ONC Privacy, Security Panel Re-LaunchesNew Advisory Workgroup Sets Priorities
A federal advisory workgroup that makes privacy and security recommendations to the Office of the National Coordinator for Health IT has officially re-launched with a new name, new members and new topics to tackle in the coming months.
The Privacy and Security Workgroup, formerly known as the Privacy and Security Tiger Team, will tackle such issues as secure and private interoperability of health data and the privacy concerns related to big data, says Deven McGraw, who is continuing to chair the group. The privacy attorney is a partner at law firm Manatt, Phelps & Phillips, LLP.
ONC also announced on Oct. 14 that Lucia Savage, an attorney at insurer United Healthcare, will be joining ONC on Oct. 20 as chief privacy officer.
The Work Ahead
The former Privacy and Security Tiger Team, formed in 2010 to advise the Health IT Policy Committee, had been on hiatus since the spring as ONC cut by about half and revamped the many workgroups that advise the office's policy and standards committees.
ONC, a unit of the Department of Health and Human Services, is best known for its work on guidelines for the HITECH Act's electronic health records incentive program, but its projects are changing as HITECH funding winds down.
McGraw noted that several core values were critical in the recommendations that the tiger team made in past four years, and that those values will carry through to the new Privacy and Security Workgroup. Those include:
- The relationship between the patient and their healthcare provider is the foundation for trust in health information exchange, particularly with respect to protecting the confidentially of personal health information.
- As key agents of trust for patients, providers are responsible for maintaining the privacy and security of their patients' records.
- Patients should not be surprised about or harmed by collections, uses or disclosures of their information.
- For health information exchange to successfully improve patient health and healthcare, HIE efforts need to earn the trust of both consumers and physicians.
The realignment of the ONC advisory workgroups reflect ONC's emphasis on system interoperability and secure national health information exchange as it implements a new 10-year game plan that was unveiled in June. That plan focuses on building an interoperable, nationwide health IT infrastructure to pave the way for the secure exchange of patient information; it includes privacy and security among five core building blocks.
The recent moves by ONC are aimed at repositioning the agency as HITECH Act funding for electronic health records incentives, as well as other projects, including start-up statewide HIEs and regional extension centers offering EHR support, is winding down.
Most of the old tiger team's recommendations were related to the HITECH meaningful use incentive program for EHRs and patient rights of access to records under HIPAA, McGraw noted.
Looking ahead, the new privacy and security workgroup will be tackling recommendations on:
- Big data and privacy in healthcare, including legal and technical challenges related to the privacy and security of big data;
- The Federal HIT Strategic Plan that ONC is developing;
- Rules for Stage 3 of the HITECH Act EHR incentive program;
- ONC's 10-year Interoperability Roadmap;
- Consent issues related to access to health information of minors/adolescents/young adults, and special protections for their health information.
McGraw's new co-chair of the workgroup is attorney Stanley Crosley of the law firm Drinker Biddle & Reath LLP, the former chief privacy officer at Eli Lilly. Crosley is also director of the Indiana University Center for Law, Ethics and Applied Research.
New members of the group are:
- Deb Bass, executive director of the Nebraska Health Information Initiative, a health information exchange;
- Donna Cryer, CEO of CryerHealth, a healthcare consulting and advocacy firm;
- Linda Kloss, CEO of Kloss Strategic Advisors, a consulting firm;
- David Kotz, associate dean of the faculty for the sciences at Dartmouth College;
- Gilad Kuperman, director of interoperability informatics of New York Presbyterian Hospital;
- Manuj Lal, general counsel, chief privacy office and CISO at PatientPoint, a health IT solutions provider;
- Mark Sugrue, chief nursing informatics officer of Lahey Hospital and Medical Center; and
- John Wilbanks, co-founder of Sage Bionetworks, a non-profit that works on collaborative biomedical research.
Previous tiger team members returning to the new Privacy and Security Workgroup are:
- David McCallie, vice president of informatics at EHR vendor Cerner Corp.;
- Micky Tripathi, CEO of the Massachusetts eHealth Collaborative; and
- Gayle Harrell, a former health IT executive and current member of the Florida House of Representatives.
The workgroup also includes several representatives from government agencies, including the Social Security Administration; Veteran's Health Administration; HHS' Office for Civil Rights, which oversees enforcement of HIPAA compliance; and ONC's office of chief privacy officer.