Information

• Two implementation specifications

• ASC X12 004050X109 – Provider Directory

• Provides standardized data requirements and content for all users of ASC X12 Health Care Provider Information (274) transaction, and detailed explanation of transaction set

• 005010X207 will be ready for release soon, but awaiting additional requirements from HIT Standards Committee that ASC X12 might incorporate before publishing

• ASC X12 004050X185 – Provider Inquiry and Response

• Request list of providers from a specific geography, from a specific payer network, and by specific specialty => Responses provide list of providers and can provide information about the providers’ practices

• Could be migrated to version 5010

• Additional requirements could be incorporated into version 5010

9

Page 10: HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair, Privacy and Security Workgroup Walter Suarez, Co-Chair, Privacy and Security

ASC X12 Provider Directory

• As a transaction standard, ASC X12 does not define a structure for the Provider Directory

• Some structure guidance may be taken from the implementation guides where closely related data elements are collected into a data segment, and data loops

• Observations

• Provider Directory needs to maintain information regarding provider’s membership within Health Plans’ provider networks

• X12 believes that directory information should include more than just contact information – including provider’s specialty, whether the provider is taking additional patients, and the provider’s characteristics compatibility with the patient (location, gender, language, hospital affiliation, etc)

• All of these are provided by ASC X12 Provider Directory, including electronic addresses

10

Page 11: HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair, Privacy and Security Workgroup Walter Suarez, Co-Chair, Privacy and Security

ASC X12 Provider Directory

X207 – Provider Directory available information• Affiliated Hospital• Group • Network• Provider (i.e., doctor or facility)• Site• Name• Identification Numbers• Direct Contact Information• Demographic Information• Languages Spoken• Work Schedule• Location Logistics• Healthcare Delivery Focus• Healthcare Specialty• Licensing Accreditation/Certification• Name of Affiliated Entity• Identification Numbers of the Affiliated Entity• More...

X135 – Provider Directory – Inquiry Response Information•Provider Name•Geographic Information•Provider Area of Specialization•Network•Hospital•Participation Dates•Provider•Role•Accepting New Patients•Provider Identification Number•Geographic Information•Provider Age•Provider Gender•Provider Language•Site-specific Assistive Aids•Sate Licensing Informaiton•Site ID•Provider Site Location•Site Location Information•Provider Work Schedule Information •More...

11

Page 12: HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair, Privacy and Security Workgroup Walter Suarez, Co-Chair, Privacy and Security

Observations and Conclusions

• All approaches presented to date look at PDs as a single, integrated structure containing both enterprise and individual directory information, rather than as separate directory systems

• The Provider Directory standard needs to be implementable at the individual and enterprise levels, as well as centralized and federated

• The Provider Directory standard needs to accommodate the needs of providers, payers, and consumers

• Both IHE and ASC X12 offer valuable contributions to our task of recommending requirements for Provider Directory Standards

• IHE HPD profile has not yet been implemented in a production environment – though it implements more established standards

12

Page 13: HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair, Privacy and Security Workgroup Walter Suarez, Co-Chair, Privacy and Security

Privacy and Security Workgroup Plan

Date Meeting Goal

April 20 HITSC Meeting

Provider Directories:• Update report

April 27 2:00-4:30 pm ET

HITSC – P&S WG

Provider Directories:• Testimony from HL7/OMG on Provider Directories• Testimony from Massachusetts HIE• Review IE WG’s presentation materials re ILPDs

MAY 2 mtgs (TBD)

HITSC – P&S WG

Provider Directories:• Continue discussion around requirements, standards and criteria for

structure, content and publishing of ELPDs and ILPDs• Review and discuss final recommendations from HIT Policy Committee on

Individual-Level Provider Directories (post May 11 HITPC Meeting)• Discuss and finalize recommendations to ONC on requirements,

standards and certification criteria for EHR query capabilities to PDs

May 18 Full HITSC Provider Directories:• Present recommendations on EHR query capabilities to PDs• Update Report on other PD-related standards requirements and criteria

13