States Advancing Common Approaches to Protecting Electronic Health Information, Report Finds

Most states have made substantial progress in defining their privacy and security approaches for electronic health information exchange, according to a report released by the Office of the National Coordinator for Health Information Technology (ONC) and the Agency for Healthcare Research and Quality (AHRQ), both part of the U.S. Department of Health and Human Services. The thirty three states and Puerto Rico make up the Health Information Security and Privacy Collaboration (HISPC) formed as part of the ONC-AHRQ co-managed Privacy and Security Solutions for Interoperable Health Information Exchange contract (Privacy and Security Solutions Project).

During the past 18 months, HISPC participants have gained a greater understanding of and ability to address the variation in business practices, policies, and state laws that affect the electronic exchange of health information.

The Impact Analysis Report provides an assessment of the progress made by states since the inception of the project by comparing the current landscape for privacy and security to the baseline as reported by the state teams in early 2006. The report discusses the impact of work among and between participants in five key areas: legislation, executive orders, leadership and governance, stakeholder education and knowledge, and development of health information exchange networks. The analysis also describes the collaborative work between states in seven key areas and it provides a state-by-state discussion of recent progress.

The report is the seventh in a series of progress reports produced by the Privacy and Security Solutions Project.

"The report released is evidence of the significant role and impact that states and territories can have in advancing health information technology while preserving and promoting privacy and security protections," said Dr. Robert Kolodner, national coordinator for Health IT. "The broad participation of stakeholders at all levels in the HISPC has provided each participating state and territory with the foundation, awareness, and buy-in to develop comprehensive plans to protect health information in an electronic environment."

Progress made during the past two years includes:

• 23 states cite increased awareness of privacy and security issues among stakeholders as a key component of success in the development and sustainability of statewide Health IT and Health Information Exchange (HIE) plans;
• 4 states indicated the Privacy and Security Solutions Project has served to increase support for planned HIEs;
• 11 states reported legislative activities aimed at updating and aligning privacy and security statutes to prepare for electronic health information exchange with four states having already passed some legislation;
• Three state governors have issued executive orders formalizing support for the HISPC in their state and have provided members of their state HISPC teams with leadership roles in other initiatives; and
• Seven collaborative work groups involving 43 states and 2 territories are now focused on implementing shared privacy and security solutions.