HIMSS18 Recap: Patient Data Takes Center Stage for Privacy Protection
The 2018 Healthcare Information Management Systems Society’s (HIMSS) Health IT Conference (HIMSS18), hosted more than 43,000 attendees. Groups of healthcare industry professionals filled educational sessions and convention hall aisles on March 5—9 in Las Vegas. With over half of attendees representing provider, payer, and governmental agencies, HIMSS reaffirmed its position as the top event for everyone involved in the health information technology (HIT) industry.
As Vice President of Privacy, Compliance, and HIM Policy for MRO, my personal focus at HIMSS18 was on the need for greater patient data integrity and evolving data privacy. Below are a few main points and strategic tasks gleaned for fellow patient privacy professionals. I discuss these points more in detail in this article.
Break Down Barriers
Attendees this year intentionally focused on the need to make health information accessible and fully actionable. The importance of creating actionable data, versus simply sharing information, was a key point throughout HIMSS18.
Direct sharing of the Continuity of Care Document (CCD) was another strategic task presented to HIT professionals during HIMSS18. CCD includes the predefined data elements needed for continuing care in any setting. The underlying thought is that these data elements could be shared through direct messaging to the next caregiver and prepopulate the provider’s EHR for continuity of care. The same reasoning would hold that these data elements should be downloadable to the patient application of choice so the patient always has this information.
The bottom line for data access in healthcare: information silos must be eliminated.
Encourage Patient Ownership
Multiple sessions covered the importance of patient ownership of personal healthcare data. To effectively meet the goal of patient ownership, speakers reiterated the need for data segmentation. For example, patients can specify which data they want to be held privately—not the entire record, but granular information at the data element level.
The General Data Privacy Regulation (GDPR), the European move to segment data for special protections, was also covered in detail at HIMSS18. Patient privacy is now a global initiative. For more information on this topic, download a copy of MRO’s recent webinar on the topic.
Finally, information for quality reporting was a central topic, as quality reporting moves from an encounter-centric to a patient-centric approach. Both of these capabilities, data segmentation and whole patient reporting, must be supported as healthcare makes the transition to value-based purchasing.
Watch Threats, Ensure Compliance
Cloud computing vulnerabilities remain top of mind for all healthcare providers, payers, and governmental agencies. For Business Associates (BAs) using cloud computing, speakers emphasized the need to know where data resides and how it is controlled. These details should be in BA Agreements, along with specifications on how the confirmed BA meets security regulations.
Effective healthcare privacy compliance plans must manage policies and procedures, auditing, disciplinary guidelines, and corrective actions. Focus on your ability to detect, respond to, and recover from any privacy or security events through proactive risk plans and accountability to protect patient data.
The biggest benefit of attending the 2018 HIMSS annual conference was gaining useful knowledge. Technology is rapidly advancing, and the conference is one of the best venues to observe the transformational impact of technology on the healthcare industry.