Seminar on Patient Privacy & Data Security Focuses on HIE

Date: April 4th, 2012Category: CORHIO e-NewsletterTopics: HIE, Data Security

Colorado Hospital Association Patient Privacy and Security Task Force Learns About, Shares Feedback on CORHIO Policies and Procedures

Every month, CORHIO receives about a dozen requests to attend community and association meetings to help educate health care professionals about health information exchange (HIE). CORHIO staff share their expertise on a variety of health IT topics and collect valuable input from stakeholders across the state.

Recently, the Colorado Hospital Association (CHA) hosted a seminar, and invited CORHIO's Privacy Officer and HIE Operations Manager, Patricia Cerna, PMP, to present on its governing principles and policies related to patient privacy and data security. Topics covered in the presentation included:

  • Compliance with laws and policies (such as HIPAA)
  • Appropriate use and disclosure
  • Patient identification
  • Privacy practices
  • User authorization
  • Access and disclosure auditing
  • Transparency and accountability
  • Security protocol
  • System management

Sharing Best Practices on Protecting Health Information

Seminar participants included the CHA Patient Privacy and Security Task Force, which was brought together to identify and share best practices, address barriers to sharing information between facilities, discuss challenges related to using outside agencies for nursing services, and challenges that will emerge with the implementation of HIE. In addition to discussing CORHIO’s policies and procedures, the seminar also gave the Task Force and other participants a chance to have open dialogue with CORHIO staff and address questions and concerns about HIE privacy and security.

Applying Best Practicecs to Your Medical Practice or Facility

“The presentation gave us an overall understanding of how CORHIO is ensuring privacy and security, and it was also an opportunity for us [staff at Children’s Hospital Colorado] to discuss some of the issues that are specific to pediatric patients,” said Marty Esquibel, Task Force member and privacy officer at Children’s Hospital Colorado. "When accessing a patient record, it is imperative to identify the patient’s personal representative to maintain confidentiality and avoid potential domestic disputes. With pediatric patients there is a heightened sense of security that doesn’t apply to adult patients. We were pleased that CORHIO was open to discussion and that they valued our input on those aspects of HIE that don’t apply to the regular population."

Security & Privacy of Health Information is CORHIO's Number One Priority

Maintaining privacy and security of protected health information is a critical element of exchanging health data across the continuum of care. Since its inception, CORHIO has placed great emphasis on ensuring that privacy and security considerations are addressed at every stage of development of the HIE. By educating and interacting with the public, CORHIO can address privacy and security concerns, such as confidentiality of patient information, who should have access to it, how the information will be used, and the technical safeguards in place to secure the information. CORHIO also trains HIE participants and their staff about privacy, security and opt-out procedures before a participant goes live.

“With the ability to send and request health information, an authorized user can access a patient's medical history and obtain a list of current medications, known allergies, and other vital information,” said Patricia Cerna, CORHIO HIE operations manager and privacy officer. “CORHIO is taking every precaution to make sure these powerful capabilities are secure and confidential in order to protect patient privacy, while still delivering health information necessary for effective and efficient health care.”