The Virginia Health Information Security and Privacy Collaboration (HISPC) is a state and federal sponsored, multi-year, public-private organization, whose primary mission is to develop tools, services and support to resolve privacy and security interoperability issues between health information organizations (HIO) across the Commonwealth.
The VA HISPC, working with the Virginia HIT Council and the National Governors Association (NGA), has established a Steering Committee to work with the national HISPC collaboration currently comprising 45 states and territories. The common goal these efforts is to establish consensus based solutions, to resolve privacy and security interoperability issues, between the states and across the nation.
Virginia was not be able to provide a model for the 2008 collaborative, but is able to participate as a part of the team that defines the policy for access the Health Information Exchange (HIE) across the four regions of the Commonwealth (Northern, Southwest, Central and Eastern). Virginia has set up a HISPC Steering Committee, composed of public and private HIE entities, to analyze, document and propose recommendations through the multi-state collaborate. The goal of the Virginia HISPC is to move forward the adoption of ambulatory health records in the Commonwealth, improve interoperability of medical records, and leverage the Commonwealth’s role as a large purchaser of healthcare to lower costs.
Understanding of the problem
The purpose of the HISPC Adoption of Standards Collaborative was to establish the National Health Bridge (NHB) – Basic Policy Requirements for Authentication and Audit. The NHB will identify an agreed upon set of basic policy and process requirements that establish a chain of trust among participants and allow for trusted exchange of health information across enterprises and across state lines. This will establish a basis by which HIE operating bodies or networks can assess their capacity to align and ultimately exchange with other similar organizations regardless of the state from which these organizations operate. The goal of this proposal is to participate with this collaborative, work to achieve the end result of the NHB and incorporate the lessons learning across all the regions of the Commonwealth.
Based on its findings of disparate quality and innovation from system to system, and region to region, and provider to provider, the gap of interoperability across all sectors ad regions, several of Virginia’s legislated committees have recommended the establishment an ongoing statewide electronic health care group or council to work closely with agencies of the Commonwealth to establish incentives or EHR adoption.
As Virginia moves forward with automating patient records, it is the intent of the Commonwealth to fully protect the privacy of patient health information, by complying with Federal and Virginia laws. In addition it becomes necessary to define proactive measures to continually raise the public confidence and trust in the Commonwealth’s actions insuring patient privacy.
The HISPC project is a federally funded collaboration of 45 states, with a goal of establishing privacy and security policy requirements for the effective interstate and intrastate interoperability of health information exchanges (HIE) across the United States.
In the 2007 Phase One of the HISPC project, 33 states identified the need to address trust issues by establishing "who" can be trusted when accessing sensitive patient health information during a health information exchange. Phase Two of the project, commencing in April 2008, will 1) develop a set of common policies that can bridge across networks, 2) conduct tests in a current business model environment, and 3) develop policies and procedure for authentication and audit which are essential for secure and private health information exchange.
45 states and territories have subcontracted with RTI International, a Health and Human Services (HHS) contractor, to create the Health Information Security and Privacy Collaboration (HISPC). RTI has receives input from state leadership and a broad range of stakeholders in the field of health information exchange, in order to assess the variations that exist with respect to privacy and security practices and policies - and, where appropriate, the legal bases for such practices and polices.
Outcomes have included:
To utilize the policy and training materials, go to http://healthit.hhs.gov/HISPC
Expected outcomes include:
On April 27, 2004, the President signed Executive Order 13335 announcing his commitment to the promotion of health IT to improve efficiency, reduce medical errors, improve quality of care, and provide better information for patients and physicians. The President also called for widespread adoption of electronic health records (EHRs) by 2014 so that health information will follow patients throughout their care in a seamless and secure manner.
The President then directed the Secretary of the Health of Human Services (HHS) to establish theOffice of the National Coordinator (ONC) for Health Information Technology to provide the leadership and strategy toward the unified advancement of the national health IT agenda in America. (See ONC testimony to HHS on September 1, 2007)
One of the main driving factors for the national adoption of Health Information Technology (HIT) was Hurricane Katrina, which affected the lives of those living on the Gulf Coast back in 2005 in many ways after scattering families and destroying their property. One particular type of property that was destroyed was medical records and prescriptions. Large numbers of paper medical records maintained by physicians, hospitals, nursing homes and other health care facilities in the Gulf Coast region were ruined. According to the HHS however, providers and payers using electronic medical records were able to preserve their systems and patient information in the wake of the destruction
On August 22, 2006, the President issued Executive Order 13410 to ensure that health care programs administered or sponsored by the federal government would promote quality and efficient delivery of health care, through the use of interoperable health IT.
The Office of the National Coordinator (ONC) has been assigned the responsibility of providing leadership for the development and nationwide implementation of interoperable health information technology to 1) improve quality and efficiency of health care, 2) enable consumers to manage their health, and 3) promote individual and population health.
In 2007, the Department of Health and Human Services (HHS) awarded a Privacy and Security Solutions contract to RTI International (RTI) (co-managed by ONC and AHRQ) to coordinate the work of the 33 states and 1 territory that made up the Health Information Security and Privacy Collaboration (HISPC)project. The HISPC project involved of a broad range of stakeholders in order to assess current variations in state-level privacy and security practices and to come up with consensus-based solutions.
On June 25, 2007 The National Governors Association (NGA) Center for Best Practices sent an invitation to the Governor of Virginia to participate in the HISPC collaborative. HHS has since awarded a new 2008 The Privacy and Security Solutions Contract to RTI for a new HISPC project with now 46 states and territories - now with Virginia added to the project.