Legal and Regulatory

Privacy and Security are key policy topics in the healthcare industry and therefore at the top of the agenda for discussion and action by the administration, congress, the federal government and the healthcare industry.

HIMSS Privacy and Security Initiative leverages member and staff subject matter expertise to provide insight and technical content expertise on privacy and security topics, to provide support to HIMSS government relations staff and HIMSS members, consistent with HIMSS’ primary policy focus - to provide leadership and education on healthcare issues and policy in order to remove barriers and enable implementation of solutions. See the HIMSS Public Policy Web Page for more information.

Privacy and Security Policy Task Force (P&S Policy TF)
The HIMSS Privacy and Security Task Force supports HIMSS advocacy activities by providing privacy and security expertise and input such as position statements, explanatory/educational materials, and model legislative texts for distribution to federal, state and local lawmakers as appropriate.

The P&S Policy TF work relating to legislative and regulatory actions is guided by the HIMSS Principles on Government Initiatives.


Chair Person:
Dixie B. Baker, PhD
Senior Vice President
SAIC

Staff Contact:
Lisa A. Gallagher, BSEE, CISM, CPHIMS
Senior Director, Privacy and Security
HIMSS
(703) 562-8816
lgallagher@himss.org

Announcements

NCSL Releases Report on Enacted Health Information Technology Legislation NEW!
The National Conference of State Legislatures (NCSL) released a report, Health Information Technology 2007 and 2008 State Legislation. States have taken significant steps during the past two years to address policy issues associated with health IT. From January 2007 through August 2008, more than 370 bills with provisions relating to health IT were introduced in state legislatures, according to the report. The National Conference of State Legislatures found that 132 bills with health IT content were enacted in 44 states and the District of Columbia. This represents a more than threefold increase compared to 2005 and 2006, during which 36 bills were enacted, according to the eHealth Initiative.

The report identifies and analyzes five major policy trends across the enacted legislation:
• Planning
• Targeted Financing Initiatives
• Updating Privacy Laws to Facilitate Health Information Exchange
• Promoting Health Information Exchange
• Advancing Adoption and Use

Appendix A contains a side-by-side comparison of health information exchange legislation from Indiana, Texas and Vermont. Appendix B contains a summary of the health IT provisions of each enacted bill, divided into eight categories based on content. The NCSL is the bipartisan organization that serves the legislators and staffs of the states, commonwealths and territories.

Reference Documents

• Health Insurance Portability and Accountability Act (HIPAA) (PDF)
• HHS Office for Civil Rights - HIPAA
• CMS Security Standard
• Comparison to 42 CFR Part 2 (Confidentiality of Alcohol and Drug Abuse Patient Records)
• 2002 CFR Title 42 - Public Health Part 2 - Confidentiality of Alcohol and Drug Abuse Patient Records
• The Privacy Act of 1974
• Family Educational Rights and Privacy Act (FERPA)
• Gramm-Leach-Bliley Act (PDF)