Health Information Privacy and Security Collaboration

The Privacy and Security Project

RTI International has subcontracted with 33 states and 1 territory to create the Health Information Security and Privacy Collaboration (HISPC). These subcontractors have leveraged input from state leadership and a broad range of stakeholders in health information exchange to assess the variations that exist at the organization level with respect to privacy and security practices and policies - and the legal bases for such practices and polices, where applicable. HISPC's goals are to:

  1. identify both best practices and challenges,
  2. develop consensus-based solutions for interoperable electronic health information exchange (HIE) that protect the privacy and security of health information, and
  3. to develop detailed implementation plans to implement solutions.

The consensus-based solutions and implementation plans that are developed through this work could have far-reaching implications for all as we move toward achieving the goal of having nationwide interoperable electronic health records.

In addition to information about the Privacy and Security project overall, there are links to web pages devoted entirely to the activities of the 34 subcontractors. You are invited to learn more about each of the 34 individual programs and find out how to get involved.

The Goals of the Privacy and Security Project

The Privacy and Security project will play a key role in laying a policy groundwork to support widespread interoperable electronic health information exchange. The assessment of variations in organization-level privacy and security practices and policies, and any related laws and regulations, will identify the practices and policies that are currently in place across a broad array of stakeholders. Practices, policies and related laws will be reviewed to assess whether the particular practice, policy, or law would pose a challenge to the electronic exchange of health information. The HISPC will:

  • Preserve privacy and security protections in a manner consistent with interoperable health information exchange;
  • Promote stakeholder identification of practical solutions and implementation strategies through an open and transparent consensus-building process; and
  • Create a knowledge base about privacy and security issues in electronic health information exchange in states and communities that endures to inform future HIE activities.

Outcomes of the Privacy and Security Project

The HIPSC has produced several outcomes, including:

Project Team

The project team led by RTI International includes:

RTI International

Linda Dimitropoulos, PhD. - Project Director  
John Loft, PhD. - Sr Advisor, Assessment Methodology  
FOR MORE INFORMATION:  privacy.security@rti.org

National Governor's Association Center for Best Practices

Kathleen Nolan, MPH - Director, Health Division  knolan@nga.org
Michelle Lim Warner, MPH - Senior Policy Analyst  mwarner@nga.org

Technical Advisory Panel and Subcontractors Names

  • Bill Braithwaite, MD eHI
  • Gary Christoph, PhD, TeraData
  • Mike Hubbard, Womble, Carlyle, Sandridge and Rice, PLLC
  • John Christiansen, Christiansen IT Law
  • Chris Apgar, CISSP Apgar & Associates
  • Holt Anderson, Executive Director, NCHICA
  • Ryan Bosch, MD, George Washington University
  • Joy Pritts, Health Policy Institute, Georgetown University
  • Walter Suarez, MD, MPH, Institute for HIPAA/HIT Education and Research
  • AHRQ National Resource Center
  • AHIMA


Click on the links below to view State Information.

Last Modified: February 2014