archive-org.com » ORG » M » MARKLE.ORG

Total: 1237

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Connecting Americans to their Health Care: Involving Diverse Populations | Markle | Advancing America's Future
    Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos About Markle Page Sections About Markle A Message from Zoë Baird Our Principles Our Impact Board of Directors Senior Team Our History Quick Links Conference Space Events Markle in the News Media Releases Past Initiatives President s Letters Rework America Page Sections About Rework America A Message from Rework America Opportunity for All Our Impact Initiative Members Expert Advisors Quick Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos Connecting Americans to their Health Care Involving Diverse Populations Publication Date Thursday December 7 2006 Steve Downs from Robert Wood Johnson Foundation Francesca Gany from New York University Medical Center M Chris Gibbons from Johns Hopkins Urban Health Institute Cynthia Baur from Centers for Disease Control and Prevention and Adolph Falcón from National Alliance for Hispanic Health discuss efforts to reach out to and educate diverse and immigrant populations on

    Original URL path: http://www.markle.org/publications/940-connecting-americans-their-health-care-involving-diverse-populations (2016-02-10)
    Open archived version from archive


  • Interactive Demonstrations for Connecting Americans to Their Health Care | Markle | Advancing America's Future
    Quick Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos About Markle Page Sections About Markle A Message from Zoë Baird Our Principles Our Impact Board of Directors Senior Team Our History Quick Links Conference Space Events Markle in the News Media Releases Past Initiatives President s Letters Rework America Page Sections About Rework America A Message from Rework America Opportunity for All Our Impact Initiative Members Expert Advisors Quick Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos Interactive Demonstrations for Connecting Americans to Their Health Care Publication Date Tuesday October 11 2005 Wendy Angst from Cap Med Gloria Austin from Brown and Toland C Martin Harris from The Cleveland Clinic Foundation and Stephen Downs from Robert Wood Johnson Foundation discuss their solutions for patients and health care professionals Download the

    Original URL path: http://www.markle.org/publications/939-interactive-demonstrations-connecting-americans-their-health-care (2016-02-10)
    Open archived version from archive

  • Connecting Americans to their Health Care: Improving Access and Protecting Privacy | Markle | Advancing America's Future
    America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos About Markle Page Sections About Markle A Message from Zoë Baird Our Principles Our Impact Board of Directors Senior Team Our History Quick Links Conference Space Events Markle in the News Media Releases Past Initiatives President s Letters Rework America Page Sections About Rework America A Message from Rework America Opportunity for All Our Impact Initiative Members Expert Advisors Quick Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos Connecting Americans to their Health Care Improving Access and Protecting Privacy Publication Date Thursday December 7 2006 Janlori Goldman from Health Privacy Project Alan Westin from Columbia University Harriet Pearson from IBM and Jodi Daniel from the Office of the National Coordinator for Health Information Technology discuss consumers attitudes their concerns over privacy and security of personal information and what

    Original URL path: http://www.markle.org/publications/938-connecting-americans-their-health-care-improving-access-and-protecting-privacy (2016-02-10)
    Open archived version from archive

  • Connecting Americans to their Health Care: Future of PHRs | Markle | Advancing America's Future
    Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos About Markle Page Sections About Markle A Message from Zoë Baird Our Principles Our Impact Board of Directors Senior Team Our History Quick Links Conference Space Events Markle in the News Media Releases Past Initiatives President s Letters Rework America Page Sections About Rework America A Message from Rework America Opportunity for All Our Impact Initiative Members Expert Advisors Quick Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos Connecting Americans to their Health Care Future of PHRs Publication Date Friday December 8 2006 Josh Lemieux from Markle Foundation Philip Marshall from WebMD Peter Reuschel from InterComponentWare Anna Slomovic from Revolution Health and Eric Dishman from Intel Corporation discuss the current and future state of technology and health care and how both might influence the development

    Original URL path: http://www.markle.org/publications/936-connecting-americans-their-health-care-future-phrs (2016-02-10)
    Open archived version from archive

  • Resources | Markle | Advancing America's Future
    health records PHRs 2 and other entities not covered by the Health Insurance Portability and Accountability Act HIPAA and grants the FTC authority to issue interim final regulations governing these entities Similarly Section 13402 of ARRA imposes a new duty on entities covered by HIPAA and their business associates to provide notification to individuals when there has been a breach of unsecured protected health information PHI This latter provision applies to all PHI maintained by covered entities or their business associates including information in PHRs With respect to both of these provisions the term unsecured protected health information refers to PHI that is not secured through the use of a technology or methodology specified by the Department of Health and Human Services HHS in guidance as rendering the information unusable unreadable or indecipherable to unauthorized individuals 3 HHS has recently issued guidance on this issue the HHS Guidance on which we have submitted separate comments 4 Simultaneous with the issuance of the HHS Guidance HHS published a request for information RFI in advance of its rulemaking to implement the breach notification provisions that apply to HIPAA covered entities and their business associates We have also submitted comments on the RFI 5 The breach notification provisions in ARRA accomplish two important goals First they provide for individuals to receive notice in certain circumstances when their health information is at risk Second they create a powerful incentive for custodians of personal health information to adopt strong privacy and security practices in order to avoid a breach It is important to recognize the interaction of the rulemaking process being undertaken by FTC and HHS FTC will promulgate breach notification rules that apply to PHR vendors and related entities Breach notification rules promulgated by HHS will apply to HIPAA covered entities or business associates of such entities However the rules to be issued by both HHS and FTC will set breach notification standards for PHRs To avoid creating confusion for consumers it is critical that PHRs be subject to consistent rules governing how they store and share consumer data Our comments below are mainly directed at achieving this consistent regulatory framework We understand this issue will be broadly addressed in the forthcoming HHS and FTC privacy and security recommendations for PHRs but we strongly recommend that HHS and FTC take this early opportunity to align policies and make them meaningful to consumers who must be able to navigate their use of PHRs In June 2008 Markle Connecting for Health released the Common Framework for Networked Health Information 6 outlining consensus privacy and security policies for personal health records and other consumer access services This framework which was developed and supported by a diverse and broad group including technology companies consumer organizations and HIPAA covered entities7 was designed to meet the dual challenges of making personal health information more readily available to consumers while also protecting it from unfair or harmful practices A foundational principle of this work is that a consistent and meaningful set

    Original URL path: http://www.markle.org/publications?term_node_tid_depth=15&tid_1=All&date_filter[value]=&page=15 (2016-02-10)
    Open archived version from archive

  • Resources | Markle | Advancing America's Future
    health care providers and take an active role in transforming health care Network enabled efficiencies and safety improvements are more likely to occur if individuals and health care professionals act as partners who share access to and responsibility for updating personal health information We describe this potential in the Markle Common Framework Consumers as Network Participants Juan Alaniz Washington State Just as the goal for providers is not just acquisition of health IT it s about them using health IT to transform how they deliver health care For consumers the goal is not just that they access their health information electronically The goal is that by putting consumers in the driver s seat they can become direct participants in their care in collaboration with their physicians and they can help direct how their health care will be delivered In the last few years several factors have accelerated the effort to connect consumers to their health care providers and their own information As in other sectors many health entities such as integrated delivery networks and health insurers recognize the value of and are emphasizing online connections with consumers to improve service lower administrative costs and remain competitive The Health Information Technology for Economic and Clinical Health HITECH Act established that individuals have the right to obtain electronic copies of their information held in electronic health records EHRs The MU requirements under HITECH also have placed priority on patient access and engagement for providers and hospitals to qualify for federal financial incentives Section 13405 e of HITECH established an individual s right to request information in electronic format from EHRs and have it sent to a service of the individual s choosing Although there may be varying interpretations as to whether this provision applies specifically to state or regional health information sharing efforts it clearly establishes the basic expectation that health IT will help foster individual access to personal health information The MU requirements of the EHR Incentives Program include the delivery of electronic copies of personal health information to patients For Stage 2 of this program it has been proposed that patients should be able to view and download their information from participating providers and hospitals Similarly patient engagement is likely to be a focus for emerging requirements for Accountable Care Organizations ACOs within the Medicare Shared Savings Program Individual access is also addressed in a March 2012 Program Information Notice titled Privacy and Security Framework Requirements and Guidance for the State Health Information Exchange Cooperative Agreement Program released by the Office of the National Coordinator for Health Information Technology ONC As a result of all of these factors several health information sharing efforts are seeking ways to help participating providers and hospitals fulfill these MU and health care reform requirements These health information sharing efforts are contemplating how to enable providers achievement of these requirements in a variety of ways For example some will seek to provide secure access directly to individuals to retrieve information such as medication lists or past lab results from doctors and hospitals Alternatively some may supply such information to the providers EHRs which in turn offer online access to individuals through secure online patient portals or electronic PHRs Yet another opportunity to provide individuals with access to their own health information is via secure e mail In all cases the provider would have a primary role in engaging patient participation which could help satisfy some of the requirements of these programs Notably a health information sharing effort does not have to aggregate an individual s information in order to provide a useful service Simply providing basic information such as record location services can be useful to both participating providers as well as patients The information a health information sharing effort is able to make available to patients will reflect its larger structure and organization and should respect the meaningful decisions individuals have made with the providers or entities with whom they have a relationship about whether and how to share their health share their information Regardless of the ways in which consumers may be ultimately given access to their personal health information such access must be implemented with careful policies and practices in place to protect personal health information and earn the trust of the public and providers Back to top III What are the components of the Framework and how can they be incorporated in the procurement process for personal health information services The Markle Common Framework for Networked Personal Health Information is built upon a set of core principles that provide the foundation for managing personal health information within consumer accessible data streams These principles are based on accepted FIPPs Each principle must be contextualized into a set of policy and technology practices that together protect privacy and enhance trust All such policy and technology practice areas must be addressed in a sound and public way to provide adequate protections to consumers and to encourage trust across a network See Appendix A for the principles and Appendix B for the practice areas A useful resource to implement the Markle Common Framework for Networked Personal Health Information is the detailed due diligence Policy and Technology Checklists for Procurers and Implementers These tools were derived by analyzing the recommendations of each practice area then developing a set of detailed questions that can be used as a checklist of recommended policy practices which may be used in requests for information RFI requests for proposals RFP procurement requirements or policy development discussion guides Back to top IV What is a good starting point for individual access The ability for individuals to log in securely online to view and download pertinent health information such as what is required for patient engagement under Meaningful Use is a good starting place for enabling individual access The Markle Connecting for Health public private collaboration has emphasized the download capability as a critical building block for patient engagement and market innovation 3 Implementing the online view and download capability for patients is not the same as developing and implementing a fully functional PHR The basic requirements begin with secure online access meaning that the identity of each individual given credentials to access his or her own data must be proofed to an acceptable level of accuracy and the individual must present an acceptable token e g unique username and password combination upon login to get access to the data for view and or to download Establishing an individual s identity and issuing authentication tokens for network access can be a significant barrier for health information sharing efforts or any entity that does not have a direct relationship with the patient The solutions will depend on the relationship that the entity has with patients or whether it can bootstrap identity proofing performed at participating provider organizations or other organizations that may have a relationship with the consumers The CT2 guide of the Markle Common Framework for Networked Personal Health Information has a detailed set of recommendations regarding identity proofing and monitoring authentication tokens and reliance on third parties for such services The second basic requirement is that logged in individuals be able to view and download key information about themselves in human readable formats The MU patient engagement data sets are a good place to start such as problem and medication lists allergies laboratory results and clinical visit summaries from eligible providers and hospital discharge instructions from eligible hospitals Any entity offering the download capability should obtain independent confirmation from the individual i e such as a yes response to a question that the individual wants to download a copy of personal health information Such independent confirmation should be obtained after presenting the individual with at a minimum the following clearly stated information Health records can contain sensitive information If you download sensitive information to a shared or unsecured computer or device others might see it You are responsible for protecting the information that you download and for deciding with whom to share it Are you sure you want to download a copy of your personal health information to the computer or device you are using With respect to download formats human readability is the minimum requirement Additionally if the data are available in the standardized clinical summary formats endorsed as MU standards i e CCD or CCR the patient should have an option to download that data in those formats The bottom line requirement for human readability ensures that people will not need to use a specific application or service to see their own health information They should have the option of viewing and downloading their information in human readable form through ubiquitous Internet browsers and common software formats e g text spreadsheet or PDF By human readable we mean information viewable and downloadable online should be in English or other language common to a provider s majority population of patients It is ideal for the terminology to be as patient friendly and free of medical jargon as possible as well as translated into languages common to a provider s patient population However we do not recommend strict requirements for how understandable the information must be to patients at this time It is more important to make the information available securely and conveniently online The important distinction of a basic view and download capability is that the entity providing it does not also necessarily have to do the hard work of developing applications that allow consumers to use or manipulate their own health information Once individuals download their information they have the opportunity to choose from a variety of different services or offerings to manage and use the information further The experience at the U S Department of Veterans Affairs VA and with the Medicare and TRICARE programs demonstrate that the basic capability has value to patients and can spur private sector innovation When the VA enabled patients to download their information the private sector responded by demonstrating a wide range of applications that made that information useful to patients making it easier to know when to take medications storing medical images and connecting with peers who have similar health conditions As the download capability becomes a common feature individuals may have a need for proxy services to organize and regularly update their personal health information The Markle Common Framework Policies in Practice The Download Capability provides specific recommendations for health information sharing efforts and other data holders to enable patients to download their information as well as policy considerations for enabling secure automated downloads through a variety of services Back to top Appendix A The Markle Common Framework for Networked Personal Health Information consists of Consumer Policy CP and Consumer Technology CT guides it is a hallmark of the approach that policy and technology work together interdependently Here are the nine principles and their corresponding guides CORE POLICY PRINCIPLES MARKLE COMMON FRAMEWORK FOR NETWORKED PERSONAL HEALTH INFORMATION PRACTICE AREAS 1 Openness and transparency Consumers should be able to know what information has been collected about them the purpose of its use who can access and use it and where it resides They should also be informed about how they may obtain access to information collected about them and how they may control who has access to it CP2 Policy Notice to Consumers 2 Purpose specification The purposes for which personal data are collected should be specified at the time of collection and the subsequent use should be limited to those purposes or others that are specified on each occasion of change of purpose CP2 Policy Notice to Consumers CP3 Consumer Consent to Collections Uses and Disclosures of Information CT4 Limitations on Identifying Information 3 Collection limitation and data minimization Personal health information should only be collected for specified purposes and should be obtained by lawful and fair means The collection and storage of personal health data should be limited to that information necessary to carry out the specified purpose Where possible consumers should have the knowledge of or provide consent for collection of their personal health information CP2 Policy Notice to Consumers CP3 Consumer Consent to Collections Uses and Disclosures of Information CT4 Limitations on Identifying Information 4 Use limitation Personal data should not be disclosed made available or otherwise used for purposes other than those specified CP2 Policy Notice to Consumers CP3 Consumer Consent to Collections Uses and Disclosures of Information CP7 Discrimination and Compelled Disclosures CT3 Immutable Audit Trails CT4 Limitations on Identifying Information 5 Individual participation and control Consumers should be able to control access to their personal information They should know who is storing what information on them and how that information is being used They should also be able to review the way their information is being used or stored CP3 Consumer Consent to Collections Uses and Disclosures of Information CP5 Notification of Misuse or Breach CP7 Discrimination and Compelled Disclosures CP8 Consumer Obtainment and Control of Information CT3 Immutable Audit Trails CT5 Portablility of Information 6 Data quality and integrity All personal data collected should be relevant to the purposes for which they are to be used and should be accurate complete and up to date CP6 Dispute Resolution CP8 Consumer Obtainment and Control of Information CT2 Authentication of Consumers CT3 Immutable Audit Trails 7 Security safeguards and controls Reasonable safeguards should protect personal data against such risks as loss or unauthorized access use destruction modification or disclosure CP5 Notification of Misuse or Breach CT2 Authentication of Consumers CT4 Limitations on Identifying Information CT6 Security and Systems Requirements CT7 An Architecture for Consumer Participation 8 Accountability and oversight Entities in control of personal health information must be held accountable for implementing these principles CP4 Chain of Trust Agreements CP5 Notification of Misuse or Breach CP6 Dispute Resolution CP9 Enforcement of Policies CT3 Immutable Audit Trails 9 Remedies Remedies must exist to address security breaches or privacy violations CP5 Notification of Misuse or Breach CP6 Dispute Resolution CP9 Enforcement of Policies Back to top Appendix B Consumers as Network Participants Explains why consumer participation can be transformative in health care as it has been in other sectors why networked personal health records PHRs are a vital tool to empowering consumers and how policies can help guide an emerging industry CP1 Policy Overview Describes the policy landscape including how the Health Information Portability and Accountability Act HIPAA as well as state and contract laws apply to emerging consumer data streams Explains unregulated and regulated areas of the current environment and argues for a voluntary common framework of policies CP2 Policy Notice to Consumers Recommends preferred practices for giving consumers access to the policies for collection use and disclosures of personal health information including privacy and security practices terms and conditions of use and other relevant policies CP3 Consumer Consent to Collections Uses and Disclosures of Information Describes mechanisms to capture the consumer s agreement prior to any collection use or disclosure of personal data explains why notice and consent are not sufficient by themselves in providing adequate protection for consumers CP4 Chain of Trust Agreements Describes the merits and limitations of contractual mechanisms among parties exchanging personal health information recommends important limitations to place on unaffiliated third parties including vendors service providers and others who receive personal data or de identified data CP5 Notification of Misuse or Breach Discusses what to do if something goes wrong Recommends that consumers be individually informed if their personal information was or is reasonably believed to have been disclosed or acquired by an unauthorized person or party in a form that carries significant risk of compromising the security confidentiality or integrity of personal information CP6 Dispute Resolution Recommends that consumers be provided a clear and logical pathway to resolve disputes such as over breach or misuse data quality or matching errors allegations of unfair or deceptive trade practices etc CP7 Discrimination and Compelled Disclosures Recommends policies to bar discrimination and compelled disclosures such as when the consumer s authorization for release of data is required in order to obtain employment benefits or other services CP8 Consumer Obtainment and Control of Information Covers several areas to facilitate the consumer s ability to electronically collect store and control copies of personal health information including requesting data in an electronic format allowing for proxy access to an account requesting amendments or disputing entries of data Also covers appropriate retention of information in inactive accounts and consumer requests to delete data and terminate their accounts CP9 Enforcement of Policies Raises the issue of how policies and practices should be enforced on the network describes the pros and cons of several different enforcement mechanisms including enforcing current laws amending and expanding HIPAA creating new law to govern Consumer Access Services encouraging self attestation with third party validation and encouraging consumer based ratings CT1 Technology Overview Describes the complexity of emerging digital health data streams explains how information can be combined to build revealing profiles of individuals depicts how health care entities and consumer technology innovators operate under different cultures that can clash without basic rules of the road CT2 Authentication of Consumers Provides a framework for establishing and confirming the identity of individual consumers so that they may participate on a network CT3 Immutable Audit Trails Recommends that audit trails be a basic requirement of PHRs and supporting services explains the value of providing consumers with convenient electronic access to an audit trail as a mechanism to demonstrate compliance with use and disclosure authorization s CT4 Limitations on Identifying Information Recommends strong limitations on disclosures of identifying data to third parties Supports disclosures only of those data that are reasonably necessary to perform the limited function s to which the third parties are authorized Provides a caveat about considering data de identified CT5 Portability of Information Highlights the importance of the consumer s ability to export and import information in industry standard formats as they become available CT6 Security and Systems Requirements Provides a brief outline on basic security protections Recommends continuous monitoring of industry practices and threats as well as personnel training and strict policies regarding who can access consumer data and consequences for security violations CT7 An Architecture for Consumer Participation Provides a view on how Consumer Access Services can fit within the Connecting for Health approach to architecture for a Nationwide Health Information Network NHIN Back to top The Policies in Practice apply the term health information sharing effort broadly to refer to any initiative that supports the electronic exchange of health information between data holders Similar terminology includes health information exchange HIE regional health information organization RHIO and sub network organization SNO Markle Health in a Networked Life Public and Doctors Alike Support Allowing Individuals to Download Their Own Health Information Markle Foundation last modified January 31 2011 http www markle org publications 1441 public and doctors alike support allowing individuals download their own health in accessed on February 22 2012 Markle Connecting for Health Work Group on Consumer Engagement Policies in Practice The Download Capability Markle Foundation last modified August 31 2010 http www markle org publications 1198 policies practice download capability accessed on February 22 2012 2012 Markle Foundation This work was originally published as part of the Markle Connecting for Health Common Framework Policies in Practice for Health Information Sharing and is made available subject to the terms of a License You may make copies of this work however by copying or exercising any other rights to the work you accept and agree to be bound by the terms of the License All copies of this work must reproduce this copyright information and notice Consent The document you are reading is part of the Markle Connecting for Health Common Framework for Private and Secure Health Information Exchange Markle Common Framework The Markle Common Framework includes a set of foundational policy and technology guides published in 2006 In April 2012 a set of Policies in Practice was published to further specify these foundational documents and address a range of critical health information sharing implementation needs identified by experts working in the field Contents I Introduction II Background and Definition of Terms III Where and How to Start IV Sequencing of Decisions Getting to the Details Conclusion Appendix I Introduction When building systems for electronic health information sharing 1 implementers face many tough questions One of the most challenging involves whether and if so how individuals should be provided with choices about permitting their personal health information to be made part of or accessible through the system This is often the first issue implementers seek to resolve but paradoxically it is nearly impossible to resolve first or to resolve in a vacuum Providing individuals with meaningful and well informed choice about information sharing is completely dependent on several other attributes of information sharing such as who can access the information for what purposes which security practices are in place and how data holders are held accountable for their stewardship of data Health information sharing efforts must consider the entirety of the circumstances of health information sharing and the way those circumstances affect the risks and benefits of information sharing These issues must be decided before implementers can consider the issue of choice This Policies in Practice resource supplements the Markle Connecting for Health Common Framework for Private and Secure Health Information Exchange Markle Common Framework It is meant to provide implementation context for the Individual Participation and Control principle and suggest ways for health information sharing efforts to establish their own policies and best practices on this issue including a sequence to inform consideration of consent policies This resource benefits from the implementation experience and the legal and policy developments that have occurred since the Markle Common Framework was issued in 2006 Back to top II Background and Definition of Terms Historically frameworks for protecting privacy begin with Fair Information Practice Principles FIPPs established in the 1970s and still relevant today Most U S privacy law today is based on FIPPs as described in P1 The Architecture for Privacy in a Networked Health Information Environment FIPPs continue to be the backbone for establishing workable privacy and security policies for all types of sensitive personal information As explained in more detail in P2 Model Privacy Policies and Procedures for Health Information Exchange focusing on consent policy without addressing the other FIPPs often provides only very weak privacy protection in practice 2 Relying on consent as the sole or most significant privacy policy shifts the burden of protecting health information to the individual who then has only the option of saying yes or no to information sharing that may not be subject to a full complement of protective policies and practices When individuals are provided with choices about electronic health information exchange making those choices understandable and meaningful is dependent on implementation of policies that address all of the FIPPs The decision to engage in health information sharing is not is it opt in or opt out Instead the choice is more complex ideally made with full transparency about how information will be shared and the risks and benefits that come with making the choice to or not to participate The Markle Common Framework articulates a robust complement of privacy principles originally based on FIPPs and the Organization for Economic Co operation and Development OECD principles In 2008 the federal Office of the National Coordinator for Health Information Technology ONC adopted its own set of FIPPs based principles the The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information based in part on Markle s version Building on the ONC framework in March 2012 ONC provided guidance to state health information exchanges on privacy and security also utilizing a FIPPs based framework approach Privacy and Security Framework Requirements and Guidance for the State Health Information Exchange Cooperative Agreement Program The Markle Common Framework s nine FIPPs based privacy principles are explained fully in P2 Model Privacy Policies and Procedures for Health Information Exchange and set forth below Openness and Transparency There should be a general policy of openness about developments practices and policies with respect to personal data Individuals should be able to know what information exists about them the purpose of its use who can access and use it and where it resides Purpose Specification and Minimization The purposes for which personal data is collected should be specified at the time of collection and the subsequent use should be limited to those purposes or others that are specified on each occasion of change of purpose Collection Limitation Personal health information should only be collected for specified purposes should be obtained by lawful and fair means and where possible with the knowledge or consent of the data subject Use Limitation Personal data should not be disclosed made available or otherwise used for purposes other than those specified Individual Participation and Control Individuals should have access to their personal health information Individuals should be able to obtain from each entity that controls personal health data information about whether or not the entity has data relating to them Individuals should have the right to Have personal data relating to them communicated within a reasonable time at an affordable charge if any and in a form that is readily understandable Be given reasons if a request as described above is denied and to be able to challenge such a denial Challenge data relating to them and have it rectified completed or amended Data Integrity and Quality All personal data collected should be relevant to the purposes for which it is to be used and should be accurate complete and current Security Safeguards and Controls Personal data should be protected by reasonable security safeguards against such risks as loss unauthorized access destruction use modification or disclosure Accountability and Oversight Entities in control of personal health data must be held accountable for implementing these information practices Remedies Legal and financial remedies must exist to address any security breaches or privacy violations Ultimately the goal of enacting a comprehensive set of privacy and security policies is to build and maintain public trust in electronic health information sharing Health information sharing efforts must implement policies necessary to achieve the goals of exchange thereby maintaining an environment of trust in their communities The Markle Common Framework Network Approach For individuals trust in health information sharing emanates from trust in their health care providers legal and ethical duties to keep information confidential A key recommended practice of the Markle Common Framework is that decisions about what to share and when to share remain with the person or entity that has the relationship with the patient The role of protecting privacy and security does not rest solely with policy Technology also plays a critical role in enabling privacy by the way it is designed The interdependence of policy and technology is a paradigm described in the Markle Common Framework For example to achieve health information sharing the Markle Common Framework describes a network of networks distributed approach where data does not have to be centralized in order to be shared From a technology perspective access to patient data involves an intentional two step process The requester Uses a record locator service index RLS index to find where the patient s data is located Makes the request for the patient s data at which point the data holder determines how to respond Refer to P3 Notification and Consent When Using a Record Locator Service and T1 The Markle Common Framework Technical Issues and Requirements for Implementation A hallmark of the RLS system is that the RLS index has no clinical data or metadata The index has only demographic information and pointers to the location of the patient s information This separation of clinical and demographic data is a technical requirement that was developed specifically to fulfill a policy objective to leave decisions about what to share at the edges of the network with the entity that has the relationship with the patient rather than technical models where the decision about what to share is made centrally This structure leaves intact the foundation for trust in health information sharing i e the relationship between the patient and health care provider The data holder ultimately implements the patient s choices with respect to sharing information consistent with law and policy and the data holder s relationship with the patient Back to top III Where and How to Start Federal and State Law Compliance As a threshold matter health information sharing efforts must comply with federal privacy laws and the laws of the state in which they are located or doing business The Health Insurance Portability and Accountability Act HIPAA does not require individual consent for many routine collection use and disclosure of health information activities defined as treatment payment and health care operations but several states impose consent requirements that apply to collection use and or disclosure of health information some pertaining to all health information and some only to specific types of health information 3 Further federal regulations governing federally assisted substance abuse treatment facilities and governing certain educational institutions impose stricter consent requirements and may apply to some health care data holders Implementers will need to keep up to date with all relevant laws and regulations that apply to them Relevant changes to HIPAA as amended by HITECH are covered in Key Laws and Regulations Changes Relevant to the Markle Common Framework As federal regulators continue to respond to programmatic efforts such as the Meaningful Use program through the promulgation of regulations and policy guidance implementers should also be aware of activities underway among relevant federal policy advisory bodies regarding health information sharing and their suggested policies and practices In addition key federal agencies with jurisdiction over consumer privacy have begun to suggest policy options and best practices that can inform health information sharing efforts For some health information sharing efforts applicable state law will set explicit consent policy that must be followed However for some states there are no additional legal requirements requiring individual consent to be obtained In either case health information sharing efforts will need to determine whether to adopt a policy on consent that goes beyond what the law may require Jenny Smith Louisiana Health Care Quality Forum past Addressing consent is more complex than we expected it to be We discovered many layers to state laws that surfaced technical and legal questions For example we learned that under Louisiana law consumers have the right to consent But we needed to understand what that means Does the law require consent to share the data or consent to use the data Can we aggregate data in a health information exchange without individual patient consent or do we need consent before this data is aggregated The process to address the complexity of this topic requires a very significant level of legal expertise financial resources and time Developing a consent policy based on FIPPs A three step process Consent policy development must account for other important technical and policy attributes of information sharing and is effective only when considered within the entirety of the circumstances of exchange that occur in any particular health information sharing effort Consequently setting effective policy on individual consent will be nearly impossible if the issue is taken up first before the basic boundaries objectives and model of information sharing have been established This Policies in Practice recommends a sequence for developing privacy and security policy Step 1 Initiate a policy setting process based on sound governance principles Step 2 Consider all of the FIPPs based privacy principles together to develop a set of specific baseline policies Step 3 Address the FIPPs based privacy principles of Individual Participation and Control and Openness and Transparency last when determining policies with respect to consent Consent is last in the sequence above because this set of policies what choices people will have and how they will exercise them should only be made once the circumstances of the health information sharing and the other key data sharing policies are considered Thus its placement in the sequence reflects its innate dependency on other foundational policy decisions This sequence also describes a process that can be deployed to re evaluate decisions on consent as circumstances change Consent policy development is not a one time process Such policies must be revisited or refreshed from time to time such as in response to changes in law or policy technology decisions for example an expansion of acceptable uses of the network or the addition of new technical functionalities or the scope or purpose of information sharing The expectations of individuals about the uses of their data may also change over time based on increased participation in health information sharing by providers Individuals may also change their data sharing preferences in response to changing life circumstances for example health status or marriage status Implementation at both the policy and technology levels needs to accommodate the ability for individuals to change their choices over time and have them prospectively honored Back to top IV Sequencing of Decisions Getting to the Details Step 1 Initiate a Policy Setting Process Based on Sound Governance Principles Coming to agreement on workable information sharing policies requires broad objective and inclusive involvement from various participants and the public at large in order to get appropriate and relevant feedback and to secure early buy in as well as ongoing support Public trust will occur through both sound policies and an inclusive process which also includes having consumers at the decision making table For more information on policies and practices for trust and interoperability with meaningful consumer participation see Governance of Health Information Sharing Efforts Achieving Trust and Interoperability with Meaningful Consumer Participation Step 2 Consider all of the FIPPs based privacy principles together to develop a set of specific baseline policies Purpose Specification and Minimization principle Determining the purposes for sharing heath information is the critical first step in determining the appropriate data sharing policies that will accomplish those purposes Many initiatives start by information sharing for individual treatment purposes only and limiting information sharing to those who are involved in the individual s treatment Some initiatives broaden the permissible uses to include other lawful purposes for data sharing such as for payment operations public health and other research In addition the types of entities permitted to participate in information sharing may broaden as the purposes for information sharing expand Still other initiatives permit sharing for any lawful purpose without additional policy limitations Regardless of whether the permitted purposes for information sharing are broad or more confined this information is part of the risk benefit calculus for information sharing and will be critical to determining whether and to what extent individuals will have choices with respect to whether their information is part of or shared through a health information sharing effort Collection and Use Limitation principles The minimization principle is reflected to some extent in the HIPAA minimum necessary standard and will likely vary depending on the purposes for which data is to be collected accessed or disclosed For example the information needed in order to treat an individual who seems to be suffering from flu symptoms will be different from the information needed to report a case of the flu to public health authorities In the Markle Common Framework Policy Guide P2 Model Privacy Policies and Procedures for Health Information Exchange SNO Policy 400 describes potential purposes for information sharing and policies for data minimization SNO Policy 600 specifically addresses the policy of minimum necessary Joe Heyman solo gynecologist Wellport Health Information Exchange Steering Committee member Massachusetts To start the consent policy conversation we began by identifying what data would be available through the health information exchange This took months Ultimately we decided that we would exchange the shared health summary or Continuity of Care Record CCR We had a lot of hearty discussion and conversation about whether additional information beyond that which is included in the CCR should be shared

    Original URL path: http://www.markle.org/resources/rework-america/video/about-markle/event/general-markle-financial-information/health/rework-america/video/economic/commentary-rework-america-members?term_node_tid_depth=All&tid_1=All&date_filter[value]=&page=16&tid=All (2016-02-10)
    Open archived version from archive

  • Homepage News Events | Markle | Advancing America's Future
    Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos About Markle Page Sections About Markle A Message from Zoë Baird Our Principles Our Impact Board of Directors Senior Team Our History Quick Links Conference Space Events Markle in the News Media Releases Past Initiatives President s Letters Rework America Page Sections About Rework America A Message from Rework America Opportunity for All Our Impact Initiative Members Expert Advisors Quick Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos News Events Collaborative Comments on the HHS Quality Strategy Outline Letter states clear health priorities and goals are essential for the HHS National Health Care Quality Strategy and Plan Chinese Turn to Internet for Entertainment and Connecting With Others as Number of Broadband Connections Increase in China Television Audience Assessment Morrisett wrote about television viewership and advertising Television America s Neglected Teacher Morrisett wrote about the potential of television in education The Twilight of Television Morrisett wrote about the advent of multimedia The Markle Foundation 1985 Morrisett wrote about the state of the Markle Foundation and the transformation its mass communications program The Age

    Original URL path: http://www.markle.org/about-markle/news-events?page=16 (2016-02-10)
    Open archived version from archive

  • Search | Markle | Advancing America's Future
    a building and construction boom of historic proportions It is estimated that over the next 25 years as much as 40 trillion will be spent on infrastructure of all types worldwide more than 80 percent of which will take place outside of the United States In addition because of urbanization and middle class growth in population dense countries like China Brazil India Indonesia and South Africa there is an increased demand for new and better services including health care transportation and entertainment These trends in global development represent a potential surge in demand for business services ranging from architecture engineering and planning to health care logistics finance and insurance American companies with their strong global reputation for expertise and high concentration of skilled workers are competitive when it comes to delivering these services As a result there is a large and largely underexploited opportunity to expand the exporting activities of American service firms Read the rest of the paper in the PDF Beyond GDP How Our Current Metrics Mismeasure the Digital Economy This paper was prepared for the Markle Economic Future Initiative Excerpted from The Second Machine Age Work Progress and Prosperity In A Time of Brilliant Technologies by Erik Brynjolfsson and Andrew McAfee Copyright 2014 by Erik Brynjolfsson and Andrew McAfee With permission of the publisher W W Norton Company All rights reserved The Gross National Product does not include the beauty of our poetry or the intelligence of our public debate It measures neither our wit nor our courage neither our wisdom nor our learning neither our compassion nor our devotion It measures everything in short except that which makes life worthwhile Robert F Kennedy When President Hoover was trying to understand what was happening during the Great Depression and design a program to fight it a comprehensive system of national accounts did not exist He had to rely on scattered data like freight car loadings commodity prices and stock price indexes that gave only an incomplete and often unreliable view of economic activity The first set of national accounts was presented to Congress in 1937 based on the pioneering work of Nobel Prize winner Simon Kuznets who worked with researchers at the National Bureau of Economic Research and a team at the US Department of Commerce The resulting set of metrics has served as beacons that helped illuminate many of the dramatic changes that transformed the economy throughout the twentieth century Read the rest of the paper in the PDF Big Data Data Analytics and America s Economic Future This paper was prepared for the Markle Economic Future Initiative Imagine a man who has worked as a welder for twenty years in Northeast Ohio One day after work he is unexpectedly laid off from his job He goes home that day to tell his wife the news They sit their two children down to tell them that they will have to start making big changes in how the family spends money The next morning he begins searching

    Original URL path: http://www.markle.org/solr-search?keyword=&page=16 (2016-02-10)
    Open archived version from archive



  •