Privacy and Security Gets Expanded Focus

Security Consultant, WebEx Update, and Workgroup

Privacy and Security Gets Expanded Focus

Data security and privacy issues are a central focus of HSX staff work, as the team diligently develops the policy framework and infrastructure to support expansion of services from Direct message exchange to robust query exchange.  In this interest, HealthShare Exchange has engaged MedITology Services, a consulting firm with expertise in this area, to assist HSX in developing policies, risk assessment, and penetration testing to support the expanding HSX services. 

In addition, on March 5, 2015, HSX hosted a WebEx for member privacy officers and chief information officers.  HSX’s legal counsel, Helen Oscislawski, Esq., and the HSX staff presented:

  • a review of the HSX use cases with the corresponding privacy framework governing each one;
  • the results of the member consent-management survey (demonstrating that HSX members are currently deploying different consent models, some requiring consent for participation in health information exchange and some using an opt-out model);
  • and the HSX Opt-Out and Opt-Back-In Policy with an example of a best practice.

HealthShare Exchange is establishing a Privacy and Security Workgroup to guide HSX practices.  The exchange is in the process of recruiting members for this workgroup, which will initially meet monthly and ultimately move to a quarterly meeting schedule.  HSX plans to kick-off the workgroup at the end of April.  

Qualified individuals interested in participating on the workgroup should contact Pam Clarke at pam.clarke@hsxsepa.org.