Expert Details Tips for Mining Big Data to Tackle Privacy Concerns in Predictive Modeling

Size: px
Start display at page:

Download "Expert Details Tips for Mining Big Data to Tackle Privacy Concerns in Predictive Modeling"

Transcription

1 Volume 7, Number 11 November 2014 Expert Details Tips for Mining Big Data to Tackle Privacy Concerns in Predictive Modeling Attorney Reece Hirsch knows as much about the intersection of Big Data and predictive analytics as anyone. The partner in the San Francisco office of Morgan Lewis & Bockius LLP tours trade meetings explaining what you need to know. Here s a sample. What is Big Data? T he term, Hirsch explains, refers to the powerful and often surprisingly granular information that can be assembled about individuals based on analysis of enormous databases. Yahoo! Inc. chief executive officer Marissa Mayer vividly describes Big Data, he says, as watching the planet develop a nervous system. As well, Hirsch adds, the term typically refers to the application of emerging techniques in data analytics, such as machine learning and other artificial intelligence tools, to those enormous databases of personal information. Sources of those data often include: In This Issue 1 Expert Details Tips for Mining Big Data to Tackle Privacy Concerns in PM 1 Analytics Illuminate Clinical Conundrums 9 Thought Leaders Corner 10 Industry News 12 Catching Up With Avi Mukherjee MBA smartphone GPS data, web browsing data, social networking activity and biometric data. Projects using Big Data can transform healthcare delivery, he continues, because providers are better able to assess acute cases in an entire population. As well, they can develop new ways to identify and prevent illness. (continued on page 2) Analytics Illuminate Clinical Conundrums Researchers are finding new ways to use predictive analytics in the clinical indications space. Here s a look at some recent developments. Supercomputers Link Proteins to Drug Side Effects N ew medications created by pharmaceutical companies have helped millions of Americans alleviate pain and suffering from their medical conditions, begins a statement from the Livermore, CA-based Lawrence Livermore National Laboratory. However, the statement adds, citing the journal Nature, the drug creation process often misses many side effects that kill at least 100,000 patients a year. Now, Livermore researchers have discovered, the statement adds, a high-tech method of using supercomputers to identify proteins that cause medications to have certain adverse drug reactions, or side effects. They re using high-performance computers to process proteins and drug compounds in an algorithm that produces reliable data outside of a laboratory setting for drug discovery. The team recently published its findings in the journal PLOS ONE, titled Adverse Drug Reaction Prediction Using Scores Produced by Large-Scale Drug-Protein Target Docking on High-Performance Computer Machines. Says Monte LaBute, a researcher from LLNL s Computational Engineering Division and the paper s lead author: We need to do something to identify these side effects earlier in the drug development cycle to save lives and reduce costs. (continued on page 6) Published by Health Policy Publishing, LLC

2 2 Predictive Modeling News November 2014 Predictive Modeling News November 2014, Volume 7 Issue 11 ISSN Print ( ) ISSN Electronic ( ) Editorial Advisory Board Ken Cunningham Vice President, Analytics, LexisNexis Risk Solutions, Chicago Ian Duncan FSA FIA FCIA MAAA Adjunct Professor of Actuarial Statistics, University of California at Santa Barbara Bill Fox JD MA Senior Vice President of Payer Strategy, Emdeon, Philadelphia Peter N. Grant JD PhD President, Health Care Conference Administrators LLC, Partner and Co- Chair, Health Law Group, Davis Wright Tremaine LLP, Seattle Gerardina Hernandez Informatics Scientist, Blue Health Intelligence, Chicago Soyal Momin MBA Director, Research Environment & Informatics, HealthCore, Chattanooga Jeremy J. Nobel MD MPH Adjunct Lecturer, Department of Health Policy and Management, Harvard University School of Public Health, Boston Jonathan P. Weiner DrPH Professor & Director of the Center for Population Health IT & CEO of the ACG Team, Johns Hopkins University, Baltimore Publisher Clive Riddle, President, MCOL Editor Russell A. Jackson Predictive Modeling News is published monthly by Health Policy Publishing LLC. Newsletter publication administration is provided by MCOL. Predictive Modeling News 1101 Standiford Avenue, Suite C-3 Modesto CA Phone: Fax: Copyright 2014 by Health Policy Publishing LLC. All rights reserved. No part of this publication may be reproduced or transmitted by any means, electronic or mechanical, including photocopy, fax or electronic delivery, without the prior written permission of the publisher. Expert Details Tips for Mining Big Data continued from page 1 But peril looms. Retail Big Data analysis, he explains, doesn t usually have to be conducted within the parameters of rigorous industry-specific privacy laws and regulations. Not so with healthcare, which must operate under the Health Insurance Portability and Accountability Act, among other statutes. And in fact, Hirsch comments, key principles of privacy regulations are ill-suited to Big Data. Notice provisions, for example, are difficult because data analysts don t know in advance how they will use the data; similarly, consumer choice provisions are tricky because, without effective notice, individuals cannot make meaningful choices. And purpose limitations are problematic, Hirsch says, because data analytics require constant repurposing of data. Indeed, one of the biggest challenges of Big Data is a situation where a company knows more about a consumer than the consumer realizes -- or is comfortable with -- even when the company is simply servicing that consumer s account. Big Data has caught the attention of the federal government; indeed, the Federal Trade Commission s jurisdiction to regulate unfair and deceptive acts or practices under Section 5 of the FTC Act may hold the key to future Big Data regulation, as it permits distinguishing between beneficial uses of Big Data (identifying potential health risks) from negative uses (discrimination based on health status). On January 23, 2014, White House senior counselor John Podesta officially launched a review of Big Data issues, shortly after President Obama s speech on National Security Administration reforms. In May 2014, the White House released a report on Big Data, as well as a parallel report by the President s Council of Advisors on Science and Technology. In May 2014, the White House released a report on Big Data, as well as a parallel report by the President s Council of Advisors on Science and Technology. What s the takeaway from the report? Some form of Big Data regulation seems likely, although it s difficult to say now what form it might take. Specifically, the White House Big Data recommendations include these: Congress should pass national breach legislation. Privacy protections should be extended to non-us citizens. The Electronic Communications Privacy Act, which controls how the government may access , should be updated. As well, the President s Council report recommends that new policies should focus on how data are used rather than the technical aspects of collecting them, Hirsch points out. The fact is methods of data collection are constantly changing. Realizing the Potential of Big Data Companies seeking to leverage Big Data initiatives need to be sensitive to consumer perceptions about how companies are using their personal information -- the so-called ick factor. Just because it s legal, Hirsch explains, doesn t mean you won t be criticized for doing it; just because you re using the information to improve the health of a population doesn t mean consumers won t assume you re actually selling it or using it for some other for-profit purpose. One thing you must do is ensure that you ve fully secured the rights to use customer or other data for Big Data analytics purposes and remember that that may include getting permission to aggregate or de-identify personal information. That s as true for healthcare companies as for those in any other industry, Hirsch notes. Healthcare remains, to a large degree, local and regional -- indeed, hospitals, physicians and most health plans operate within a region or state -- rather than national, and that causes much healthcare data to be siloed and utilized primarily by the entity that created it. However, many vendors to the healthcare industry are nationwide in scope, assembling vast databases of individually identifiable health information from provider and plan customers. In fact, they can often access medical information in volumes and varieties that are not available to their customers. (continued on page 3) To subscribe: visit or call page 2

3 November 2014 Predictive Modeling News 3 Expert Details Tips for Mining Big Data continued from page 2 The biggest Big Data headache for healthcare companies is HIPAA, Hirsch asserts. In December 2013, a report by the Bipartisan Policy Center considered the potential of Big Data in healthcare, he explains, and noted that while HIPAA is designed to safeguard patient privacy, it is often misunderstood, misapplied and overapplied in ways that may inhibit information sharing unnecessarily. The Bipartisan Policy Center is right, Hirsch says, adding that some of the confusion is understandable; for example, the HIPAA rules governing business associates and Big Data projects are often unclear. For health plans and other HIPAA-covered entities that maintain large databases of medical information, Big Data analytics are typically permitted with respect to their own members or patients and, in fact, Big Data analysis can usually fit within a health plan s permitted uses of protected health information for its healthcare operations activities or its treatment or payment activities. But how a healthcare company s Big Data analytics affect the other companies it does business with are less clear, Hirsch cautions. So, who is a business associate? The law defines it as a person acting on behalf of a covered entity who creates, receives, maintains or transmits PHI for a function or activity regulated by HIPAA. In other words, Hirsch says, a covered entity function. Note that BAs may also be covered entities in their own right, according to the HIPAA Final Rule s newly tweaked definition. Among the companies and types of service providers that commonly serve as healthcare BAs are: lawyers, actuaries, accountants, auditors, financial services managers, accreditation organizations, consultants, vendors, management firms, clearinghouses and outsourcing vendors that often include electronic health records providers, cloud-based software providers, coding and billing companies, healthcare revenue cycle management firms, pharmaceutical benefit managers, pharmaceutical distributors, claims processing and administration operations and data analytics companies. 3 Sets of Rules Drive BAs and Big Data for Healthcare Companies First Set: Management and Administration by Business Associates What is management and administration in the context of HIPAA and BAs? For one thing, Hirsch notes, it s a common provision in BA agreements without which the BAs might not be permitted to use PHI for many activities vital to their business. Interestingly, management and administration are not defined in the HIPAA regulations or commentary, but in 2000 commentary on the HIPAA Privacy Rule, the Office for Civil Rights did offer this comment: Aside from disclosures for data aggregation and business associate management, the business associate contract cannot authorize any uses or disclosure that the covered entity itself cannot make. Therefore, data mining by the business associate for any purpose not specified in the contract is a violation of the contract and grounds for termination of the contract by the covered entity. That, Hirsch says, indicates that data mining and Big Data analytics may be conducted by a BA -- but only if provided for in the agreement. HHS s commentary, he adds, could also be read to suggest that a BA is prohibited from using PHI for the BA s commercial purposes unrelated to the services that a CE has contracted for and not expressly authorized by the BAA, such as data mining. But some safe zone activities of a BA may be reasonably characterized as management and administration activities, including: quality assurance, utilization review, compliance, fraud prevention, auditing and cost management and planning-related analyses. Aside from disclosures for data aggregation and business associate management, the business associate contract cannot authorize any uses or disclosure that the covered entity itself cannot make. Therefore, data mining by the business associate for any purpose not specified in the contract is a violation of the contract and grounds for termination of the contract by the covered entity. But some safe zone activities of a BA may be reasonably characterized as management and administration activities Says Hirsch: CEs are permitted to engage in those sorts of types of activities as part of permitted healthcare operations. Generally, he continues, pursuant to the terms of a BAA, a BA is prohibited from using or disclosing the CE s PHI other than as permitted or required by the BAA or as required by law, but the BAA may permit the BA to use the information received by the BA if necessary [f]or the proper management and administration of the business associate. (continued on page 4) 2014, Health Policy Publishing, LLC. All rights reserved. No reproduction or electronic forwarding without permission. page 3

4 4 Predictive Modeling News November 2014 Expert Details Tips for Mining Big Data continued from page 3 As well, a BAA may also permit a BA to disclose PHI for its management and administration purposes if the disclosure is required by law or the BA obtains reasonable assurance from the person to whom the PHI is disclosed that it will be held confidentially or used or further disclosed only as required by law or for the purpose for which it was disclosed -- and the person notifies the BA if the confidentiality of the PHI is breached. It seems reasonable to say that the safe zone functions are integral to a BA s current and future suite of products and services, Hirsch adds. They could also be characterized as essential back office functions. But what if effective management of a BA s business requires data mining or Big Data analytics? It s certainly true that businesses are increasingly data-driven and that data analytics is often critical to evolving existing products and services and developing new ones. For example, what if data analytics is necessary to develop a new protocol to identity plan members who are at risk for diabetes? What if crawling and mapping customer data is necessary to facilitate development of future products or services or research and development? Hirsch explains: In the absence of interpretive guidance from the OCR, we must rely on the plain meaning of the terms management and administration. There are ways to mitigate management and administration risk, Hirsch notes. For example, a vendor can reduce its risk regarding use of the management and administration rule by addressing the use of PHI for data analytics in its services agreement; in some cases, an or letter from the health plan clarifying interpretation of the agreement may be sufficient -- although, he emphasizes, this is an area where interpretive guidance from OCR would be useful. In the absence of such guidance, though, BAs and health plans have some latitude to develop reasonable interpretations of the rule. Second Set: Data Aggregation by Business Associates HIPAA s Privacy Rule allows BAs to perform data aggregation services relating to the healthcare operations of the covered entity from which it receives the information. Data aggregation is defined as a business associate s combining of PHI received from multiple CEs to permit data analyses that relate to the healthcare operations of the respective covered entities. Like management and administration, it s an optional provision in BAAs. In commentary on the final HIPAA Privacy Rule, HHS explained that it included data aggregation services as a permitted provision in BAAs to clarify the ability of CEs to contract with BAs to undertake quality assurance and comparative analyses that involve the protected health information of more than one contracting covered entity. HHS further noted: We except data aggregation from the general requirement that a BA contract may not authorize a BA to use or further disclose PHI in a manner that would violate the requirements of this subpart if done by the CE to permit the combining or aggregation of PHI received in its capacity as a BA of different CEs when it is performing this service. In many cases, the combining of this information for the respective healthcare operations of the covered entities is not something that the CEs could do -- a covered entity cannot generally disclose protected health information to another covered entity for the disclosing covered entity s healthcare operations. However, we permit CEs that enter into business associate contracts with a BA for data aggregation to permit the business associate to combine or aggregate the PHI it discloses to the business associate for their respective healthcare operations. The phrase healthcare operations is broadly defined, Hirsch says, to include: conducting quality assessment and improvement activities, including outcomes evaluation and development of clinical guidelines, provided that the obtaining of generalizable knowledge is not the primary purpose of any studies resulting from such activities; population-based activities relating to improving health or reducing healthcare costs, protocol development, case management and care coordination, contacting of healthcare providers and patients with information about treatment alternatives; and related functions that do not include treatment. Because healthcare operations include population-based activities relating to improving health or reducing healthcare costs, Hirsch notes, BA data aggregation services may be readily aligned with the population-based health objectives of many Big Data projects. In commentary on the final HIPAA Privacy Rule, HHS explained that it included data aggregation services as a permitted provision in BAAs to clarify the ability of CEs to contract with BAs to undertake quality assurance and comparative analyses that involve the protected health information of more than one contracting covered entity. He emphasizes that BAs can use Big Data to provide data aggregation services to customers, provided that the BA enters into BAAs that permit data aggregation services, that all of the PHI analyzed and utilized by the BA for data aggregation is received by the BA in its capacity as a BA of a HIPAA-covered entity, that the BA customers receiving the product of the data aggregation services are CEs for which the BA is acting as a BA and that the data aggregation services relate to one of the types of activities enumerated in the definition of healthcare operations. Note that OCR has not provided any detailed guidance or commentary regarding the scope of activities that may constitute data aggregation services. For instance, a pharmacy benefit manager could use data aggregation to identify drug utilization trends by aggregating data received from its covered entity clients. (continued on page 5) To subscribe: visit or call page 4

5 November 2014 Predictive Modeling News 5 Expert Details Tips for Mining Big Data continued from page 4 Because healthcare operations includes population-based activities relating to improving health or reducing healthcare costs and care coordination, a PBM could combine the PHI it receives from multiple covered entities to extract data, perform the analytics and provide the appropriate CE with the results of the analysis, provided that the PBM s BA agreements with its CE clients permit data aggregation activities. If a BA combines data of multiple types of CEs, such as healthcare providers and health plans, it must consider whether the resulting data aggregation services relate to the healthcare operations of each type of CE receiving the services. For example, the healthcare operations of providers and health plans differ significantly. some components of the healthcare operations definition relate only to plans, such as underwriting, enrollment and premium rating. Categories such as population-based health activities are generally applicable to both healthcare providers and health plans. Here s an example Hirsch provides of data aggregation: A health plan data analytics company has the right to provide data aggregation services; in that capacity, it compiles a registry of plan members who may be at risk for diabetes. The company could share that registry data with its health plan customers because its services relate to population-based health improvement and health cost reduction and care coordination. A health plan data analytics company has the right to provide data aggregation services; in that capacity, it compiles a registry of plan members who may be at risk for diabetes. The company could share that registry data with its health plan customers because its services relate to populationbased health improvement and health cost reduction and care coordination. But, Hirsch emphasizes, that registry data could not be shared with healthcare providers and pharma companies because there is no BA relationship; additionally, those data could not be shared with a CE customer that has not agreed to permit data aggregation services by the BA. However, Hirsch continues, if the company has the right to de-identify PHI, then de-identified registry data could be shared with a pharma company, for example. As the company develops new products, it must remember that there are many subcategories within the definition of healthcare operations, and that each new service must fit into one of those buckets. It s important to remember, Hirsch emphasizes, that data analysis resulting from data aggregation may only be shared with CEs that shared PHI with the BA; however, if the BA also has permission to de-identify PHI in its BAA, then the analysis performed through data aggregation may satisfy HIPAA s de-identification standard. If PHI is deidentified, it s no longer regulated under HIPAA and may be shared with any third parties. Third Set: De-Identification by Business Associates Health information that does not identify an individual, and where there is no reasonable basis to believe that the information can be used to identify an individual, ceases to be PHI and is considered de-identified. Recent advances in health information technologies enabling companies to capture large quantities of healthcare data have created the potential to combine those data to conduct comparative effectiveness studies, scientific research and policy assessment. De-identification is another method by which BAs can make use of the medical information that they have collected and maintain. Unlike the management and administration and data aggregation services rules, OCR has provided clear interpretive guidance on how covered entities may apply the de-identification standard. There are two methods of de-identifying PHI. The first involves removing these identifiers of the individual or of relatives, employers or household members of the individual: names; all geographic subdivisions smaller than a state, including street address, city, county, precinct, ZIP code and their equivalent geocodes, with certain limited exceptions; all elements of dates (except year) for dates directly related to an individual, including birth date, admission date and discharge date; telephone numbers; fax numbers; addresses; Social Security Numbers; medical record numbers; health plan beneficiary numbers; account numbers; certificate/license numbers; vehicle identifiers and serial numbers, including license plate numbers; device identifiers and serial numbers; web Universal Resource Locators, or URLs ; Internet protocol address numbers; biometric identifiers, including finger and voice prints; full-face photographic images and any comparable images; and any other unique identifying number, characteristic or code. Health information that does not identify an individual, and where there is no reasonable basis to believe that the information can be used to identify an individual, ceases to be PHI and is considered deidentified. (continued on page 6) 2014, Health Policy Publishing, LLC. All rights reserved. No reproduction or electronic forwarding without permission. page 5

6 6 Predictive Modeling News November 2014 Expert Details Tips for Mining Big Data continued from page 5 In addition to redaction of the 18 identifiers, a CE must also not have actual knowledge that the information could be used alone or in combination with other information to identify an individual who is a subject of the information. The second method of de-identification permits a CE to determine that data are not individually identifiable if a person with appropriate experience with generally accepted statistical and scientific principles of de-identification either determines that the risk is very small that the data could be used, alone or in combination with other reasonably available information, by an anticipated recipient to identify an individual who is a subject of the information or documents the methods and results of the analysis that justify such determination. A potential benefit of that method is a BA may retain certain of the 18 identifiers in a dataset and still consider the information to be de-identified, assuming the statistician can make the required determination. In November 2012, in fact, OCR published additional guidance on de-identification methods and, in defining who was an expert for purposes of rendering health information de-identified, noted that no specific professional degree or certification is required to provide a de-identification opinion, and relevant expertise may be gained through various routes of education and experience -- typically in the statistical, mathematical or scientific domains. Hirsch emphasizes that the Privacy Rule s standard for de-identification of PHI is quite rigorous, and that such de-identified data are generally not useful for analytics intended to target or tailor a product or service to an individual. A covered entity can assign a means of record identification to allow re-identification by the CE once PHI has been de-identified using one of those two methods. However, the identification can t be derived from information about the individual -- such as using selected digits from a Social Security Number -- and the CE can t use or disclose the code or the mechanism for re-identification. Takeaways: Large BA entities are destined to play a key role in the development of Big Data analytics in healthcare, Hirsch says, but they must operate within the parameters of the often-ambiguous HIPAA rules governing uses of PHI for management and administration, data aggregation services and de-identification. Health plans and other healthcare companies are increasingly basing new products and business models on the use of Big Data, he adds, so it s vital that companies address data collection and use issues in customer services agreements prior to the collection of data, if possible. HIPAA-covered entities should be aware of the uses of PHI that are possible under the often-overlooked BAA provisions relating to management and administration, data aggregation and de-identification. Perhaps most significantly, given the promise of Big Data analytics to improve the quality and efficiency of healthcare delivery, OCR should consider providing guidance to clarify the regulatory landscape surrounding this important topic. In the absence of explicit guidance from OCR, health plans and their vendors have some latitude to develop uses of Big Data and related products and services. However, in the absence of guidance, careful evaluation of the legal risks associated with Big Data analytics is more important than ever. There s great potential reward, but also great legal risks. Some of the material in this article also appeared in an article by Hirsch in Bloomberg BNA s Health Law Reporter. Contact Hirsch at or at Analytics Illuminate Clinical Conundrums continued from page 1 It takes pharmaceutical companies roughly 15 years to bring a new drug to the market, the statement says, at an average cost of $2 billion. A new drug compound entering Phase I testing is estimated to have an 8% chance of reaching the market, according to the Food and Drug Administration. A typical drug discovery process begins with identifying which proteins are associated with a specific disease, the statement continues. Candidate drug compounds are combined with target proteins in a process known as binding to determine the drug's effectiveness and harmful side effects. Target proteins are proteins known to bind with drug compounds for the pharmaceutical to work. There were no indications of side effects of these medications in early testing or clinical trials We need a way to determine the safety of such therapeutics before they reach patients. Our work can help direct such drugs to patients who will benefit the most from them with the least amount of side effects. While that method can identify side effects with many target proteins, there are myriad unknown off-target proteins that may bind to the candidate drug -- and cause unanticipated side effects. Because it is cost-prohibitive to experimentally test a drug candidate against a potentially large set of proteins, the statement says, and the list of possible off-targets is not known ahead of time, pharmaceutical companies usually only test a minimal set of off-target proteins during the early stages of drug discovery, resulting in ADRs remaining undetected through the later stages of drug development, such as clinical trials, and possibly making it to the marketplace. There have been several highly publicized medications with off-target protein side effects that have reached the marketplace. For example, the statement points out, Avandia, an anti-diabetic drug, caused heart attacks in some patients and Vioxx, an anti-inflammatory medication, caused heart attacks and strokes among certain populations. Both therapeutics were recalled because of their side effects. There were no indications of side effects of these medications in early testing or clinical trials, LaBute notes. We need a way to determine the safety of such therapeutics before they reach patients. Our work can help direct such drugs to patients who will benefit the most from them with the least amount of side effects. (continued on page 7) To subscribe: visit or call page 6

7 November 2014 Predictive Modeling News 7 Analytics Illuminate Clinical Conundrums continued from page 6 LaBute and the LLNL research team tackled the problem by using supercomputers and information from public databases of drug compounds and proteins, including protein databases from DrugBank, UniProt and Protein Data Bank, and drug databases from the FDA and SIDER, which contain FDA-approved drugs with ADRs. The team examined 4,020 off-target proteins, which were indexed against the PDB, whittling the number down to 409 with high-quality 3D crystallographic X-ray diffraction structures essential for analysis in a computational setting. The 409 proteins were fed into a Livermore HPC software known as VinaLC along with 906 FDA-approved drug compounds. VinaLC used a molecular docking matrix that bound the drugs to the proteins, the statement explains. A score was given to each combination to assess whether effective binding occurred. The binding scores were fed into another computer program and combined with 560 FDA-approved drugs with known side effects. Then, the statement continues, an algorithm was used to determine which proteins were associated with certain side effects. The team showed that in two categories of disorders -- vascular disorders and neoplasms -- their computational model of predicting side effects in the early stages of drug discovery using off-target proteins was more predictive than current statistical methods that do not include binding scores. The team s calculations also predicted new potential side effects, including a connection between a protein normally associated with cancer metastasis to vascular disorders like aneurysms. The ADR predictions were validated by a thorough review of existing scientific data. We have discovered a very viable way to find off-target proteins that are important for side effects, LaBute says. This approach using HPC and molecular docking to find ADRs never really existed before. Visit llnl.gov. Penn Medicine s Sepsis Sniffer Generates Faster Results An automated early warning and response system for sepsis developed by Penn Medicine experts has resulted in a marked increase in sepsis identification and care, transfer to the ICU and an indication of fewer deaths due to sepsis, according to a statement. A study assessing the tool is published online in the Journal of Hospital Medicine. Sepsis is a potentially life-threatening complication of an infection; it can severely impair the body s organs, causing them to fail. There are as many as 3 million cases of severe sepsis -- and 750,000 resulting deaths -- in the United States annually; early detection and treatment, typically with antibiotics and intravenous fluids, is critical for survival. The Penn prediction tool, dubbed the sepsis sniffer, uses laboratory and vital sign data (such as body temperature, heart rate and blood pressure) in the electronic health record of hospital inpatients to identify those at risk for sepsis. The Penn prediction tool, dubbed the sepsis sniffer, uses laboratory and vital sign data (such as body temperature, heart rate and blood pressure) in the electronic health record of hospital inpatients to identify those at risk for sepsis, the statement explains. When certain data thresholds are detected, it says, the system automatically sends an electronic communication to physicians, nurses and other members of a rapid response team, who quickly perform a bedside evaluation and take action to stabilize or transfer the patient to the intensive care unit if warranted. The study developed the prediction tool using 4,575 patients admitted to the University of Pennsylvania Health System in October 2011, then validated the tool during a preimplementation period from June to September 2012, when data on admitted patients were evaluated and alerts triggered in a database, but no notifications were sent to providers on the ground. Outcomes in that control period were then compared to a post-implementation period from June to September The total number of patients included in the pre- and post- periods was 31,093; in both, 4% of patient visits triggered the alert. Analysis revealed 90% of those patients received bedside evaluations by the care team within 30 minutes of the alert being issued, the statement says. In addition, the researchers found that the tool resulted in: a 2- to 3-fold increase in orders for tests that could help identify the presence of sepsis; a 1.5- to 2-fold increase in the administration of antibiotics and intravenous fluids; an increase of more than 50% in the proportion of patients quickly transferred to the ICU; and a 50% increase in documentation of sepsis in the patients electronic health records. The study found a lower death rate from sepsis and an increase in the number of patients successfully discharged home, the statement adds, although those findings did not reach statistical significance. Says lead author Craig A. Umscheid MD MSCE, director at Penn s Center for Evidence-Based Practice: Our study is the first we re aware of that was implemented throughout a multihospital health system. Previous studies that have examined the impact of sepsis prediction tools at other institutions have only taken place on a limited number of inpatient wards. The varied patient populations, clinical staffing, practice models and practice cultures across our health system increase the generalizability of our findings to other healthcare settings. Umscheid also notes that the tool could help triage patients for suitability of ICU transfer. By better identifying those with sepsis requiring advanced care, he comments, the tool can help screen out patients not needing the inevitably limited number of ICU beds. Penn Medicine consists of the Raymond and Ruth Perelman School of Medicine at the University of Pennsylvania, founded in 1765 as the nation s first medical school, and the University of Pennsylvania Health System. (continued on page 8) 2014, Health Policy Publishing, LLC. All rights reserved. No reproduction or electronic forwarding without permission. page 7

8 8 Predictive Modeling News November 2014 Analytics Illuminate Clinical Conundrums continued from page 7 BellBrook Labs, UW-Madison Team Awarded NCI Contract The National Cancer Institutes has awarded a $1.75M Small Business Innovative Research contract to BellBrook Labs for a collaborative effort with researchers at the University of Wisconsin-Madison to develop more realistic models for breast and ovarian cancer, a statement reports. The research will use imaging and microfabrication technology developed by the UW team to accurately replicate tumor microenvironments associated with poor prognosis, it says, and fabricate those environments in BellBrook s iuvo Microchannel Plates. The technology will allow drug discovery scientists to screen for more effective anti-cancer drugs with new mechanisms of action and aid oncologists in identifying the most effective chemotherapeutic regimens for individual cancer patients. Led by BellBrook founder and CEO Bob Lowery, the team includes Steve Hayes and Lisa Vu from BellBrook and Patricia Keely, Paul Campagnola and Kevin Eliceiri from UW-Madison, the statement notes. The research will be directed at understanding how the scaffolding that cells attach to, called the extracellular matrix, affects cancer cell growth, motility and response to chemotherapeutic drugs, it says. Though largely overlooked until relatively recently, the role of the ECM in tumorigenesis has become a key priority in cancer research. One of the main stumbling blocks to including ECM in cellular models in drug discovery has been that it greatly complicates microscopic imaging of cells, a limitation largely imposed by the multi-well plates that are widely used for high-throughput screening. BellBrook s iuvo Microchannel plates make it possible to perform image-based multi-parametric analysis of cells growing in a three-dimensional extracellular matrix on existing high-throughput screening platforms, the statement says. The Fast Track SBIR contract includes a nine-month Phase I period with $225,000 in funding and a two-year, $1.5 million Phase II option based on Phase I milestones. Members of the UW team recently showed that specific patterns of collagen, the main protein in the ECM, can be used as a prognostic marker in breast cancer. They can detect those changes, called tumorassociated collagen signatures, in intact biopsy tissue and histopathology samples, the statement continues. The UW team has developed fabrication methods that can directly use TACS images as blueprints to produce ECM with the desired collagen topology. The goal of the SBIR contract is to replicate the TACS for breast and ovarian cancer in microchannels and show that they have the same effects on implanted tumor cells as in patients. The team will ask how well the collagen signature tumor models predict drug responses by exposing them to commonly used chemotherapeutic regimens and comparing the results with analyses of TACS in tissue samples from patients with documented treatment histories. Then they ll validate the collagen signature tumor models for high-throughput screening to identify new molecular targets and small molecule drugs. If successful, the combination will be transformative, the statement says, as it will allow scientists to probe tumor cell behavior in ECM that faithfully replicates the in vivo tumor microenvironment. Pitt Drug Discovery Researchers Receive Grant to Build 3D Liver Model With a new $5.8 million, three-year award from the National Institutes of Health, researchers at the University of Pittsburgh School of Medicine will further develop a state-of-the-art microfluidic 3D model system that mimics structure and function of the liver to better predict organ physiology, assess drug toxicity and build disease models, according to a statement from the school. The funding supports the next phase of the NIH s Tissue Chip for Drug Screening program, which aims to improve ways of predicting drug safety and effectiveness, it says. Researchers from 11 institutions will collaborate over three years to refine existing 3D human tissue chips and combine them into an integrated system that can mimic the complex functions of the human body. We are very enthusiastic about the potential of these microphysiology systems to serve as powerful platforms for studying human diseases and identifying human toxic liabilities, says D. Lansing Taylor PhD, Allegheny Foundation Professor of Computational and Systems Biology at the Pitt School of Medicine, director, University of Pittsburgh Drug Discovery Institute and the Pitt project s principal investigator. Adds NIH Director Francis S. Collins MD PhD: The development of tissue chips is a remarkable marriage of biology and engineering, and has the potential to transform preclinical testing of candidate treatments, providing valuable tools for biomedical research. The Pitt research team and its collaborators are creating models of the functional unit of the liver, called the acinus, using human liver cells and, eventually, liver cells derived from precursor cells known as induced pluripotent stem cells, as well as three additional cell types, the statement explains. The liver platform includes microfluidic devices, human cells, engineered matrix materials, fluorescence-based biosensors for real-time physiological read-outs and biochemical and mass spectrometry measurements to determine acute and chronic toxicity effects. Researchers also will build a microphysiology database to manage, analyze and model the data collected from the liver constructs. With such a platform, biomedical scientists will be able to test treatment efficacy in conditions such as non-alcoholic fatty liver disease, liver cancer and breast cancer that has spread to the liver, as well as liver damage including immune-mediated toxicology and fibrosis. Also, a team of institutions and investigators has been assembled to integrate the liver, kidney and gut models to recapitulate the organ system that is central to drug absorption and metabolism. The integrated platform will involve the creation of a universal medium, the development of the proper scaling of the interacting organ constructs, physiologically relevant flow, incorporation of a micro-formulator to add factors from missing organs and micro-analyzers for monitoring parameters such as ph and oxygen. Visit medschool.pitt.edu. To subscribe: visit or call page 8

9 November 2014 Predictive Modeling News 9 Thought Leaders Corner Each month, Predictive Modeling News asks a panel of industry experts to discuss a topic suggested by a subscriber. To suggest a topic, send it to us at Here s this month s question: Q: Given current public concerns over Ebola, a timely question is this: What role can predictive modeling play in addressing pandemics? This topic highlights the need for further efforts and research that can be applied at a personalized level, thus allowing the medical community to direct scarce resources to those most likely to benefit. More often we see modeling applied at a population level with no real means of translating that work to the individual patient, which is where the fight really lies. Matt Wilson CEO & President Health Outcomes Sciences Overland Park KS Predictive modeling can play a role in the active surveillance through social media or other medical surveillance platforms to help identify potential outbreaks. The problem is finding the right signals to monitor. Twitter is a possible platform that has been used for monitoring flu in the US. Predictive modeling could be useful in gaming the system to confirm real potential outbreaks and not just an alarm for governments. One could see the potential of new systems causing alert syndrome as electronic health records in the hospital systems. David Howe Co-Founder & CEO LuminaCare Solutions Inc. Woburn MA For decades, public health statisticians and epidemiologists have been using modeling and statistical analysis and forecasting to monitor for outbreaks and to predict epidemics and pandemics. Traditionally, these modelers have used reportable disease vital records or healthcare use records (e.g., diagnoses from ED or hospital encounters). More recently, unconventional Big Data such as social network entries and drug store purchases have also been used. In some places, like Indiana, doctor s office EMRs are linked directly into bio-surveillance systems as well. One day, EMR interoperability will be universal across regions, and real-time monitoring of outbreaks will be commonplace. Today in the US, and hopefully for the foreseeable future, Ebola is expected to be so rare that PM and surveillance analytics will not really be applicable. But the same type of PM and electronic screening tools for sure will be helpful for more common threats to the public s health, like the flu or the new Enterovirus D68. Colleagues at Johns Hopkins have developed a suite of open source software tools for modeling and predicting outbreaks and disease and a beta version can be downloaded at Jonathan Weiner DrPH Professor& Director of the Center for Population Health IT & CEO of the ACG Team Johns Hopkins University Baltimore The Eighth Annual Predictive Modeling Summit The Eighth Annual Predictive Modeling Summit, the leading forum on predictive analytics applied to key healthcare functions, settings and populations, will be held Thursday, November 13, and Friday, November 14, at the Crystal Gateway Marriott, Washington DC -- and will also be available live online with 24/7 archive access for six months. Detailed information about the Eighth Annual National Predictive Modeling Summit, including registration, is available at 2014, Health Policy Publishing, LLC. All rights reserved. No reproduction or electronic forwarding without permission. page 9

10 10 Predictive Modeling News November 2014 Thought Leaders Corner Predictive analytics could help better understand patterns and trends in underlying symptoms of Ebola as well as do modeling around its spread to enable proactive preventative measures. Collecting the data and developing a study database for predictive analytics could be a challenge considering various data sources contribute to predictive variables. Timeliness of these data sources is also a key considering some of the symptoms of Ebola are timebound. Also, considering this is an emerging disease within the US, adequate sample size could pose an issue with predictive modeling. Soyal Momin MS MBA HealthCore Director, Research Environment & Informatics Chattanooga Industry News Jvion: Top 4 Ways Community Hospitals Can Use Predictive Analytics Here s what Jvion has to say on the topic: Community hospitals are one of the most important groups within the US healthcare system. They tend to be independent and smaller in size, and are more likely to include low-income patients in their populations; they re on the front lines of care for a large portion of the country. Now, with new approaches to care coordination, value-based billing and at-risk models, those facilities face the daunting task of accommodating an onslaught of mandates while maintaining operational health. However, those facilities are far from doomed. Because community hospitals are smaller and more closely aligned to the populations around them, they may be better positioned in some ways to adapt to the latest models of care coordination. And with the emergence of predictive analytic solutions that are affordable, scalable and accurate, community providers stand a real chance of thriving in the new era of healthcare. In a recent interview, CEO Shantanu Nigam outlined four ways community hospitals can apply predictive analytics to address challenges and take advantage of opportunities. [1] Reduce costs. Waste is a big issue for community hospitals; they are always looking for ways to create efficiencies and reduce costs. Additionally, at-risk and valuebased models reward hospitals that eliminate waste while improving quality. By applying predictive analytics, facilities can intervene and prevent adverse events such as hospital acquired conditions and post-operative complications, more effectively apply resources through more targeted infection prevention and align organizational strategies including capital investments and staffing decisions based on predicted shifts in population health needs. [2] Drive physician engagement. In general, community hospitals have a hard time recruiting and partnering with physicians. But physician engagement is key to reducing costs and improving health outcomes. (continued) Jvion: Top 4 Ways continued Predictive analytics can be used to facilitate discussions with physicians and drive engagement. By providing realtime, patient-level risk insights that fit directly into the existing workflow, physicians can become advocates and a means to facilitate new operational and quality standards. And in some cases, a hospital s willingness to integrate predictive technologies bolsters its perception among physicians who are looking for more progressive and technologically advanced practice environments. [3] Enable care coordination. Community hospitals are defined in many ways by the populations they serve. Having access to leading population health predictive analytics can help organizations target prevention and outreach activities. Predictive analytics can also help facilitate care coordination with local facilities such as nursing homes to help reduce readmissions and drive a patient-centered model of care. Moreover, population health-level predictive analytics can provide unique insights into emerging health shifts so hospitals and care facilities connected to them can better prepare for future health demands [4] Facilitate better communication and standardization. There are advantages to being small. Unlike large systems made up of multiple, sometimes hundreds of, facilities, a community hospital can more nimbly adopt new technologies. Because of their relatively small size, community hospitals can more quickly gain alignment and drive standardization across specialties. It s a great environment for predictive analytics because insights can be shared quickly and care coordination can be more efficiently achieved across multiple departments and specialties. Additionally, communication can be streamlined so that identified risks and opportunities can be addressed promptly. Jvion is a healthcare technology company that develops software designed to predict and prevent patient-level disease and financial losses leading to increased waste. Visit jvion.com. To subscribe: visit or call page 10

11 November 2014 Predictive Modeling News 11 Industry News ZirMed Acquires MethodCare ZirMed, a leading cloud-based enterprise business and clinical performance solution for healthcare, reports the acquisition of MethodCare Inc. Chicago-based MethodCare is a leading provider of predictive analytics solutions that increase revenue, maximize operational efficiencies and provide the advanced analytics to help healthcare organizations achieve financial and clinical excellence, a statement says. Adds said Tom Butts, chief executive officer at ZirMed: MethodCare has achieved exceptional growth among the nation s top hospitals and health systems by developing robust workflow, automation and real-time analytics that are critical to delivering greater value care. By merging MethodCare s proven predictive analytics offering with ZirMed s population health and revenue cycle solutions, healthcare providers can now take advantage of the first true centralized end-to-end performance management platform to streamline operations and support greater strategic, datadriven business decisions. MethodCare s flagship SaaS utilize predictive analytics in the areas of patient access, charge integrity and reimbursement, all centered on a patient s total episode of care. The solutions pinpoint revenue leakage to identify recoverable missed (continued) ZirMed Acquires MethodCare continued charges, predict denials and appeal success rates,score patients propensity to pay, flag underpayments and better manage risk-based contracts -- resulting in significant financial performance improve-ments. ZirMed will expand its presence in Chicago with a new Healthcare Analytics Center of Excellence led by MethodCare s team of data scientists and business intelligence engineers. MethodCare s implementation and support teams will continue to operate in Chicago, with plans for imminent growth. The addition of MethodCare and recent acquisition of Intelligent Healthcare LLC broaden ZirMed s suite of solutions and enable healthcare organizations of all sizes and complexity to manage both fee-for-service and valuebased care simultaneously, the statement adds, while maximizing revenue, streamlining workflows and optimizing outcomes. For more than 15 years, it continues, ZirMed has been optimizing fee-for-service healthcare business performance for more than 200,000 providers, helping them enhance their revenue cycle and drive bottom line results. ZirMed offers clients a complete solution that solves key problems ranging from coding issues and claims rejections to payer and patient reimbursement challenges, revenue leakage, data analysis challenges and more. Visit methodcare.com and ZirMed.com. Catching Up With continued from page 12 The current focus in the industry has been statistical alerts and Big Data, which are heuristic rule-based and include personalized, trend-based and multi-modal alerts. These tools sometimes assist in navigating, understanding, modeling and making data actionable for the business through data visualization. Some examples of where Geneia is building Big Data solutions for healthcare are: Healthcare Consumer Engagement Predictive Models: o Create segments and profile prospects and members of individual insurance products in a manner that directs the health plan s and provider s marketing efforts towards the right people through the right channels with the right messages. o The analytical algorithm provides attributes of the healthcare consumer, such as health and wellness orientation, coverage needs, satisfaction with current plan, accessibility, channel preference and value perception (price, experience, quality and support). Care Pattern Variation Analysis: o Develop models to understand care pattern variations for providers in a pre-set provider group or national benchmarks. o Predictive models to maximize clinical outcomes for specific disease protocols. o Predict the care pathway that delivers greatest quality for the patient based on his or her individual disease and severity levels. Care Management Intervention Models: o Ability to predict consumer behavior to react to particular modes of engagement for providers, care managers and payers. o Ability to respond to a health risk assessments, wellness outreach or patient campaigns. o Best method of engagement for clinical intervention; this may be designed for specific clinical programs to fine tune program adoption and engagement campaigns. o Identify next best action for engaging patients with care managers. PMN: What will predictive modeling look like in the future? What kinds of functionality will analytics bring to the table tomorrow that clever minds like those that founded Geneia are only beginning to think about today? AM: Geneia is developing tools for adaptive alerts, which are designed by signal processing and pattern matching using statistical rules. These rules can analyze a very complex event and process the signals into a personalized alert which provides the best action for a particular situation. We also are building alerts that can have care managers and physicians assist the machine learning process to improve the accuracy of the predictive models. Contact Mukherjee via Andrea Durkin at or at 2014, Health Policy Publishing, LLC. All rights reserved. No reproduction or electronic forwarding without permission. page 11

12 12 Catching Up With... Avi Mukherjee MBA Chief Technology Officer, Geneia He has accountability for creating, launching, supporting and managing the Geneia products that are bringing a radical technology shift in healthcare. Avi Mukherjee MBA MBA, The University of Chicago Booth School of Business, 2014 Graduate in Computer and Electrical Engineering, University of Kalyani, India, 2003 Primary focus is building product teams to work on transformational white space opportunities spanning healthcare business and technology. Founded Theon, Geneia s cutting-edge healthcare analytics platform that facilitates practice transformation and payment reform models. Has developed products and applications for the Mayo Clinic, the South West Medical Association, the WellMed Physician Practices and the Lifeprint group of primary care physicians. Also brings valuable experience in strategizing solutions for UnitedHealth Group/Optum, National Health Services (UK), Aetna, HealthNet, Blue Cross and Blue Shield in Pennsylvania, Massachusetts, Puerto Rico and other payers with diverse contracting models including fee-for-service, capitation and risk delegation. Also served as a Research Assistant in the Applied Science Program at Concordia University, Canada. Also leads The Geneia Institute, the company s educational arm that delivers population health training for care delivery organizations. Before Geneia, served as Vice President, Analytics and Reporting, at Capital BlueCross, Harrisburg PA There, he led the strategy, development and implementation for end-to-end information management solutions. Previously, served as Director, Information Strategy & Architecture, and Director of Data Analytics, Collaborative Care, at Optum, Eden Prairie MN Before that, he was a Business Intelligence Program Manager at UnitedHealth Group and a Solution Architect at the Mayo Clinic Enterprise Data Trust. Speaks Bengali, English and Hindi. Predictive Modeling News: What path did you take to your present position, starting right out of college? Was it the career path you envisioned when you started? Avi Mukherjee MBA: After my undergraduate program in electrical engineering, I joined Infosys in India. About a year later, I became a research assistant in the Applied Science Program at Concordia University, Canada. Then I moved to the United States to join Knightsbridge, a very niche boutique analytics company. In the initial years of my career, I was focused on analytics development, data integration, data architecture and data governance. Over the next few years, I worked for Cognizant and Aon Corp. and again moved back to Knightsbridge, which shortly thereafter was acquired by Hewlett Packard. After HP, I joined Optum to lead its analytics consulting business areas. During my five years there, I moved into population health analytics and product management. I then joined Capital BlueCross and Geneia, where my primary focus has been on building product teams to work on transformational white space opportunities spanning healthcare business and technology. As one of Geneia s leading innovators, I founded Theon, the platform that facilitates payment reform models such as accountable care organizations and patient-centered medical homes. PMN: What occupies a typical day or week for you? What functions, activities and workload are you typically engaged in? AM: My roles and responsibilities are focused on envisioning, designing, developing, marketing and selling healthcare technology products and services from product vision through design, product launch and ultimately endof-life. I am generally engaged in product strategy review, analytics models design, product solution architecture, client presentations and proposals and reviewing the status of an upcoming product release or client implementations. PMN: Characterize the amount of innovation in the predictive modeling space. Is Geneia an example of what s possible? AM: The traditional analytics space has been focused on dashboards, business intelligence tools with basic drilling, pivoting and slice/dice capabilities. The alerting capabilities are what I call binary model alerts. These alerts are nonpersonalized, non-contextualized, fixed and generally guided by threshold. These binary model alerts cannot predict patient conditions before they actually happen. (continued on page 11) Published by Health Policy Publishing, LLC

Webinar: Best Practices for Mining Big Data

Webinar: Best Practices for Mining Big Data Webinar: Best Practices for Mining Big Data a HealthcareWebSummit Event, 1PM Eastern, Wednesday, October 7th, 2015 Individual Registration Fee: $195. Post-Event Materials: $45 for attendees; $260 for non-attendees

More information

Legal Insight. Big Data Analytics Under HIPAA. Kevin Coy and Neil W. Hoffman, Ph.D. Applicability of HIPAA

Legal Insight. Big Data Analytics Under HIPAA. Kevin Coy and Neil W. Hoffman, Ph.D. Applicability of HIPAA Big Data Analytics Under HIPAA Kevin Coy and Neil W. Hoffman, Ph.D. Privacy laws and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule can have a significant

More information

How to De-identify Data. Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008

How to De-identify Data. Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008 How to De-identify Data Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008 1 Outline The problem Brief history The solutions Examples with SAS and R code 2 Background The adoption

More information

Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule

Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule AA Privacy RuleP DEPARTMENT OF HE ALTH & HUMAN SERVICES USA Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule NIH Publication Number 03-5388 The HI Protecting Personal

More information

SCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training

SCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training SCHOOL OF PUBLIC HEALTH HIPAA Privacy Training Public Health and HIPAA This presentation will address the HIPAA Privacy regulations as they effect the activities of the School of Public Health. It is imperative

More information

HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets

HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets FULL POLICY CONTENTS Scope Policy Statement Reason for Policy Definitions ADDITIONAL DETAILS Web Address Forms Related Information

More information

HIPAA Compliance Issues and Mobile App Design

HIPAA Compliance Issues and Mobile App Design HIPAA Compliance Issues and Mobile App Design Washington, D.C. April 22, 2015 Presenter: Shannon Hartsfield Salimone, Holland & Knight LLP, Tallahassee and Jacksonville, Florida Agenda Whether HIPAA applies

More information

Extracting value from HIPAA Data James Yaple Jackson-Hannah LLC

Extracting value from HIPAA Data James Yaple Jackson-Hannah LLC Extracting value from HIPAA Data James Yaple Jackson-Hannah LLC Session Objectives Examine the value of realistic information in research and software testing Explore the challenges of de-identifying health

More information

De-Identification of Health Data under HIPAA: Regulations and Recent Guidance" " "

De-Identification of Health Data under HIPAA: Regulations and Recent Guidance  De-Identification of Health Data under HIPAA: Regulations and Recent Guidance" " " D even McGraw " Director, Health Privacy Project January 15, 201311 HIPAA Scope Does not cover all health data Applies

More information

Administrative Services

Administrative Services Policy Title: Administrative Services De-identification of Client Information and Use of Limited Data Sets Policy Number: DHS-100-007 Version: 2.0 Effective Date: Upon Approval Signature on File in the

More information

UPMC POLICY AND PROCEDURE MANUAL

UPMC POLICY AND PROCEDURE MANUAL UPMC POLICY AND PROCEDURE MANUAL POLICY: INDEX TITLE: HS-EC1807 Ethics & Compliance SUBJECT: Honest Broker Certification Process Related to the De-identification of Health Information for Research and

More information

Memorandum. Factual Background

Memorandum. Factual Background Memorandum TO: FROM: SUBJECT: Chris Ianelli and Jill Mullan, ispecimen, Inc. Kristen Rosati and Ana Christian, Polsinelli, PC ispecimen Regulatory Compliance DATE: January 26, 2014 You have asked us to

More information

HIPAA COMPLIANCE INFORMATION. HIPAA Policy

HIPAA COMPLIANCE INFORMATION. HIPAA Policy HIPAA COMPLIANCE INFORMATION HIPAA Policy Use of Protected Health Information for Research Policy University of North Texas Health Science Center at Fort Worth Applicability: All University of North Texas

More information

Big Data in Health Care: Rewards and Risks. Daniel J. Weissburg, JD, CHC, Privacy Officer, UW Health Molly R. Berkery, JD, MPH, Godfrey & Kahn, S.C.

Big Data in Health Care: Rewards and Risks. Daniel J. Weissburg, JD, CHC, Privacy Officer, UW Health Molly R. Berkery, JD, MPH, Godfrey & Kahn, S.C. Big Data in Health Care: Rewards and Risks Daniel J. Weissburg, JD, CHC, Privacy Officer, UW Health Molly R. Berkery, JD, MPH, Godfrey & Kahn, S.C. Outline Big Data in Health Care Impetus Benefits & Potential

More information

Children's Hospital, Boston (Draft Edition)

Children's Hospital, Boston (Draft Edition) Children's Hospital, Boston (Draft Edition) The Researcher's Guide to HIPAA Evervthing You Alwavs Wanted to Know About HIPAA But Were Afraid to Ask 1. What is HIPAA? 2. What is the Privacy Rule? 3. What

More information

De-identification, defined and explained. Dan Stocker, MBA, MS, QSA Professional Services, Coalfire

De-identification, defined and explained. Dan Stocker, MBA, MS, QSA Professional Services, Coalfire De-identification, defined and explained Dan Stocker, MBA, MS, QSA Professional Services, Coalfire Introduction This perspective paper helps organizations understand why de-identification of protected

More information

HIPAA COMPLIANCE. What is HIPAA?

HIPAA COMPLIANCE. What is HIPAA? HIPAA COMPLIANCE What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) also known as the Privacy Rule specifies the conditions under which protected health information may be used

More information

Everett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law

Everett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law Everett School Employee Benefit Trust Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law Introduction The Everett School Employee Benefit Trust ( Trust ) adopts this policy

More information

Accountable Care: Implications for Managing Health Information. Quality Healthcare Through Quality Information

Accountable Care: Implications for Managing Health Information. Quality Healthcare Through Quality Information Accountable Care: Implications for Managing Health Information Quality Healthcare Through Quality Information Introduction Healthcare is currently experiencing a critical shift: away from the current the

More information

HIPAA OVERVIEW ETSU 1

HIPAA OVERVIEW ETSU 1 HIPAA OVERVIEW ETSU 1 What is HIPAA? Health Insurance Portability and Accountability Act. 2 PURPOSE - TITLE II ADMINISTRATIVE SIMPLIFICATION To increase the efficiency and effectiveness of the entire health

More information

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the

More information

HIPAA-Compliant Research Access to PHI

HIPAA-Compliant Research Access to PHI HIPAA-Compliant Research Access to PHI HIPAA permits the access, disclosure and use of PHI from a HIPAA Covered Entity s or HIPAA Covered Unit s treatment, payment or health care operations records for

More information

A s a covered entity or business associate, you have

A s a covered entity or business associate, you have Health IT Law & Industry Report VOL. 7, NO. 19 MAY 11, 2015 Reproduced with permission from Health IT Law & Industry Report, 07 HITR, 5/11/15. Copyright 2015 by The Bureau of National Affairs, Inc. (800-372-1033)

More information

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE

More information

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various

More information

AHLA. B. HIPAA Compliance Audits. Marti Arvin Chief Compliance Officer UCLA Health System and David Geffen School of Medicine Los Angeles, CA

AHLA. B. HIPAA Compliance Audits. Marti Arvin Chief Compliance Officer UCLA Health System and David Geffen School of Medicine Los Angeles, CA AHLA B. HIPAA Compliance Audits Marti Arvin Chief Compliance Officer UCLA Health System and David Geffen School of Medicine Los Angeles, CA Anna C. Watterson Davis Wright Tremaine LLP Washington, DC Fraud

More information

Health Insurance Portability and Accountability Policy 1.8.4

Health Insurance Portability and Accountability Policy 1.8.4 Health Insurance Portability and Accountability Policy 1.8.4 Appendix C Uses and Disclosures of PHI Procedures This Appendix covers procedures related to Uses and Disclosures of PHI. Disclosures to Law

More information

The New World of Healthcare Analytics

The New World of Healthcare Analytics The New World of Healthcare Analytics The New World of Healthcare Analytics We live in a data-driven world, where streams of numbers, text, images and voice data are collected through numerous sources.

More information

HIPAA POLICY REGARDING DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION AND USE OF LIMITED DATA SETS

HIPAA POLICY REGARDING DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION AND USE OF LIMITED DATA SETS HIPAA POLICY REGARDING DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION AND USE OF LIMITED DATA SETS SCOPE OF POLICY: What Units Are Covered by this Policy?: This policy applies to the following units

More information

Request for Comments on Energy and Commerce Digital Health White Paper

Request for Comments on Energy and Commerce Digital Health White Paper 15 October 2014 The Honorable Fred Upton Chairman, Committee on Energy and Commerce 2125 Rayburn House Office Building Washington, D.C. 20515 Request for Comments on Energy and Commerce Digital Health

More information

HIPAA and Big Data Twenty Third National HIPAA Summit. March 17, 2015 Mitchell W. Granberg, Optum Chief Privacy Officer

HIPAA and Big Data Twenty Third National HIPAA Summit. March 17, 2015 Mitchell W. Granberg, Optum Chief Privacy Officer HIPAA and Big Data Twenty Third National HIPAA Summit March 17, 2015 Mitchell W. Granberg, Optum Chief Privacy Officer Overview HIPAA and Big Data Big Data Definitions Big Data and Health Care Benefits

More information

HIPAA and You The Basics

HIPAA and You The Basics HIPAA and You The Basics The Purpose of HIPAA Privacy Rules 1. Provide strong federal protections for privacy rights Ensure individual trust in the privacy and security of his or her health information

More information

Winthrop-University Hospital

Winthrop-University Hospital Winthrop-University Hospital Use of Patient Information in the Conduct of Research Activities In accordance with 45 CFR 164.512(i), 164.512(a-c) and in connection with the implementation of the HIPAA Compliance

More information

VENDOR / CONTRACTOR. Privacy Basics

VENDOR / CONTRACTOR. Privacy Basics VENDOR / CONTRACTOR Privacy Basics Introduction Premera s mission is to provide our customers with peace of mind about their healthcare. This requires that everyone who works with or for Premera (the Company

More information

What is Covered by HIPAA at VCU?

What is Covered by HIPAA at VCU? What is Covered by HIPAA at VCU? The Privacy Rule was designed to protect private health information from incidental disclosures. The regulations specifically apply to health care providers, health plans,

More information

HIPAA and Leadership. The Importance of Creating a More Compliance Focused Environment

HIPAA and Leadership. The Importance of Creating a More Compliance Focused Environment HIPAA and Leadership The Importance of Creating a More Compliance Focused Environment 1 AGENDA HIPAA Basics The Importance of Leadership in RIM and IG Creating a More Compliance Focused Culture Potential

More information

Presented by Jack Kolk President ACR 2 Solutions, Inc.

Presented by Jack Kolk President ACR 2 Solutions, Inc. HIPAA 102 : What you don t know about the new changes in the law can hurt you! Presented by Jack Kolk President ACR 2 Solutions, Inc. Todays Agenda: 1) Jack Kolk, CEO of ACR 2 Solutions a information security

More information

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - De-identification of PHI 10030

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - De-identification of PHI 10030 IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - De-identification of PHI 10030 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General Counsel & Compliance Policy

More information

IAPP Practical Privacy Series. Data Breach Hypothetical

IAPP Practical Privacy Series. Data Breach Hypothetical IAPP Practical Privacy Series Data Breach Hypothetical Presented by: Jennifer L. Rathburn, Partner, Quarles & Brady LLP Frances Wiet, CPO and Assistant General Counsel, Takeda Pharmaceuticals U.S.A., Inc.

More information

NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA)

NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA) NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA) THIS NOTICE OF PRIVACY PRACTICES DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

More information

what your business needs to do about the new HIPAA rules

what your business needs to do about the new HIPAA rules what your business needs to do about the new HIPAA rules Whether you are an employer that provides health insurance for your employees, a business in the growing health care industry, or a hospital or

More information

Legislative & Regulatory Information

Legislative & Regulatory Information Americas - U.S. Legislative, Privacy & Projects Jurisdiction Effective Date Author Release Date File No. UFS Topic Citation: Reference: Federal 3/26/13 Michael F. Tietz Louis Enahoro HIPAA, Privacy, Privacy

More information

How Can Institutions Foster OMICS Research While Protecting Patients?

How Can Institutions Foster OMICS Research While Protecting Patients? IOM Workshop on the Review of Omics-Based Tests for Predicting Patient Outcomes in Clinical Trials How Can Institutions Foster OMICS Research While Protecting Patients? E. Albert Reece, MD, PhD, MBA Vice

More information

OCR/HHS HIPAA/HITECH Audit Preparation

OCR/HHS HIPAA/HITECH Audit Preparation OCR/HHS HIPAA/HITECH Audit Preparation 1 Who are we EHR 2.0 Mission: To assist healthcare organizations develop and implement practices to secure IT systems and comply with HIPAA/HITECH regulations. Education

More information

FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS

FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS James J. Eischen, Jr., Esq. October 2013 Chicago, Illinois JAMES J. EISCHEN, JR., ESQ. Partner at Higgs, Fletcher

More information

HIPAA 101: Privacy and Security Basics

HIPAA 101: Privacy and Security Basics HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually

More information

White Paper #6. Privacy and Security

White Paper #6. Privacy and Security The Complexity of America s Health Care Industry White Paper #6 Privacy and Security www.nextwavehealthadvisors.com 2015 Next Wave Health Advisors and Lynn Harold Vogel, Ph.D. The Complexity of America

More information

Data Breach, Electronic Health Records and Healthcare Reform

Data Breach, Electronic Health Records and Healthcare Reform Data Breach, Electronic Health Records and Healthcare Reform (This presentation is for informational purposes only and it is not intended, and should not be relied upon, as legal advice.) Overview of HIPAA

More information

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)

More information

Biobanks: DNA and Research

Biobanks: DNA and Research f r o m b i r t h to death a n d b e n c h to clinic THE HASTINGS CENTER Bioethics Briefing Book for Journalists, Policymakers, and Campaigns Chapter 3 Biobanks: DNA and Research Karen J. Maschke, Biobanks:

More information

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information

More information

Patient Privacy and HIPAA/HITECH

Patient Privacy and HIPAA/HITECH Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,

More information

Medicare Program: Expanding Uses of Medicare Data by Qualified Entities. AGENCY: Centers for Medicare & Medicaid Services (CMS), HHS.

Medicare Program: Expanding Uses of Medicare Data by Qualified Entities. AGENCY: Centers for Medicare & Medicaid Services (CMS), HHS. This document is scheduled to be published in the Federal Register on 07/07/2016 and available online at http://federalregister.gov/a/2016-15708, and on FDsys.gov DEPARTMENT OF HEALTH AND HUMAN SERVICES

More information

HIPAA 101. March 18, 2015 Webinar

HIPAA 101. March 18, 2015 Webinar HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses

More information

The Health Insurance Portability and Accountability Act (HIPAA) Excerpted from the UTC IRB Policy

The Health Insurance Portability and Accountability Act (HIPAA) Excerpted from the UTC IRB Policy The Health Insurance Portability and Accountability Act (HIPAA) Excerpted from the UTC IRB Policy June 2008 Table of Contents PART V: The Health Insurance Portability and Accountability Act (HIPAA)...

More information

Computer Security Incident Response Plan. Date of Approval: 23- FEB- 2015

Computer Security Incident Response Plan. Date of Approval: 23- FEB- 2015 Name of Approver: Mary Ann Blair Date of Approval: 23- FEB- 2015 Date of Review: 22- FEB- 2015 Effective Date: 23- FEB- 2015 Name of Reviewer: John Lerchey Table of Contents Table of Contents... 2 Introduction...

More information

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS Shipman & Goodwin LLP HIPAA Alert March 2009 STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS The economic stimulus package, officially named the American Recovery and Reinvestment Act of 2009

More information

University of Ontario Institute of Technology

University of Ontario Institute of Technology University of Ontario Institute of Technology Leveraging key data to provide proactive patient care Overview The need To better detect subtle warning signs of complications, clinicians need to gain greater

More information

The De-identification of Personally Identifiable Information

The De-identification of Personally Identifiable Information The De-identification of Personally Identifiable Information Khaled El Emam (PhD) www.privacyanalytics.ca 855.686.4781 info@privacyanalytics.ca 251 Laurier Avenue W, Suite 200 Ottawa, ON Canada K1P 5J6

More information

A Glimpse at the Future of Predictive Analytics in Healthcare

A Glimpse at the Future of Predictive Analytics in Healthcare A Glimpse at the Future of Predictive Analytics in Healthcare 1 Dr. Thomas Hill Dell Executive Director, Analytics Dell Software Group Tom.Hill@software.dell.com www.linkedin.com/in/drthomashill @DrTomHill

More information

May 7, 2012. Dear Dr. Mostashari:

May 7, 2012. Dear Dr. Mostashari: McKesson Corporation One Post Street San Francisco, CA 94104-5296 Ann Richardson Berkey Senior Vice President, Public Affairs May 7, 2012 Farzad Mostashari, M.D., ScM. Director Office of the National Coordinator

More information

Submission to the National Telecommunications and Information Administration (NTIA), U.S. Department of Commerce

Submission to the National Telecommunications and Information Administration (NTIA), U.S. Department of Commerce Submission to the National Telecommunications and Information Administration (NTIA), U.S. Department of Commerce Docket No. 140514424 4424 01 RIN 0660 XC010 Comments of the Information Technology Industry

More information

Business Associate Management Methodology

Business Associate Management Methodology Methodology auxilioinc.com 844.874.0684 Table of Contents Methodology Overview 3 Use Case 1: Upstream of s I manage business associates 4 System 5 Use Case 2: Eco System of s I manage business associates

More information

Security & Privacy Strategies for Expanded Communities. Deven McGraw Partner Manatt, Phelps & Phillips LLP

Security & Privacy Strategies for Expanded Communities. Deven McGraw Partner Manatt, Phelps & Phillips LLP Security & Privacy Strategies for Expanded Communities Deven McGraw Partner Manatt, Phelps & Phillips LLP 1 Key Challenges in Community Data Sharing Patient-mediated data sharing Sharing data with companies

More information

Business Associates: HITECH Changes You Need to Know

Business Associates: HITECH Changes You Need to Know Business Associates: HITECH Changes You Need to Know Rebecca L. Williams, RN, JD Partner Co-chair of HIT/HIPAA Practice Davis Wright Tremaine LLP beckywilliams@dwt.com 1 Who Is a Business Associate? A

More information

University of Cincinnati Limited HIPAA Glossary

University of Cincinnati Limited HIPAA Glossary University of Cincinnati Limited HIPAA Glossary ephi System A system that creates accesses, transmits or receives: 1) primary source ephi, 2) ephi critical for treatment, payment or health care operations

More information

HIPAA Privacy and Security Changes in the American Recovery and Reinvestment Act

HIPAA Privacy and Security Changes in the American Recovery and Reinvestment Act International Life Sciences Arbitration Health Industry Alert If you have questions or would like additional information on the material covered in this Alert, please contact the author: Brad M. Rostolsky

More information

State of Connecticut Department of Social Services HIPAA Policies and Procedures Manual

State of Connecticut Department of Social Services HIPAA Policies and Procedures Manual State of Connecticut Department of Social Services HIPAA Policies and Procedures Manual Updated 9/17/13 1 Overview As of April 14, 2003, the State of Connecticut Department of Social Services (DSS) is

More information

ACCOUNTABLE CARE ANALYTICS: DEVELOPING A TRUSTED 360 DEGREE VIEW OF THE PATIENT

ACCOUNTABLE CARE ANALYTICS: DEVELOPING A TRUSTED 360 DEGREE VIEW OF THE PATIENT ACCOUNTABLE CARE ANALYTICS: DEVELOPING A TRUSTED 360 DEGREE VIEW OF THE PATIENT Accountable Care Analytics: Developing a Trusted 360 Degree View of the Patient Introduction Recent federal regulations have

More information

A leader in the development and application of information technology to prevent and treat disease.

A leader in the development and application of information technology to prevent and treat disease. A leader in the development and application of information technology to prevent and treat disease. About MOLECULAR HEALTH Molecular Health was founded in 2004 with the vision of changing healthcare. Today

More information

Business Associates, HITECH & the Omnibus HIPAA Final Rule

Business Associates, HITECH & the Omnibus HIPAA Final Rule Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS

More information

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches

More information

October 22, 2009. 45 CFR PARTS 160 and 164

October 22, 2009. 45 CFR PARTS 160 and 164 October 22, 2009 U.S. Department of Health and Human Services Office for Civil Rights Attention: HITECH Breach Notification Hubert H. Humphrey Building Room 509 F 200 Independence Avenue, SW Washington,

More information

The NIH Roadmap: Re-Engineering the Clinical Research Enterprise

The NIH Roadmap: Re-Engineering the Clinical Research Enterprise NIH BACKGROUNDER National Institutes of Health The NIH Roadmap: Re-Engineering the Clinical Research Enterprise Clinical research is the linchpin of the nation s biomedical research enterprise. Before

More information

C H A MB E R O F C O M ME R C E O F T H E U N IT E D S T A T E S OF A M E R IC A

C H A MB E R O F C O M ME R C E O F T H E U N IT E D S T A T E S OF A M E R IC A C H A MB E R O F C O M ME R C E O F T H E U N IT E D S T A T E S OF A M E R IC A W I L L I A M L. K O V A C S S E N I O R V I C E P R E S I D E N T E N V I R O N M E N T, T E C H N O L O G Y & R E G U

More information

Find your future in the history

Find your future in the history Find your future in the history Is your radiology practice ready for the future? Demands are extremely high as radiology practices move from a fee-for-service model to an outcomes-based model centered

More information

HIPAA OMNIBUS RULE: EXPANDED COMPLIANCE REQUIREMENTS

HIPAA OMNIBUS RULE: EXPANDED COMPLIANCE REQUIREMENTS HIPAA OMNIBUS RULE: EXPANDED COMPLIANCE REQUIREMENTS James J. Eischen, Jr., Esq. November 2013 San Diego, California JAMES J. EISCHEN, JR., ESQ. Partner at Higgs, Fletcher & Mack, LLP 26+ years of experience

More information

The HIPAA privacy rule and long-term care : a quick guide for researchers

The HIPAA privacy rule and long-term care : a quick guide for researchers Scholarly Commons at Miami University http://sc.lib.miamioh.edu Scripps Gerontology Center Scripps Gerontology Center Publications The HIPAA privacy rule and long-term care : a quick guide for researchers

More information

Signed into law on February 17, 2009, the Stimulus Package known

Signed into law on February 17, 2009, the Stimulus Package known Stimulus Package Expands HIPAA Privacy and Security and Adds Federal Data Breach Notification Law Marcy Wilder, Donna A. Boswell, and BarBara Bennett The authors discuss provisions of the Stimulus Package

More information

Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015

Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015 Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015 Katherine M. Layman Cozen O Connor 1900 Market Street Philadelphia, PA 19103 (215) 665-2746

More information

Health Insurance Portability & Accountability Act (HIPAA) Compliance Application

Health Insurance Portability & Accountability Act (HIPAA) Compliance Application Health Insurance Portability & Accountability Act (HIPAA) Compliance Application IRB Office 101 - Altru Psychiatry Center 860 S. Columbia Rd, Grand Forks, North Dakota 58201 Phone: (701) 780-6161 PROJECT

More information

Health Home Performance Enhancement through Novel Reuse of Syndromic Surveillance Data

Health Home Performance Enhancement through Novel Reuse of Syndromic Surveillance Data Health Home Performance Enhancement through Novel Reuse of Syndromic Surveillance Data Category: Fast Track Solutions Contact: Tim Robyn Chief Information Officer Office of Administration Information Technology

More information

BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information

BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information I. PREAMBLE ( Covered Entity ) and ( Business Associate ) (jointly the Parties ) wish to enter into an Agreement to comply with the requirements

More information

Secondary Uses of Data for Comparative Effectiveness Research

Secondary Uses of Data for Comparative Effectiveness Research Secondary Uses of Data for Comparative Effectiveness Research Paul Wallace MD Director, Center for Comparative Effectiveness Research The Lewin Group Paul.Wallace@lewin.com Disclosure/Perspectives Training:

More information

Virginia Commonwealth University Information Security Standard

Virginia Commonwealth University Information Security Standard Virginia Commonwealth University Information Security Standard Title: Scope: Data Classification Standard This document provides the classification requirements for all data generated, processed, stored,

More information

Making Health Information Technology

Making Health Information Technology Making Health Information Technology Work: For the Future of Health and Care Vish Sankaran Program Director June 18, 2009 Background Health Care spending in the United States is over $2 Trillion per Year

More information

ebook Adaptive Analytics for Population Health Management

ebook Adaptive Analytics for Population Health Management ebook Adaptive Analytics for Population Health Management 1 The Data Problem The healthcare industry is reinventing itself in search of a more financially sustainable business model that also results in

More information

through advances in risk-based

through advances in risk-based Insight brief Quintiles is a market leader with >100 risk-based monitoring studies Quintiles developed solutions that bring as much as 25% cost reduction over traditional trial execution approaches Transform

More information

2019 Healthcare That Works for All

2019 Healthcare That Works for All 2019 Healthcare That Works for All This paper is one of a series describing what a decade of successful change in healthcare could look like in 2019. Each paper focuses on one aspect of healthcare. To

More information

Following Up with Patients Discharged from the Emergency Department: A Look at Voice and UCSF

Following Up with Patients Discharged from the Emergency Department: A Look at Voice and UCSF Following Up with Patients Discharged from the Emergency Department: A Look at Voice and UCSF page 1 Introduction The transition from hospital to home is a sensitive time period for patients and care providers.

More information

Use & Disclosure of Protected Health Information by Business Associates

Use & Disclosure of Protected Health Information by Business Associates Applicability: Policy Title: Policy Number: Use & Disclosure of Protected Health Information by Business Associates PP-12 Superseded Policy(ies) or Entity Policy: N/A Date Established: January 31, 2003

More information

Professional Employer Organizations Obligations Under HIPAA A Summary

Professional Employer Organizations Obligations Under HIPAA A Summary NAPEO Legal InsightsTM Volume 2, Number 6 November 2009 Professional Employer Organizations Obligations Under HIPAA A Summary Dale R. Vlasek, Esq. Attorney McDonald Hopkins LLC Cleveland, Ohio A PEO is

More information

Watson to Gain Ability to See with Planned $1B Acquisition of Merge Healthcare Deal Brings Watson Technology Together with Leader in Medical Images

Watson to Gain Ability to See with Planned $1B Acquisition of Merge Healthcare Deal Brings Watson Technology Together with Leader in Medical Images Watson to Gain Ability to See with Planned $1B Acquisition of Merge Healthcare Deal Brings Watson Technology Together with Leader in Medical Images Armonk, NY and CHICAGO -- [August 6, 2015]: IBM (NYSE:

More information

State of Nevada Public Employees Benefits Program. Master Plan Document for the HIPAA Privacy and Security Requirements for PEBP Health Benefits

State of Nevada Public Employees Benefits Program. Master Plan Document for the HIPAA Privacy and Security Requirements for PEBP Health Benefits State of Nevada for the Requirements for PEBP Health Benefits Plan Year 2016 July 1, 2015 June 30, 2016 www.pebp.state.nv.us (775) 684-7000 Or (800) 326-5496 Amendments Amendment Log Any amendments, changes

More information

Why Electronic Health Records are Ill-Suited for Population Health Management An InfoMC White Paper January 2016

Why Electronic Health Records are Ill-Suited for Population Health Management An InfoMC White Paper January 2016 Why Electronic Health Records are Ill-Suited for Population Health Management An InfoMC White Paper January 2016 Many studies have demonstrated that cost of care for patients with chronic illnesses is

More information

Covered Entities and Business Associates: An Evolving Relationship

Covered Entities and Business Associates: An Evolving Relationship Covered Entities and Business Associates: An Evolving Relationship Rebecca L. Williams, RN, JD Partner, Chair of HEALTH/HIPAA Practice Davis Wright Tremaine LLP beckywilliams@dwt.com 1 No health care provider

More information

2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security

2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security 2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security Commissioned by ID Experts November 2009 INTRODUCTION Healthcare breaches are on the rise; according to the 2009

More information

Statement of Policy. Reason for Policy

Statement of Policy. Reason for Policy Table of Contents Statement of Policy 2 Reason for Policy 2 HIPAA Liaison 2 Individuals and Entities Affected by Policy 2 Who Should Know Policy 3 Exclusions 3 Website Address for Policy 3 Definitions

More information

Dissecting New HIPAA Rules and What Compliance Means For You

Dissecting New HIPAA Rules and What Compliance Means For You Dissecting New HIPAA Rules and What Compliance Means For You A White Paper by Cindy Phillips of CMIT Solutions and Kelly McClendon of CompliancePro Solutions TABLE OF CONTENTS Introduction 3 What Are the

More information