Addressing Privacy and Security in Massachusetts Public Health Information Exchanges: Principles and Best Practices

More than ever before, public health is now a multi-disciplinary, heterogeneous, inter-organizational and information-driven environment in which federal, state and local agencies often closely coordinate with each other, perform multiple functions above and beyond traditional public health activities (i.e., regulatory oversight, provide and/or pay for services), crossing program boundaries and reaching out to health care organizations dealing with administrative services and clinical care.

 A great deal of confusion still exists in the health care industry and among public sector health professionals and other government entities around the applicability and effect that federal privacy and security regulations have on the use and disclosure of health information to and by public sector health agencies and other public programs.  The intersections between various federal privacy regulations such as the Health Insurance Portability and Accountability Act – HIPAA, the Federal Privacy Act, and the Family Educational Rights and Privacy Act – FERPA (among others), and between those regulations and state laws continues to be a subject of much debate.

 

The purpose of this presentation is to provide the perspective of a state public health agency on the privacy and security issues affecting participation of public health in health information exchanges and the approached being considered or implemented to address these issues.  Recommended practices and policies will also be provided.