Friday, June 12, 2009

The First meeting of the Privacy and Security Workgroup

Today, the HIT Standards Committee Privacy and Security Workgroup met for the first time to discuss our charge, our deliverables, and our workplan.

The broad charge to the workgroup is to make recommendations to the HIT Standards Committee on privacy and security requirements for standards, implementation specifications, and certification criteria.

The specific charge is to make recommendations to the HIT Standards Committee on specific privacy and security safeguards that should be included in the definition of Meaningful Use, with a specific focus on the eight (8) areas listed in Section 3002(b)(2)(B), within two (2) months of the workgroup’s first meeting.

Dixie Baker from SAIC and Steve Findlay from Consumer's Union co-chair the workgroup. Dixie began the meeting with a few remarks that frame the work ahead very well:

"I welcome the opportunity to lead this workgroup in specifying the privacy and security safeguards that should be included in the definition of 'meaningful use.' Health IT can be used meaningfully only if the caregiver trusts it to deliver the services and information she needs to help make sound decisions at the point of care, and if the patient trusts it to protect his privacy.

Specifying safeguards is always an exercise in risk management, and in addressing our task, we’ll need to consider patient privacy risks balanced against safety and quality risks associated with unavailable, incomplete or corrupted information, as well as public trust risks associated with systems that lack integrity or accountability – all driven by the policy direction we’ll be receiving from the Policy Committee. The HITECH Act clearly recognizes the importance of trust in attaining “meaningfulness” – privacy and security are addressed in three of the Act’s eight priority areas of focus. So our workgroup clearly has an important challenge in specifying what is required for health IT to be trustworthy enough to be used meaningfully. And as we discussed at the full Committee meeting, I would expect the bar to be raised over time.

I’m looking forward to learning more about the ONC’s needs and expectations from our workgroup and from the full Standards Committee. "

As with the other groups, the Privacy and Security Workgroup will be reviewing meaningful use after it is discussed on June 16 at the HIT Policy Committee. The workgroup chairs will coordinate their initial workplans via a call on June 19 and will present the first reactions of their workgroups at the June 23 public meeting of the HIT Standards Committee. The workgroups will complete their work, editing/amending the meaningful use matrix with standards, implementation guidance, and certification criteria by August 1.

The Privacy and Security Workgroup is a bit different than Clinical Operations and Clinical Quality in that specific practices at each EHR site can reduce or increase security risk. The workgroup will try hard to provide guidance that is widely implementable in an attempt to reduce security risks for each EHR site, both large and small.

2 comments:

Brian Ahier said...

John, Thank you for sharing this important information.
Is there a list somewhere of the mebers of each group?

morpheus said...

Hi,
I'm a psychologist.My name is psikolog dalan. I visited your web blog. Thank you for sharing.
Visit my website for psychology.
Psikolog U─čur Dalan