• Print

What policies is ONC working on to give Health Care organizations latitude from the stringent rules of governing health data and privacy (ie. HIPAA) to share data to an HIE so that the data becomes more liberated?

What policies is ONC working on to give Health Care organizations latitude from the stringent rules of governing health data and privacy (ie. HIPAA) to share data to an HIE so that the data becomes more liberated?

The following list of publicly available policy documents address HIE privacy/security issues, including opt-in/opt-out issues:

  • Privacy and Security Framework Requirements and Guidance for the State Health Information Exchange Cooperative Agreement Program - General Program Information Notice #003, March, 2012; available on the HIE Exchange page
    • This notice provides grantees of ONC’s State Health Information Exchange Cooperative Agreement Program with guidance on privacy and security frameworks, including topics such as individual access and correction, individual choice, and collection use and disclosure limitation.
  • Nationwide Privacy and Security Framework for Electronic Exchange; available on Nationwide Privacy and Security Framework for Electronic Exchange
    • This framework is meant to establish a policy framework and approach to the privacy and security challenges around electronic health information exchange, and is focused on the responsibilities of those who hold and exchange health information through a network.
  • Health IT Policy Committee Recommendations to the National Coordinator for Health IT, September 1, 2010; available on the HITPC Recommendations page
    • These recommendations provided by the Health IT Policy Committee focus on the privacy and security of health information exchange, including providing for individual choice, and emphasize fair information practices.
  • Standards and Interoperability Framework, Data Segmentation for Privacy Initiative.  Available on the S&I Framework wiki.
    • The purpose of this initiative is to enable the implementation and management of varying disclosure policies in an electronic health information exchange environment in an interoperable manner.