The Health Information Security and Privacy Collaboration (HISPC)
Office on National Coordinator for Health IT has placed all HIPSC documents on its Web site. Much of the content on ONC’s HISPC front page is excerpted below. HISPC was a 2006-2009 series of projects produced under HHS contracts with as many as 42 states and territories.
Click here for HISPC page on ONC site. 

Also see pdf of AIM (Act and Implementation Manual). 

HISPC documents and accomplishments came up today at one of the Regional Collaboration Meeting breakout sessions at the Health IT Conference in Boston April 29-30, 2010. So this post id dedicated to responding to those questions and needs. 

Location on ONC site showing breadcrumbs:
Home > ONC Initiatives > State Level Initiatives >
Health Information Security and Privacy Collaboration (HISPC)

Excerpted from ONC’s Section on April 29, 2010.
The Health Information Security and Privacy Collaboration
(HISPC) 

“Established in June 2006 by RTI International through a contract with the U.S. Department of Health and Human Services (HHS), the Health Information Security and Privacy Collaboration (HISPC) originally comprised 34 states and territories. HISPC phase 3 began in April 2008, and HISPC now comprises 42 states and territories, and aims to address the privacy and security challenges presented by electronic health information exchange through multi-state collaboration. Each HISPC participant continues to have the support of its state or territorial governor and maintains a steering committee and contact with a range of local stakeholders to ensure that developed solutions accurately reflect local preferences. 

“The third phase, comprises 7 multi-state collaborative privacy and security projects focused on analyzing consent data elements in state law; studying intrastate and interstate consent policies; developing tools to help harmonize state privacy laws; developing tools and strategies to educate and engage consumers; developing a toolkit to educate providers; recommending basic security policy requirements; and developing inter-organizational agreements. 

“Each project is designed to develop common, replicable multi-state solutions that have the potential to reduce variation in and harmonize privacy and security practices, policies, and laws. 

“Click on the boxes below to view more details about the Collaboratives and their products.” 

EDUCATION         
    

STATE LAW AND CONSENT POLICY
       

ORGANIZATIONAL POLICY
    

HISPC Reports on
State Law, Business Practices, and Policy Variations 

“Conducted during 2009 as part of the Health Information Security and Privacy Collaboration (HISPC), the following compendium of 5 reports detail variations in state law, business practices and policy related to privacy and security and the electronic exchange of health information.   For quick reference, several reports contain aggregate findings tables in their appendices.  Summaries of each report are below.” 

**For citation purposes, please use the date the reports were published and released to the public: January 13th, 2010.** 

Report on State Medical Record Access Laws [PDF - 308 KB] 

• Appendix A-1 [PDF - 130 KB]
  
• Appendix A-2 [PDF - 205 KB]
  
• Appendix A-3 [PDF - 117 KB]
  
• Appendix A-4 [PDF - 265 KB]
• Appendix A-5 [PDF - 528 KB]
• Appendix A-6 [PDF - 304 KB]
• Appendix A-7 [PDF - 166 KB]
• Appendix A-8 [PDF - 457 KB]
• Appendix A-9 [PDF - 613 KB]
• Appendix B-1 [PDF - 441 KB]

“This report analyzes state laws that are intended to require health care providers (specifically, medical doctors and hospitals) to afford individuals access to their own health information and to identify potential barriers to the electronic exchange of health information.  Specific state law provisions examined: scope of medical records to which patients are afforded access, format of information furnished, deadlines for responding to requests, fees for furnishing copies, record retention laws and access to records of minors.”

Report on State Law Requirements for Patient Permission to Disclose Health Information [PDF - 2.25 MB]
“In Phase I of the HISPC project a majority of participants reported significant variation in the business practices and policies surrounding the need for and process of obtaining patient permission to use and disclose personal health information for a variety of purposes, including for treatment. This report furthers the initial work of this project by collating and analyzing state laws that govern the disclosure of identifiable health information for treatment purposes to identify commonalities and differences.”
 
Releasing Clinical Laboratory Test Results: Report on Survey of State Laws [PDF - 1.38 MB]
“For this report, state statutes and regulations were analyzed to determine to whom clinical laboratories may release test results. This report focused on clinical laboratory and hospital licensing laws (that contain standards for hospital laboratories). It also examined general state medical record access laws to determine whether they provided an avenue for patients to access their clinical laboratory results directly.”

Report on State Prescribing Laws: Implications for e-Prescribing [PDF - 331 KB] 

• Appendix A [PDF - 514 KB]
• Appendix B [PDF - 60.5 KB]
• Appendix C [PDF - 173 KB]
• Appendix D [PDF - 125 KB]

“This report identifies and analyzes the impact and variation of state laws related to e-prescribing.  The report addresses state laws related to the e-prescribing of controlled and non-controlled substances as well as topics such as record keeping and content requirements, out-of-state prescriptions, and generic substitution laws.” 

Perspectives on Patient Matching: Approaches, Findings, and Challenges [PDF - 629 KB]
“This report analyzes various approaches to matching patients to their health information in the context of electronic health information exchange.  Current and potential methods for matching patients to their health records are discussed, challenges to performing patient matching such as scalability and ease of use are analyzed, and the types of information some HIOs use to match patients to their health records is described.”