Monday, June 28, 2010
The ONC Privacy and Security Tiger Team
In many previous blogs, I've mentioned that privacy and security are foundational to healthcare information exchange. A suite of policies covering authentication, authorization, auditing, consent, transmission, and encryption constrains technology possibilities and thus empowers consensus processes to harmonize the security infrastructure that supports policy.
ONC has had many groups working on privacy in the Policy Committee, the Standards Committee, and the NHIN Workgroups. Now that Joy Pritts is the Privacy Officer for ONC (in essence the healthcare IT privacy officer for the country) she has unified all these disparate efforts into a single Tiger Team, focused on resolving many challenging healthcare information exchange policy issues over the next few months.
The members are all incredible people who really understand the domain
Paul Egerman, Co-Chair
Deven McGraw, Co-Chair, Center for Democracy & Technology
Dixie Baker, SAIC
Christine Bechtel, National Partnership for Women & Families
Rachel Block, NYS Department of Health
Neil Calman, The Institute for Family Health
Carol Diamond, Markle Foundation
Judy Faulkner, EPIC Systems Corp.
Gayle Harrell, Consumer Representative/Florida
John Houston, University of Pittsburgh Medical Center; NCVHS
David Lansky, Pacific Business Group on Health
David McCallie, Cerner Corp.
Wes Rishel, Gartner
Latanya Sweeney, Carnegie Mellon University
Micky Tripathi, Massachusetts eHealth Collaborative
They have already met numerous times, following a very aggressive schedule. Their early work has been to suggest policies that will support the NHIN Direct effort.
Their basic recommendation thus far is that protected healthcare information should not be exposed in routing, unless necessary for transmission from A to B. Standards that expose more information than necessary in metadata or mix metadata and content should be avoided.
Sometimes inspection of a content payload has value such as ensuring conformance with a standard or providing translation from one standard to another. However, from a policy perspective it is reasonable to say "The payload need not be inspected or changed during transmission”
Tomorrow, the Tiger Team is hosting an important Consumer Choice hearing.
The purpose of the hearing is to learn more about the capabilities of existing consumer choice technology and the potential for future development in this area. The morning session will focus on consumer choice technology in use today in health information exchange. A user of the technology will speak about their specific implementation of the technology, accompanied by a demonstration. The afternoon session will take a look at consumer choice technologies that are in the development stages for use within health information exchange. The developers have been invited to demonstrate either a prototype of the technology or its current use, and discuss its potential for further development within health information exchange.
I look forward to the work of the Tiger Team. When policy and technology are developed in parallel, each supporting the other, everyone wins.
Posted by John Halamka at 3:00 AM