Confidentiality, Access and Security Policy
Protecting access to patient records and data from contributing organizations is at the core of the security model that guides the Michiana Health Information Network (MHIN). The origins of these safeguards stem from confidentiality and security principles developed by MHIN stakeholders throughout Michiana in the mid-1990s, and have been carried through to all of our activities since then. They are a critical component of MHIN’s philosophy and practice today and into the future.
The following principles guide MHIN’s security model and related policies and procedures:
- The patient’s right to control access to his / her health information
- Aggressive controls to ensure the privacy of health records
- Access based solely on the need to see specific information to optimize patient care
- Strict segmenting of data to protect the privacy of each participating organization
These concepts boil down to a basic philosophy that guides us: If this were MY record, how would I want it handled? Who should have access to what – and when?
This philosophy is carried out through a sophisticated security design, careful implementation planning, an active security administration function, and comprehensive policies and procedures. Put together, they form MHIN’s security model.
MHIN has done extensive work to assure that our security model protects the patient’s privacy and each contributing organization’s data. Significant effort on the part of MHIN’s Board of Managers, staff and attorneys and Cerner Corporation, MHIN’s primary software supplier, contribute to software capabilities, policies and procedures, and network services that safeguard clients’ data and their patients’ records. The components of MHIN’s security model include:
- The Health Information Exchange (HIE) Community Model
- Security Design - Access to Data and Applications
- Technical Security Mechanisms – Data Center, networks, etc.
- Working with Clients – Implementations, Training, and Ongoing Activities
- Security Administration – Monitoring and Changes
- HIPAA – Important Guidelines and Practices
- Vendor Relations – A Longstanding Partnership
MHIN’s HIE Community Model
MHIN provides a patient-focused clinical record that contains results and other clinical information from the many health care organizations and facilities that treat patients throughout the community. This community-wide electronic health record (EHR) concept has recently received significant national attention because having complete patient information is critical to making good care decisions, reducing medical errors and improving the efficiency of the health care delivery system. And since patients receive care in many settings -- physician practices, hospitals, ambulatory treatment centers and other facilities -- EHRs need to contain information from all of these sources.
The community model that MHIN designed and operated for five years includes multiple owned and managed health care facilities, such as physician practices, hospitals, laboratories, imaging centers, and other ambulatory health care facilities. Some facilities are part of Integrated Delivery Networks (IDN), which include hospitals and other types of providers, while others are independent, free-standing entities. However, all of these service providers (regardless of ownership and organizational configuration) send data to the MHIN EHR so that physicians and other caregivers can have timely and complete electronic access to information about their patients.
In general, security and access considerations are significant for individual facilities, and become even more complicated for multi-organization IDNs and community-wide HIEs such as MHIN. For example, within a hospital there may be access limitations for patients in a psychiatric unit or for nurses who float among several nursing units. An IDN that owns and manages a combination of services and is implementing an EHR may want all physicians in its employed network to have access to the EHR record for any patient from any of the practices. However, patients typically expect that their records will regularly be available only to practice-specific physicians and staff.
Although some local, regional, and even national organizations are implementing EHRs with virtually unlimited access for all facilities and users, MHIN’s founding principles and ongoing practices define much more specific access guidelines, based on care giving relationships at specific facilities. As a result, MHIN’s community model protects the confidentiality of patient records and the data from each contributing enterprise because MHIN believes that this approach best respects patient confidentiality, state and federal regulations, and community standards.
Each health care organization determines access to the MHIN system based on its internal policies and procedures. For example, one physician practice may have nurses that take care of any patient in the practice, while physicians in another practice may have specific nurses that work only with them and their patients. In either case, MHIN’s security model enables the practice to provide nurses with appropriate access. However, MHIN’s security model also addresses community needs, especially with broader access for emergency services. The investment that MHIN has made in our community security model enables us to balance the policies of contributing organizations, community standards, and HIPAA regulations and to address complicated security issues based on guiding principles and supporting policies.
Security Design - Access to Data and Applications
MHIN’s security design specifically restricts each user from accessing information about a patient unless s/he has a care giving relationship with the patient and is associated with the health care organization providing services. Whenever possible, this relationship is established automatically via interfaces from the contributing organization’s computer systems.
In addition, there is no sharing of data between organizations in the MHIN system. Data from each participating organization exists solely in that organization's component of the database and is not accessible to other health care organizations or to users who are not associated with that organization. Further, each provider organization determines who has access to its data and sets access guidelines for users and data based on internal policies and practice. System functionality, user training, and security monitoring are all predicated on this foundation, and MHIN staff works closely with all clients to assure that their confidentiality expectations are consistent with MHIN’s security design and incorporated into their system implementations.
MHIN’s EHR and other applications are implemented so that users are limited to appropriate access and so that access is monitored. System access is guarded by user sign-ons, passwords, and specific privileges for each application. A very robust audit trail records all transactions, including attempted access. MHIN has worked closely with Cerner Corporation to assure that database design, interfaces, and application functionality support these guidelines and to assist Cerner in developing security capabilities that meet standards necessary for multi-organization HIEs, HIPAA, and other regulations. These capabilities are tested via complex scenarios that model the processes and access requirements found in a community environment such as MHIN’s.
Finally, patients and providers are also protected via detailed authorizations for release of data. All MHIN system users are strictly accountable for appropriate use of software and data access. Confidentiality agreements exist for all system users, including physicians, end users from affiliate organizations, and MHIN staff. End users must comply both with MHIN’s and their respective organization’s security, confidentiality, and access policies.
Technical Security Measures
The security design is also supported by technical capabilities to safeguard networks, telecommunications links, and the data center. Access to MHIN’s Data Center is restricted to authorized staff; doors are locked, and visits are logged. In addition to user specific application identification and password, MHIN uses industry standard tools to protect its networks and communications. Anonymous logon capabilities prevent the user from accessing resources on the server farm. Users access the MHIN System with a RC-128 bit encrypted connection via Citrix. RC-128 Bit encryption is used by the banking and credit industries and internet store fronts. An improper connection or user/password combination “breaks” the connection, and log in failures are automatically documented and reviewed.
Working with Clients – Implementations, Training, and Ongoing Activities
MHIN works closely with each client to assure that the organization’s security policies are incorporated into, and consistent with, MHIN’s security model. Discussions concerning security design considerations begin early in the implementation planning process because they are so critical to the success of the project. And each client designates a security officer who works with MHIN’s implementation team and security administration function and is responsible for making certain that the organization and its users are complying with MHIN’s security policies and procedures.
Implementation planning includes specific discussions concerning not only typical security considerations such as user access, but also more sophisticated issues such as medical staff access in various settings, e.g., hospital, practice, and home, as well as practice staff access to hospital data. Implementation planning also includes cross application considerations to assure that security functionality is consistent. Finally, security considerations are included not only during the initial implementation, but any time that new applications or organizations are added to the system.
MHIN also places great emphasis on user training, which is a critical element of an effective security function. Every person receiving a sign-on for the MHIN system receives extensive security training and signs a security contract that clearly outlines the responsibility to use the system only for specific patient care. MHIN works closely with client security officers to train users and to assure appropriate use of the system.
Security Administration – Monitoring and Changes
MHIN’s Security Administration function is responsible for carrying out MHIN’s security design and for monitoring security and access on the system. This includes:
- Initial set-up when new users, organizations, or applications are added to the system;
- Making security related changes based on revised needs of users and organizations;
- Working with client security officers in training new users, monitoring access, and following up when needed.
Security Administration has developed forms and tools to streamline adding new users, changing access for existing users and other activities such as adding or revising positions and organizations. Client security officers review and approve user access requests from supervisors within their organizations. These requests are forwarded electronically to MHIN’s security officer, who reviews and implements them or works with the client security officer to revise the requests to comply with security guidelines.
In addition, Security Administration also works with client security officers and supervisors to monitor user access and to follow-up if needed. Each client determines who will monitor user access – in hospitals this responsibility has typically fallen to the user’s supervisor, while in smaller organizations such as physician practices, the security officer generally monitors user access. MHIN’s Security Administration has developed audit reports to facilitate the understanding of how users are accessing the system and to assure compliance with MHIN’s privacy and access policies.
HIPAA
As a Business Associate to organizations that supply data to the MHIN EHR and a community-based organization whose existence depends on a secure system, MHIN is committed to meeting or exceeding HIPAA regulations concerning security and privacy. The security model that MHIN developed prior to HIPAA puts us in an excellent position relative to current and anticipated standards. Even before the advent of HIPAA, MHIN had developed and implemented robust policies and procedures related to community-based confidentiality, privacy, and access standards.
MHIN works with participating organizations to ensure that our practices support their policies and procedures related to HIPAA and that these provider organizations can use information in the MHIN EHR to provide personal health information to their patients who request it. In addition, MHIN has been a leader in working with Cerner Corporation assure product functionality to support HIPAA.
Vendor Relations – A Longstanding Partnership
MHIN has worked closely with Cerner Corporation on matters related to confidentiality and security since 1995. We have developed and tested software requirements and have made joint presentations concerning HIPAA-compliant functionality . Even with increased attention to confidentiality and security by healthcare organizations throughout the country, Cerner has identified MHIN as having the most sophisticated security model of any client.