226638
Security and the new HITECH ACT regulations: Is your registry ready?
Wednesday, November 10, 2010
: 11:15 AM - 11:30 AM
Iris Zachary, MS, CTR
,
Missouri Cancer Registry, Dept. of Health Management & Informatics and Informatics Institute, University of Missouri, Columbia, MO
BACKGROUND: The Health Information Technology for Economic and Clinical Health (HITECH) Act of the American Recovery and Reinvestment Act of 2009 (ARRA) greatly expands the scope of HIPAA privacy and security protections, increases potential legal liability for non-compliance and provides for more enforcement. It also introduces the first federally-mandated data breach notification. PURPOSE: To share information regarding security provisions included in ARRA legislation; discuss implications for central cancer registry (CCR) operations and public health reporting; and describe necessary changes in operations, policies and procedures. METHODS: We reviewed HITECH security provisions, data transfer agreements and recent literature and compared the new HIPAA security requirements with existing security controls. We assessed implications for CCR systems and how changes could be implemented effectively. We focused on modifications to software applications and programs, liaised with the CDC Registry Plus development team and implemented necessary changes. RESULTS: We developed an action plan and key recommendations for integration of enhanced patient privacy protection and data security into operations and strategic planning. Registries should: 1) Identify a breach team and a detailed plan for data breach response; 2) Add encryption to daily routines for data storage and data transmission; 3) Restructure and refine routines compliant with new security requirements. Subsequently, we adapted applications, developed educational materials, conducted training sessions for CCR staff and made resources available to reporting facilities (see http://mcr.umh.edu). DISCUSSION: As an established data repository, CCRs play an increasingly important role in supporting population-based cancer research and Comparative Evaluation Research (CER). CCRs have proven to be efficient and effective comprehensive data sources for a wide range of public health research priorities such as reducing disparities in cancer detection, prevention and treatment. Data security must continue to be top priority if CCRs are to continue to maintain public trust and confidence in the evolving eHealth environment.
Learning Areas:
Administration, management, leadership
Communication and informatics
Other professions or practice related to public health
Program planning
Public health or related organizational policy, standards, or other guidelines
Public health or related research
Learning Objectives: 1. Identify HITECH Act security guidelines that apply to central cancer registries (CCRs).
2. Discuss implications for CCRs.
3. Describe two or more operational changes CCRs will need to make.
Keywords: Cancer, Health Information Systems
Presenting author's disclosure statement:Qualified on the content I am responsible for because: I am the Missouri Cancer Registry Assistant Database Manager and maintaining data security and understanding security requirements are part of my job responsibilities.
Any relevant financial relationships? No
I agree to comply with the American Public Health Association Conflict of Interest and Commercial Support Guidelines,
and to disclose to the participants any off-label or experimental uses of a commercial product or service discussed
in my presentation.
|