The evolving patchwork of privacy and security regulations is making the difficult job of creating health information exchanges (HIEs) even more so, according to a panel of experts at the New Jersey and Delaware HIMSS fall event held in Atlantic City. “Privacy and security laws are right now being reinvented, reinterpreted, stretched, morphed and developed,” said Helen Oscislawski, founder of Attorneys at Oscislawski, LLC. Those changes are happening at the federal, as well as state, level, where the HIT Policy Committee’s Privacy and Security Tiger Team is crafting recommendations that may appear in Stages 2 and 3 of Meaningful Use. “We are in the thick of it right now,” she added.
Devan McGraw and Paul Egerman, respectively chair and co-chair of the HIT Policy Committee’s Privacy and Security Tiger Team, entered this month’s full committee meeting looking for approval of the letter and recommendations they put together over the summer. And while they got that approval in the end, it was only after more than 30 […]
The HIT Policy Committee’s new Privacy and Security Tiger Team workgroup is striving to establish the requirements that intermediaries in personal health information (PHI) message transactions will be subject to. Under HIPAA, parties which have access to PHI are deemed covered entities (CEs), required to establish business associate agreements (BAAs) which obligate them to handle the data in certain ways. With the rise of health information exchange under the HITECH Act, the Office of the National Coordinator created the Tiger Team to provide it with guidance in governing health information organizations (HIOs) — or third-party intermediaries which have varying degrees of involvement with the messages.