Health Information Security & Privacy Collaboration (HISPC)
The HISPC’s third, and final, phase comprised seven multi-state collaborative privacy and security projects focused on analyzing consent data elements in state law; studying intrastate and interstate consent policies; developing tools to help harmonize state privacy laws; developing tools and strategies to educate and engage consumers; developing a toolkit to educate providers; recommending basic security policy requirements; and developing inter-organizational agreements.
Each project was charged with developing common, replicable multi-state solutions that could reduce variation in and harmonize privacy and security practices, policies, and laws.
Click on the hyperlinks below to view more details about the Collaboratives and their products.
State Law and Consent Policy
HISPC Reports on State Law, Business Practices, and Policy Variations
Conducted during 2009 as part of the HISPC, the following compendium of five reports detail variations in state law, business practices and policy related to privacy and security and the electronic exchange of health information. For quick reference, several reports contain aggregate findings tables in their appendices. Summaries of each report are below.
**For citation purposes, please use the date the reports were published and released to the public: January 13th, 2010.**
- Report on State Medical Record Access Laws [PDF - 308 KB]
- Appendix A-1 [PDF - 130 KB]
- Appendix A-2 [PDF - 205 KB]
- Appendix A-3 [PDF - 117 KB]
- Appendix A-4 [PDF - 265 KB]
- Appendix A-5 [PDF - 528 KB]
- Appendix A-6 [PDF - 304 KB]
- Appendix A-7 [PDF - 166 KB]
- Appendix A-8 [PDF - 457 KB]
- Appendix A-9 [PDF - 613 KB]
- Appendix B-1 [PDF - 441 KB]
This report analyzes state laws that are intended to require health care providers (specifically, medical doctors and hospitals) to afford individuals access to their own health information and to identify potential barriers to the electronic exchange of health information. Specific state law provisions examined: scope of medical records to which patients are afforded access, format of information furnished, deadlines for responding to requests, fees for furnishing copies, record retention laws and access to records of minors.
- Report on State Law Requirements for Patient Permission to Disclose Health Information [PDF - 2.25 MB]
In Phase I of the HISPC project, a majority of participants reported significant variation in the business practices and policies surrounding the need for and process of obtaining patient permission to use and disclose personal health information for a variety of purposes, including for treatment. This report furthers the initial work of this project by collating and analyzing state laws that govern the disclosure of identifiable health information for treatment purposes to identify commonalities and differences.
- Releasing Clinical Laboratory Test Results: Report on Survey of State Laws [PDF - 1.38 MB]
For this report, state statutes and regulations were analyzed to determine to whom clinical laboratories may release test results. This report focused on clinical laboratory and hospital licensing laws (that contain standards for hospital laboratories). It also examined general state medical record access laws to determine whether they provided an avenue for patients to access their clinical laboratory results directly.
- Report on State Prescribing Laws: Implications for e-Prescribing [PDF - 331 KB]
- Appendix A [PDF - 514 KB]
- Appendix B [PDF - 60.5 KB]
- Appendix C [PDF - 173 KB]
- Appendix D [PDF - 125 KB]
This report identifies and analyzes the impact and variation of state laws related to e-prescribing. The report addresses state laws related to the e-prescribing of controlled and non-controlled substances as well as topics such as record keeping and content requirements, out-of-state prescriptions, and generic substitution laws.
- Perspectives on Patient Matching: Approaches, Findings, and Challenges [PDF - 629 KB]
This report analyzes various approaches to matching patients to their health information in the context of electronic health information exchange. Current and potential methods for matching patients to their health records are discussed, challenges to performing patient matching such as scalability and ease of use are analyzed, and the types of information some HIOs use to match patients to their health records is described.