American Health Information Community

Confidentiality, Privacy and Security Workgroup

Summary of 6th Web Conference of this Workgroup

Monday, January 8, 2007

KEY TOPICS

1. Call to Order and Welcome

Judy Sparrow, AHIC Director, opened the Web conference. She reminded those present that this meeting is designed to meet the requirements of the Federal Advisory Committee Act. Workgroup members then introduced themselves.

2. Opening Remarks

Kirk Nahra and Paul Feldman, Co-chairs for the Confidentiality, Privacy and Security (CPS) Workgroup, stated the purpose of the call is to finalize the recommendations letter to the AHIC, who will meet on January 23, 2007, to discuss the Workgroup’s activities for this year.

Before discussing the recommendations, Greg Downing spoke about the new AHIC Personalized Healthcare (PHC) Workgroup. The Workgroup is charged with determining how health information technology can integrate genomic test information into electronic health records (EHRs). He has been working closely with the Department of Health and Human Services (DHHS) Office of the National Coordinator for Health Information Technology (ONC) staff and RobKolodner to optimize opportunities with the other Workgroups. There are many areas of privacy and confidentiality that will be of interest to the CPS Workgroup. For example, if enough of the genetic code is captured in an EHR, it may be possible to identify individuals, even if the record has been stripped of identifiers. The same is also true for aggregated research test data. Mr. Downing stated that there is a fair amount of literature on this topic which can be made available to this Workgroup; additionally, he plans to report back periodically on the deliberations of the PHC Workgroup.

3. Review and Approval of Identity Proofing Recommendations

The Workgroup members discussed the working draft letter to the AHIC, forwarding recommendations on patient identity proofing. Workgroup members had the following comments:

Under the background section, a question was raised about the sentence stating that the recommendations do not intend to create barriers to the provision of health care. After discussion, it was decided that this statement should be moved to be an additional footnote to

Recommendation 1 and should read, “Failure to meet identity proofing requirements for electronic access to health information should not impede patient access to health care.”

General Statements 1 and 4 should emphasize that this relates to identity proofing for patients, and not third parties or providers.

General Statement 3 should state that all data included in electronic records should be considered sensitive information.

Recommendation 1

Workgroup members had the following comments concerning Recommendation 1:

A question was raised about the footnote on trusted third parties, which implies that it is known who actually did the identity proofing. It was noted that this statement was getting at the concept of “transient trust” established by a third party on the institutional level. For example, a notary seal is trusted even if the individual notary is not known by the entity requiring proof of identity. The footnote could be changed to read, “A trusted third party is an entity that both the health care consumer or their authorized proxy and the health care entity trust or reasonably rely upon for the purpose of performing identity proofing on behalf of the entity.”

It was noted that Recommendation 1.1 concerns in-person identity proofing and therefore requires in-person presentation plus at least one of the mentioned documents. The examples listed include government-issued photo IDs. This recommendation is stated as a “floor,” and there is nothing to exclude an entity from asking for more information.

Undocumented aliens or other individuals who cannot supply the documents listed in Recommendation 1.1 could be identity proofed by the methods listed in Recommendation 1.2 or 1.3. Members were reminded that these recommendations are not an effort to impede the ability of undocumented individuals to receive care, but rather they are a standard for accessing information electronically.

It was suggested that identity proofing over the telephone, mentioned in Recommendation 1.2, might need more stringency, especially due to front office staff turnover. The genesis of this recommendation was to address secure messaging (SM) with small providers in rural areas; in this case, it may be reasonable to start SM with a patient who has been seeing a particular doctor for years without requiring the patient to present at the office for in-person identity proofing. Whereas a new receptionist might not have the ability to recognize a voice over the telephone and confirm the patient’s identity, the doctor or nurse could. Here, the patient’s relationship is with the entity and not necessarily the individual answering the phone. The recommendation will be edited to change “telephonic recognition” to “telephonic dialogue.”

Recommendation 1.3 could be viewed as identity-proofing methods for individuals who do not have the ID forms listed in 1.1 and do not have a durable relationship with the health care provider as in 1.2. In this case, identity proofing should consist of a method that verifies the person’s identity based on information that they know or can produce about themselves. Several comments were made regarding the ability of Recommendation 1.3 to address identity proofing for undocumented aliens or migrant workers. It was emphasized again that electronic access is a separate issue from access to care. It was also clarified that this recommendation is focused on identity proofing and not authentication.

If an individual cannot be identity proofed by the methods in Recommendation 1.1 and 1.2 and does not have a verifiable data element to meet Recommendation 1.3 at the initial visit, it could be the case that after a period of time, a history could be created for such a person, which will accumulate the necessary data for identity proofing.

Recommendation 1.3 provides two scenarios, listed as 1.3.i and 1.3.ii, regarding whether there is a prior relationship with the consumer being identity proofed. The “untethered” PHR model was discussed as an example of an entity which would not have a prior relationship with the consumer; concerns were raised that it would be advantageous to the “untethered” PHR vendor to have less stringent identity-proofing methods. However, the “untethered” PHR model does not have any “push or pull” with other electronic data sources and therefore is not germane. It was suggested that the Workgroup clearly emphasize that these recommendations are meant to address identity proofing methods for the AHIC Workgroup breakthroughs, which involve interoperable systems.

After much discussion as to whether 1.3.i is sufficient to provide information that is unique, specific to that relationship, and not widely known, the Workgroup members decided to eliminate this section. Instead, Recommendation 1.4 will be created, stating that the Workgroup (1) recognizes that there are situations where there is no preexisting relationship of any kind and using a government-issued photo ID in-person is not practical and (2) has not reached agreement yet on the appropriate alternatives for identity proofing in those situations.

Recommendation 2

Workgroup members had the following comments concerning Recommendation 2:

The group reviewed the intention of this recommendation, which is that information used solely for identity proofing should not be part of the clinical data that is exchanged with other health entities for the purpose of treating that individual. The genesis of this recommendation came from testimony on paper files storing patient-identifying information in the clinical file, which can increase the chances for medical identity theft.

It was noted that “securely maintained” could be interpreted as meaning storing that information. The group debated whether “and should not be disclosed” should be added to this recommendation. After further discussion, it was agreed that the recommendation should go forward as written.

Recommendation 3

Workgroup members had the following comments concerning Recommendation 3:

This recommendation is specific to the conversion process and does not involve pulling data from other sources.

The second sentence of the recommendation was added so that any conversion process that at the same time made the records available to patients included identity proofing. It was debated whether this sentence should be expanded to cover access with any interoperable systems; however, the background section states that these recommendations are limited to patient identity proofing, not providers or third parties. After further discussion, it was agreed that the recommendation should go forward as written.

Recommendation 4

Workgroup members had no changes to Recommendation 4.

Recommendation 5

Workgroup members had the following comments concerning Recommendation 5:

It was suggested that “where applicable” be added to this recommendation.

A concern was raised about whether the Certification Commission for Health Information Technology (CCHIT) is the right organization to issue certification based on business practices, as opposed to standards developed by the Health Information Technology Standards Panel or other bodies. The explanation was offered that if standards are developed on this issue, then CCHIT could create criteria to certify systems using those standards. With this discussion, agreement was reached to include this recommendation.

Action Item #1: ONC staff will rewrite the recommendations as discussed and circulate to the Workgroup to finalize for presentation at the next AHIC meeting.

Action Item #2: The Co-chairs and ONC staff will begin gathering background information, including resources on trusted third parties, and researching options for the new Recommendation 1.4.

4. Workplan and Priorities Discussion

With limited time, the Workgroup began a discussion on priority issues for this year. In addition to the new Recommendation 1.4, the suggestion was raised that the group reach out to the other AHIC workgroups for issues that they may want the CPS Workgroup to address. Other possible issues from feedback solicited from Workgroup members after the November 13 meeting clustered around the following topics:

1. Secondary or other uses of data and consumer rules with regard to how the data would be used in the context of personal health records (PHRs) or exchanged through the Nationwide Health Information Network (NHIN) and Regional Health Information Organizations.

2. Recommendations to address possible non-covered HIPAA entities with respect to PHRs, including privacy practices and specific principles for non-covered situations.

3. Continuing with identity proofing to address providers, facilities, and organizations. The concept of an identity federation could be further explored.

4. Authentication, which is a logical next step after identity proofing, for both the provider and patient. This topic could include access to information, policies regarding transfer of data to and from PHRs, consumer rights to information, role-based access, and how to limit “need to know” access appropriately.

5. Implementing auditing and policies for breaches in consumer protection, as well as education and outreach to inform people about consumer protections.

The Co-chairs stated that criteria were circulated for this discussion and that the Workgroup should formulate both short-term and long-term agenda items. This could include a combination of discrete items, such as identity proofing, or larger policy issues. Mr. Feldman commented that many fundamental privacy principles focus on PHRs, particularly when the PHR is not attached to a covered entity. Mr. Nahra added that he was interested in exploring the impact on the NHIN of possible recommendations regarding consumer consent, authorization, and control of data flow.

Workgroup members had the following comments:

Non-covered entities have the potential to be a major issue. Given that the authorities built into HIPAA are specific to the covered entities, it is not possible to apply these standards directly to other players.

Given that many other organizations are addressing technical standards, the expertise of this group may be better suited to address policy issues. Issues that do contain a technical element will require testimony and guidance from other experts so that the Workgroup’s discussions on the related policy questions will be better informed.

The concept of “opt-in versus opt-out” needs to be addressed, especially as it relates to EHRs. Moreover, it was suggested that it may need to be determined whether the HIPAA paradigm is appropriate for this conversation.

Consumer controls over content was raised as another issue, especially as they apply to EHRs and interoperability.

Regarding the discussion of HIPAA application, it was suggested that the policy question should focus on protections that follow the data, rather than focusing on who has the data.

Additionally, the issue was raised of compatibility between HIPAA policy and any new set of regulatory or policy principles that extend to non-covered entities. It will be necessary to ensure that covered entities are not conflicted or presented with a dual set of standards if they choose to participate in the NHIN.

5. Wrap-up and Summary of Next Steps

The Workgroup is on the agenda for the AHIC meeting in January to present the Patient Identity Proofing Recommendations as well as discuss future plans. Because a final decision has not been reached yet regarding future plans, the Workgroup instead will present the top priorities that emerged from today’s conversation. The group then can follow up with a more detailed plan when it is finalized.

6. Public Comment

None

7. Adjourn

Mr. Nahra thanked the participants, and the meeting was adjourned.

SUMMARY OF ACTION ITEMS

Action Item #1: ONC staff will rewrite the recommendations as discussed and circulate to the Workgroup to finalize for presentation at the next AHIC meeting.

Action Item #2: The Co-chairs and ONC staff will begin gathering background information, including resources on trusted third parties, and researching options for the new Recommendation 1.4.

MEETING MATERIALS

Agenda

Draft Recommendations

Prioritization Criteria

Confidentiality, Privacy, and Security Workgroup

Members and Designees Participating in the Web Conference

 

Attendees
Paul Feldman	The Health Privacy Project
Kirk Nahra	Wiley Rein LLP
Jodi Daniel	ONC
Jill Callahan Dennis	Health Risk Advantage
Steven Davis	Oklahoma Department of Mental Health andSubstance Abuse Services
Lorraine Doo and William Crawford	DHHS/Centers for Medicare & Medicaid (for Tony Trenkle) Services
Deborah Paris (for Flora Terrell Hamilton)	Family and Medical Counseling Service, Inc.
John Houston	University of Pittsburgh Medical Center and National Committee on Vital and Health Statistics
Susan McAndrew	DHHS/Office for Civil Rights
David McDaniel	Veterans Health Administration
Deven McGraw	National Partnership for Women and Families
Alison Rein	National Consumer League
Paul Uhrig	SureScripts
Thomas Wilder	America’s Health Insurance Plans

 

 

Disclaimer: The views expressed in written conference materials or publications and by speakers and moderators at DHHS-sponsored conferences do not necessarily reflect the official policies of the DHHS; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.