PDF Print E-mail

We Care About Patient Privacy and Security

CareSpark recognizes that privacy and security of health information are critical components in establishing the trust relationship between CareSpark,  participating organizations and the patients that are served. CareSpark's structure is designed to assure protection of privacy and security through the appointment of a Privacy Officer and the function of two committees.

 1.     The Health Information Control Council functions as an advisory body overseeing the management of protected health information. This Council has responsibility for reviewing and responding to inquiries regarding use of personal health information.

2.     The Privacy Committee functions in an advisory capacity to the CareSpark Privacy Officer to assure compliance with state and federal laws regarding collection and use of protected health information.

3.     The CareSpark Privacy Officer is certified in legal requirements and best practices for the management of health information. The Privacy Officer oversees daily operations related to the development, implementation, maintenance and adherence to the organization’s privacy policies and procedures. The Privacy Officer functions as the internal resource for privacy training and applies appropriate privacy practices for emerging technologies. The Privacy Officer works with participating organizations to respond to patient requests to inspect, amend and restrict access to protected health information as required by law.

If you have any questions or concerns about the privacy of your information at CareSpark, please contact This e-mail address is being protected from spambots. You need JavaScript enabled to view it , CareSpark Privacy Officer @ 423-765-9341.

 

Reference Library

This reference library is intended to provide a focused set of key papers, presentations, and other resources to aid the readers in understanding the critical issues relating to privacy and security in electronic health information exchange.
 

Fair Information Practice Principles
The FTC's general guidelines for use and maintenance of private information.

When Businesses ATAC: Duffield Data Center is Unmatched in the US
CareSpark's Data Center will be hosted by One Partner's Advanced Technology and Applications Center (ATAC) located in Duffield, VA and due to open June, 2008. The ATAC has achieved certification as the nation's first and only commercial Tier III facility. Tier III is a designation created by The Uptime Institute as part of a system of measuring reliability of service. It means that every component of the distribution path can be removed from service on a planned basis without causing any computer equipment to shut down.

Summary of the HIPAA Privacy Rule (.pdf)
HHS Office for Civil Rights (OCR), May 2003. This is a summary, compiled by the HHS Office for Civil Rights, of key elements of the HIPAA Privacy Rule. It is not a complete or comprehensive guide to compliance, but it is often referred to as the best available and easiest to understand summary of the HIPAA Privacy Rule.

The Decade of Health Information Technology: Delivering Consumer-centric and Information-rich Health Care; Nationwide Health Information Infrastructure Framework for Strategic Action
July 21, 2004, Tommy Thompson, David Brailer, HHS. This report, written by the Office of the National Coordinator for Health Information Technology to fulfill the requirements of Executive Order 13335, outlines a framework for development and implementation of a strategic plan to guide the nationwide implementation of health information technology in both the public and private sectors.

HIMSS Security Survey
The HIMSS Security Survey reports the opinions of information technology and security professionals from healthcare provider organizations across the U.S. regarding key issues surrounding the tools and policies in place to secure electronic patient data at healthcare organizations. The study was designed to collect information on a multitude of topics regarding organizations' general security environment, including access to patient data, access tracking and audit logs, security in a networked environment, use of security in a networked environment and medical identity theft.

The Collaborative Response to the ONCHIT Request for Information (.pdf)
From a collaboration of organizations including AHIMA, ANSI, CITL, Connecting for Health, eHealth Initiative, HL7, HIMSS, and others, January 2005. On November 1, 2004, in an effort to gain broad input regarding the best mechanisms to achieve nationwide interoperability and exchange of electronic health information, the Office of the National Coordinator for Health Information Technology (ONC) released a Request for Information (RFI). Thirteen major health and technology organizations developed this collaborative response endorsing a "Common Framework" to support health information exchange in the United States while protecting patient privacy.

Emerging Trends and Issues in Health Information Exchange (.pdf)
eHealth Initiative, 2005. Selected findings from eHealth Initiative Foundation's Third Annual Survey of State, Regional, and Community-based Health Information Exchange Initiatives and Organizations.

An Introductory Resource Guide for Implementing the Health Insurance Portability Act (HIPAA) Security Rule (.pdf)
NIST Special Publication 800-66, National Institute of Standards and Technology, March 2005. This Special Publication summarizes the HIPAA security standards and explains some of the structure and organization of the Security Rule. This publication helps to educate readers about information security terms used in the HIPAA Security Rule and to improve understanding of the meaning of the security standards set out in the Security Rule. The publication is also designed to direct readers to helpful information in other NIST publications on individual topics the HIPAA Security Rule addresses. Readers can draw upon these publications for consideration in implementing the Security Rule. This publication is intended as an aid to understanding security concepts discussed in the HIPPA Security Rule, and does not supplement, replace or supersede the HIPAA Security Rule itself.

Linking Health Care Information: Proposed Methods for Improving Care and Protecting Privacy (.pdf)
Connecting for Health, February 2005. The linking of vital information as patients receive care from a fragmented healthcare system is a problem that has consistently plagued interoperability efforts in healthcare. The goal of Linking Working Group was to address these issues, proposing practical strategies for improving healthcare through improved linking of information in a secure and efficient manner, and in a way that allows healthcare professionals much improved access to needed information while respecting patients' privacy rights.

 
 

CareSpark | 112 West Main Street, Kingsport, TN 37660 | PO Box 657, Kingsport, TN 37662 | Telephone: 423-765-9341/Fax: 423-765-9345 |
Hours: 8 am to 5 pm