"The National Health Information Infrastructure (NHII) includes three dimensions: personal health, health care delivery, and public health. It is voluntary, and the benefits - significant."
                       - US Dept of Health and Human Services

Join AzHeC Summit Announcements

Privacy & Security in AZ

HISPC - Arizona Health Privacy Project

Security Subcommittee

 

 

HISPC - Arizona Health Privacy Project 

 

HISPC is the Health Information Security and Privacy Collaboration project which was established on a national level in 2006. The HISPC project was funded by the Agency for Healthcare Research and Quality in 2006 with 34 states participating. The purpose of this collaboration is to assess variation in organization-level business practices in order to identify specific practices that may pose challenges, as well as practices that facilitate interoperable exchange. This, in turn, will allow states to identify and propose practical solutions to barriers while preserving privacy and security requirements as defined by stakeholders and in applicable federal and state law.

 

In 2006, the Arizona Government Information Technology Agency received $350,000 to participate in the HISPC - Arizona Health Privacy Project. In 2008, an additional $414,000 was awarded to the agency to participate on a multi-state collaborative to address standards for health information exchange.

 

 

HISPC - Arizona Health Privacy Project Phase One

 

During Phase One of the HISPC project, Arizona performed outreach to over one hundred stakeholders in the medical community in order to focus on business practices that pose as barriers to health information. Once the barriers were identified, solutions were evaluated to those barriers and implementation plans were proposed. The Legal Working Group (LWG) worked on legislation that could be proposed to remedy legal barriers to health information exchange and has also been working on model policies and procedures for provider access to the HIE and an enforcement policy for inappropriate access to the HIE. The reports that document our findings are as follows:

 

  • Interim Assessment of Variations Report

  • Interim Solutions Report

  • Interim Implementation Plan

  • Final Assessment of Variations and Solutions Report

  • Final Implementation Plan

  • State Implementation Project Summary and Impact Report

 

HISPC - Arizona Health Privacy Project Phase Two

 

Under the second phase of the Health Information Security and Privacy Collaborative (HISPC), Arizona has received a contract through RTI and the Office of the National Coordinator to work on a multi-state collaborative called the "Adoption of Standards Collaborative." The Adoption of Standards Collaborative's main goal will be to establish a "National Health Bridge: Basic Policy Requirements for Authentication and Audit" for providers to access electronic health information across state lines. The other states participating in this collaborative are Colorado, Connecticut, Maryland, Nebraska, Ohio, Oklahoma, Utah, Virginia and Washington.

 

Through GITA, Arizona has taken on the role of co-chair as well as becoming a member of the National Steering Committee for the HISPC collaborative work.

 

Security Subcommittee

 

A security sub-committee has been formed under the Arizona Health-e Connection in order to work on the HISPC - Arizona Health Privacy Project for 2008. The charter of this committee is:

 

 

Purpose

 

The Security Subcommittee will address the technical security requirements necessary to ensure safe and protected use of electronic health information. In addition, the subcommitteewill address standards as they relate to technical security requirements.


The Security Subcommittee will have specific goals and objective for each type of security architecture they will be addressing. This will include authentication, audit, authorization and access for the HIE.

 

 

Goal

 

The goal of the Security Subcommittee is to inform stakeholders as well as RHIOs and HIEs in Arizona and other states of the effective use of security standards and architecture that relate to HIE security. Further, the Security Subcommittee will inform stakeholders of costs that may be prohibitive as well as the risk factors involved with each level of security as authentication; audit, authorization and access are explored.

 

 

Objectives

 

  • Leverage work already completed by the Arizona Government Information Technology Agency, at the national level and in other states for security architecture

  • Review policies and procedures defined by the Arizona Health Privacy Project Legal Working Group to ensure the technical standards conform to these policies and procedures

  • Determine appropriate use cases for accessing the HIE

  • Using the NIST Electronic Authentication Guideline, evaluate associated risk with the different levels of security architecture

  • Review cost of the different levels of the security architecture

  • Recommend standards for use in developing security architecture

 

Copyright 2008, All Rights Reserved, Arizona Health-e Connection.