Many states have a complex web of state laws, as well as business policies and practices, that exist to protect the privacy and security of medical health records. Often, they are more stringent than the Health Insurance Portability and Accountability Act (HIPAA) privacy protections. This project seeks to move forward toward the goal of national and state electronic heath records, by examining which laws need to be updated - and which policies can be harmonized across organizations - in order to more clearly support health information exchange while still maintaining adequate privacy protections.
This project will allow for broad-based stakeholder engagement and collaboration in identifying laws and policies necessary to protect individuals' privacy and identify those laws that restrict the reliable and timely exchange of health information needed to improve the quality and efficiency of health care. The specific goals of this project include:
-
Expanding consumer participation in health information exchange (HIE) discussions;
-
Developing a comprehensive understanding of variations in business privacy and security policies and practices and how those variations impact health information technology (HIT) and HIE;
-
Creating a set of practical solutions and implementation plans for preserving privacy and security protections that allow interoperable electronic health information systems and exchanges;
-
Strengthening existing collaborative networks - and creating of new ones - to support ongoing HIT and HIE efforts; and
-
Increasing stakeholders' knowledge of best practices for HIT and HIE and how to implement them within and across organizations