OVERVIEW

The eHealth Initiative and the Vanderbilt Center for Better Health are jointly sponsoring a two-day Privacy and Confidentiality Workshop on September 13-14, 2006.

The Privacy and Confidentiality Workshop is designed for organizations and communities who must adopt security and confidentiality principles, practices, and implementations required for more comprehensive exchange and use of patient-centered clinical information.

Drawing on national experts who have implemented policies and procedures in the course of their clinical data exchange, this workshop will be an intense, hands-on experience. Designed to provide attendees with a high-level plan of action for surveying their local and state policy and legal climate, develop consensus, and accelerate the development of policies and procedures required to create secure and confidential use of patient-centered clinical information across traditional organizational boundaries.

The workshop will cover a spectrum of relevant activities:

• Review essential security and confidentiality principles for exchange of health information
• Review selected legal and policy issues, variations, proposed solutions, and best practice implementations
• Identify critical specific terms and conditions for information-sharing communities
• Develop a custom-tailored confidentiality and privacy framework for information-sharing communities;
• Identify means of embedding privacy and security principles into relevant policies, procedures, and practices for organizations involved in data exchange
• Discuss the most advanced technical strategies with the potential for the future promotion of secure, scalable, and trusted data exchange initiatives.

Topics covered in this workshop include:

• General principles and approaches to security and confidentiality of health information
• The Markle Connecting for Health Common Framework
• National, state, regional, and institutional policies including relevant variations and best practices
• Consumer perspectives and concerns
• Authentication and identity management
• Physical security for hardware architectures
• Data use limitations
• Patient participation (“opt-in” or “opt out”)
• Approaches to creating policies and procedures within an organization or community
• Data sharing agreements for organizations and individual users
• Audit and oversight policies and procedures
• Enforcement of authentication and authorization policies

Target Audience

Designed for leaders in health plans, health delivery organizations, regional health information organizations, consultants, legal professionals, and representatives from consumer and professional groups. The workshop will be highly interactive and participatory. Because of the frequent use of small group tasks and the wide range of activities covered, we recommend interested organizations send at least two individuals so that the broadest national and community perspective will be obtained.

Faculty

• Chelle Woolley (Woolley and Associates)
• Emily Welebob (eHealth Initiative)
• Gerry Hinkley (Davis Wright Tremaine LLP)
• J. Marc Overhage, M.D., Ph.D. (Regenstrief Institute)
• Linda Kloss (AHIMA)
• Mark Frisse (Vanderbilt University)
• Melissa Goldstein (Markle Foundation)
• Michael Heekin (State of Florida)
• Michelle Morgan (My Health Choice)
• Monroe Wesley (St. Jude Children Research Hospital)
• Peter Greaves (Hospital Corporation of America)
• Robert Q. Wilson (The Bogatin Law Firm)
• Soumitra Sengupta (Columbia University)
• Vicki Estrin (Vanderbilt University)
• Victoria Prescott (Regenstrief Institute)