Privacy and Security Project (2005-2007) | Digital Healthcare Research

The Privacy and Security Project

RTI International has subcontracted with 33 states and 1 territory to create the Health Information Security and Privacy Collaboration (HISPC). These subcontractors have leveraged input from state leadership and a broad range of stakeholders in health information exchange to assess the variations that exist at the organization level with respect to privacy and security practices and policies - and the legal bases for such practices and polices, where applicable. HISPC's goals are to:

identify both best practices and challenges,
develop consensus-based solutions for interoperable electronic health information exchange (HIE) that protect the privacy and security of health information, and
to develop detailed implementation plans to implement solutions.

The consensus-based solutions and implementation plans that are developed through this work could have far-reaching implications for all as we move toward achieving the goal of having nationwide interoperable electronic health records.

In addition to information about the Privacy and Security project overall, there are links to web pages devoted entirely to the activities of the 34 subcontractors. You are invited to learn more about each of the 34 individual programs and find out how to get involved.

The Goals of the Privacy and Security Project

The Privacy and Security project will play a key role in laying a policy groundwork to support widespread interoperable electronic health information exchange. The assessment of variations in organization-level privacy and security practices and policies, and any related laws and regulations, will identify the practices and policies that are currently in place across a broad array of stakeholders. Practices, policies and related laws will be reviewed to assess whether the particular practice, policy, or law would pose a challenge to the electronic exchange of health information. The HISPC will:

Preserve privacy and security protections in a manner consistent with interoperable health information exchange;
Promote stakeholder identification of practical solutions and implementation strategies through an open and transparent consensus-building process; and
Create a knowledge base about privacy and security issues in electronic health information exchange in states and communities that endures to inform future HIE activities.

Outcomes of the Privacy and Security Project

The HIPSC has produced several outcomes, including:

The Interim Assessment of Variation of Business Practices, Policies, and State Law report, a "first look" at the findings of the 34 subcontractors.
A national conference where members of the 34 subcontractors assembled to discuss their outcomes. Day 1 included presentations and discussions of the key findings of the interim assessment reports. Day 2 included discussions about next steps and future directions.
The Assessment of Variation and Analysis of Solutions report, a final summary of the work produced by the 34 subcontractors.
The Final Implementation Plans, a summary of the documents that guided the work of each subcontractor.
The Health Information Security and Privacy Collaboration Toolkit, designed to provide others with tools and resources to help facilitate privacy and security when exchanging electronic health information exchange.
The Impact Analysis report, analyzes the impact of the HISPC on each participating State and their approach to privacy and security for electronic health information exchange.