The Connecticut Health Information Security and Privacy Initiative is a one-year project to assess how privacy and security business practices and policies affect the exchange of electronic health information and it is part of a nationwide effort. The funding for the project is through a subcontract from RTI International which is funded by AHRQ and ONC. The following entities, along with a variety of stakeholders, are working on the Connecticut initiative:
- The Connecticut Department of Public Health is an executive branch state agency. The Department's mission is to protect the health and safety of the people of Connecticut by actively working to prevent disease and promote wellness through education and health programs; monitor infectious diseases, environmental and occupational health hazards; regulate health care providers; provide testing and monitoring support through the state laboratory; collect and analyze health data to plan future health policies and to be the repository for all birth, marriage and death certificates.
- The Public Health Foundation of Connecticut, Inc. is an independent, privately governed public charity organization. The Foundation seeks to improve health in the State of Connecticut by increasing the amount of funding available to pursue public health initiatives and sponsoring sustainable and innovated projects that support health promotion and disease prevention in the State.
- The mission of the Connecticut Center for Primary Care is to promote public health by researching health issues and disseminating research findings to the general public, health care organizations, and health care practitioners; also, to contribute to the advancement of education and science by researching health issues and by educating the general public and individuals to improve the general health status of the community and individuals.
- eHealthConnecticut, Connecticut's Regional Health Information Organization (RHIO), mission is to create, champion and sustain a secure statewide health information exchange that will dramatically improve the safety, efficiency and quality of health care in Connecticut. eHealthConnecticut was created under the stewardship of Congresswoman Nancy Johnson.
The Objectives of the CT HISPI are:
- To assess variations in organization-level business policies and state laws that affect health information exchange;
- To identify and propose practical solutions, while preserving the privacy and security requirements in applicable federal and state laws; and,
- To develop detailed plans to implement solutions
The Project Will Address Health Information Security and Privacy Issues Such As:
- User Identification and Authentication - how to verify that a person seeking access to electronic personal health information is who they claim to be
- Confidentiality/Privacy - how to protect personally identifiable health information
- Availability - how to balance the legitimate need for information with techniques for limiting or restricting access
- Authorization - how to grant rights to access confidential data
- Information Authorization and Access - how to allow access to only specific people or programs that have been granted access rights to electronic personal health records
- Physical Security - how to define safeguard mechanisms for protecting information at rest
- Transmission Security - how to define safeguards for information in transit
- Safeguarding Data Integrity/Reliability - how to answer the questions: Did anyone tamper with the data? Has it been modified? Did he/she really sign it?
- Audits - how to account for use, access, and/or disclosure by people or electronic systems
The initiative will utilize a variety of working groups (including Privacy/Security, Clinical, Technical, and Legal) meeting under the auspices of eHealthConnecticut to define the current health information security and privacy environment in Connecticut, assess variations across business entities, identify barriers to legitimate flow of electronic health information, propose solutions, and develop a proposed plan of action. Formal reports will include a statewide assessment of variations, a proposed solutions report, and a statewide implementation plan. Statewide plans developed under the project will be further aggregated into a national set of assessments, solutions, and implementation plans compiled by RTI and NGA and submitted to HHS.
How to get involved
Links to relevant web pages
Mr. Philip Dukes, Esq., Counsel for Policy