Office of the National Coordinator for Health Information Technology; American Health Information Community Confidentiality, Privacy, and Security Workgroup Meeting, 57945-57946 [07-5010]
Download as PDF
<![CDATA[
Federal Register / Vol. 72, No. 196 / Thursday, October 11, 2007 / Notices
that is listed in § 225.28 of Regulation Y
(12 CFR 225.28) or that the Board has
determined by Order to be closely
related to banking and permissible for
bank holding companies. Unless
otherwise noted, these activities will be
conducted throughout the United States.
Each notice is available for inspection
at the Federal Reserve Bank indicated.
The notice also will be available for
inspection at the offices of the Board of
Governors. Interested persons may
express their views in writing on the
question whether the proposal complies
with the standards of section 4 of the
BHC Act. Additional information on all
bank holding companies may be
obtained from the National Information
Center website at www.ffiec.gov/nic/.
Unless otherwise noted, comments
regarding the applications must be
received at the Reserve Bank indicated
or the offices of the Board of Governors
not later than November 5, 2007.
A. Federal Reserve Bank of Chicago
(Burl Thornton, Assistant Vice
President) 230 South LaSalle Street,
Chicago, Illinois 60690–1414:
1. Capitol Bancorp Ltd., Lansing,
Michigan, and Capitol Development
Bancorp Ltd. VI, Lansing, Michigan, to
acquire 51 percent of the voting shares
of Brookhollow Bank (in organization),
Irving, Texas; and Bank of Fort Bend (in
organization), Sugar Land, Texas, and
engage in operating savings
associations, pursuant to section
225.28(b)(4)(ii) of Regulation
2. Partnership Community
Bancshares, Inc., Tomac, Wisconsin, to
engage de novo in extending credit
activities, pursuant to section
225.28(b)(1) of Regulation Y. Comment
on this application must be received by
October 26, 2007.
Board of Governors of the Federal Reserve
System, October 5, 2007.
Robert deV. Frierson,
Deputy Secretary of the Board.
[FR Doc.E7–20028 Filed 10–10–07; 8:45 am]
BILLING CODE 6210–01–S
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Office of the National Coordinator for
Health Information Technology;
American Health Information
Community Confidentiality, Privacy,
and Security Workgroup Meeting
rwilkins on PROD1PC63 with NOTICES
ACTION:
Announcement of meeting.
SUMMARY: This notice announces the
15th meeting of the American Health
Information Community Confidentiality,
Privacy, and Security Workgroup in
accordance with the Federal Advisory
VerDate Aug<31>2005
16:09 Oct 10, 2007
Jkt 214001
Committee Act (Pub. L. 92–463, 5
U.S.C., App.).
DATES: November 8, 2007, from 1 p.m.
to 5 p.m. [Eastern Time].
ADDRESSES: Mary C. Switzer Building
(330 C Street, SW., Washington, DC
20201), Conference Room 4090 (please
bring photo ID for entry to a Federal
building).
FOR FURTHER INFORMATION CONTACT:
https://www.hhs.gov/healthit/ahic/
confidentiality/.
SUPPLEMENTARY INFORMATION: The
American Health Information
Community Confidentiality, Privacy,
and Security (CPS) workgroup is
seeking public feedback on the
following. To submit comments via email (preferred), please send them to
cps-wkg@altarum.org (to ensure that
your e-mail is received and
appropriately filed, we ask that you put
‘‘CPS Public Comment’’ in the subject
line of your e-mail) or mail your
comments to Steven Posnack, Office of
the National Coordinator (ONC), 330 C
Street, SW., Suite 4090, Washington, DC
20201. Written testimony submitted by
the public is not required to address all
of the questions listed below, and
answers to any or all of the questions
will be accepted so long as they comply
with the following guidelines.
Comments should be double-spaced and
submitted via e-mail or mail by 5 p.m.
Eastern Standard Time on November 30,
2007 in order to receive consideration
by the CPS workgroup.
On June 12th, 2007 the AHIC
accepted for recommendation to the
Secretary of HHS the following
recommendation made by the CPS
Workgroup: All persons and entities,
excluding consumers, that participate
directly in, or comprise, an electronic
health information exchange network,
through which individually identifiable
health information is stored, compiled,
transmitted, modified or accessed
should be required to meet enforceable
privacy and security criteria at least
equivalent to any relevant HIPAA
requirements (45 CFR Parts 160 and
164). Furthermore, any person or entity
that functions as a Business Associate
(as described in 45 CFR 160.103) and
participates directly in, or comprises, an
electronic health information exchange
network should be required to meet
enforceable privacy and security criteria
at least equivalent to any relevant
HIPAA requirements, independent of
those established by contractual
arrangements (such as a Business
Associate Agreement as provided for in
HIPAA).
Over the past several months the CPS
workgroup has been evaluating, at a
PO 00000
Frm 00037
Fmt 4703
Sfmt 4703
57945
more granular level, two key questions
raised by the recommendation above.
What constitutes a ‘‘relevant’’ HIPAA
requirement for particular ‘‘direct
participants’’ and what, if any,
additional confidentiality, privacy,
security protections may be needed
beyond those already contained in the
HIPAA Privacy and Security Rules (the
Rules) in order to ensure trust in
electronic health information exchange.
Given that the Rules were written to
be applicable to health plans, healthcare
clearinghouses, and health care
provides conducting certain electronic
health care transactions, we understand
that some persons or entities may have
an appropriate reason for not needing to
meet a particular requirement. To date,
the CPS Workgroup is considering
recommendations regarding the
relevancy of the following HIPAA
requirements: (1) § 164.520 Notice of
privacy practices for protected health
information; (2) § 164.52 Access of
individuals to protected health
information; and (3) § 164.526
Amendment of protected health
information, with respect to
organizations such as health
information exchanges (HIEs) and
regional health information
organizations (RHIOs). The Workgroup
would like to encourage HIEs, RHIOs
and other similar organizations to
submit answers to the following
questions in order for the Workgroup to
validate or refine our current thinking.
(1) Please describe your electronic
health information exchange model.
a. What type(s) of health information
do you exchange and for what
purpose(s)?
b. Who participates in your network
(e.g., providers, patients, insurers, labs)?
c. How do you exchange health
information?
i. Do you maintain a ‘‘repository’’
where records/health information is
stored in one location? If so, is it by
provider or as one comprehensive
record?
ii. Do you use a record locator (where
records reside in numerous locations)?
iii. If neither, please describe.
(2) Have you established business
associate contracts or data sharing
agreements? If so, with whom (by
category of entity)? Have you
established contracts or data sharing
agreements with all of the participants
in your network? If not, why not?
(3) What level of participation do you
provide to individuals (e.g. patients/
consumers)?
a. Do you provide individuals with a
phone number and contact person?
E:\FR\FM\11OCN1.SGM
11OCN1
57946
Federal Register / Vol. 72, No. 196 / Thursday, October 11, 2007 / Notices
b. Do you permit individuals to
access/review/obtain copies of their
health information via your network?
c. Do you provide individuals
information about who has viewed or
exchange their health information?
d. Do you permit individuals to
change/amend health information via
your network? If so, what type(s) of
health information?
e. Do patients of providers or insurers
who participate in the network have the
right not to have their information
shared with you? If so, how is the right
exercised? Do individuals who
participate have the right to specify
certain restrictions with respect to the
information that is shared (for example,
who can access and what can be
accessed)? If so, please describe.
(4) Does our organization have a
notice of privacy practices or privacy
policy? If so, do you send it out, when,
and to whom do you send it to? Do you
have it posted on your Web site?
(5) Do you have a policy on
notification in the event of a security
breach? Do you notify companies/
entities participating in your network?
Do you ever notify individuals
(patients)? If so, in what circumstances?
The meeting will be available via Web
cast. For additional information, go to:
https://www.hhs.gov/healthit/ahic/
cps_instruct.html.
Dated: October 2, 2007.
Judith Sparrow,
Director, American Health Information
Community, Office of Programs and
Coordination, Office of the National
Coordinator for Health Information
Technology.
[FR Doc. 07–5010 Filed 10–10–07 8:45 am]
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Office of the National Coordinator for
Health Information Technology;
American Health Information
Community Quality Workgroup
Meeting
Announcement of meeting.
This notice announces the
13th meeting of the American Health
Information Community Quality
Workgroup in accordance with the
Federal Advisory Committee Act (Pub.
L. 92–463, 5 U.S.C., App.).
DATES: October 31, 2007, from 1 p.m. to
4 p.m. [Eastern Time].
ADDRESSES: Mary C. Switzer Building
(330 C Street, SW., Washington, DC
20201), Conference Room 4090 (please
rwilkins on PROD1PC63 with NOTICES
SUMMARY:
VerDate Aug<31>2005
16:09 Oct 10, 2007
Dated: October 1, 2007.
Judith Sparrow,
Director, American Health Information
Community, Office of Programs and
Coordination, Office of the National
Coordinator for Health Information
Technology.
[FR Doc. 07–5011 Filed 10–10–07; 8:45 am]
BILLING CODE 4150–24–M
Jkt 214001
https://www.hhs.gov/healthit/ahic/
chroniccare/cc_instruct.html.
Dated: October 1, 2007.
Judith Sparrow,
Director, American Health Information
Community, Office of Programs and
Coordination, Office of the National
Coordinator for Health Information
Technology.
[FR Doc. 07–5012 Filed 10–10–07; 8:45 am]
BILLING CODE 4150–24–M
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Office of the National Coordinator for
Health Information Technology;
American Health Information
Community Personalized Healthcare
Workgroup Meeting
ACTION:
Announcement of meeting.
SUMMARY: This notice announces the
tenth meeting of the American Health
Information Community Personalized
Healthcare Workgroup in accordance
with the Federal Advisory Committee
Act (Pub. L. 92–463, 5 U.S.C., App.).
November 26, 2007, from 12 p.m.
to 3 p.m. [Eastern Time].
DATES:
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
ADDRESSES:
Office of the National Coordinator for
Health Information Technology;
American Health Information
Community Chronic Care Workgroup
Meeting
FOR FURTHER INFORMATION:
ACTION:
Announcement of meeting.
This notice announces the
19th meeting of the American Health
Information Community Chronic Care
Workgroup in accordance with the
Federal Advisory Committee Act (Pub.
L. 92–463, 5 U.S.C., App.).
DATES: November 1, 2007 from 1 p.m. to
4 p.m. Eastern Time.
ADDRESS: Mary C. Switzer Building (330
C Street, SW., Washington, DC 20201),
Conference Room 4090. Please bring
photo ID for entry to a Federal building.
FOR FURTHER INFORMATION CONTACT:
https://www.hhs.gov/healthit/ahic/
chroniccare/.
SUPPLEMENTARY INFORMATION: The
Workgroup will continue its discussion
on ways to deploy widely available,
secure technologies solutions for remote
monitoring and assessment of patients
and for communication between
clinicians about patients.
The meeting will be available via Web
cast. For additional information, go to:
SUMMARY:
BILLING CODE 4150–24–M
ACTION:
bring photo ID for entry to a Federal
building).
FOR FURTHER INFORMATION CONTACT:
https://www.hhs.gov/healthit/ahic/
quality/.
SUPPLEMENTARY INFORMATION: The
Workgroup will continue its discussion
on how health information technology
can provide the data needed for the
development of quality measures that
are useful to patients and others in the
health care industry, automate the
measurement and reporting of a
comprehensive current and future set of
quality measures, and accelerate the use
of clinical decision support that can
improve performance on those quality
measures.
The meeting will be available via Web
cast. For additional information; go to:
https://www.hhs.gov/healthit/ahic/
quality/quality_instruct.html.
PO 00000
Frm 00038
Fmt 4703
Sfmt 4703
Mary C. Switzer Building
(330 C Street, SW., Washington, DC
20201), Conference Room 4090. Please
bring photo ID for entry to a Federal
building.
https://
www.hhs.gov/healthit/ahic/healthcare/.
The
Workgroup will discuss possible
common data standards to incorporate
interoperable, clinically useful genetic/
genomic information and analytical
tools into Electronic Health Records
(EHR) to support clinical decisionmaking for the clinician and consumer.
The meeting will be available via Web
cast. For additional information, go to:
https://www.hhs.gov/healthit/ahic/
healthcare/phc_instruct.html.
SUPPLEMENTARY INFORMATION:
Dated: October 1, 2007.
Judith Sparrow,
Director, American Health Information
Community, Office of Programs and
Coordination, Office of the National
Coordinator for Health Information
Technology.
[FR Doc. 07–5013 Filed 10–10–07; 8:45 am]
BILLING CODE 4150–24–M
E:\FR\FM\11OCN1.SGM
11OCN1
]]>Agencies
[Federal Register Volume 72, Number 196 (Thursday, October 11, 2007)]
[Notices]
[Pages 57945-57946]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 07-5010]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office of the National Coordinator for Health Information
Technology; American Health Information Community Confidentiality,
Privacy, and Security Workgroup Meeting
ACTION: Announcement of meeting.
-----------------------------------------------------------------------
SUMMARY: This notice announces the 15th meeting of the American Health
Information Community Confidentiality, Privacy, and Security Workgroup
in accordance with the Federal Advisory Committee Act (Pub. L. 92-463,
5 U.S.C., App.).
DATES: November 8, 2007, from 1 p.m. to 5 p.m. [Eastern Time].
ADDRESSES: Mary C. Switzer Building (330 C Street, SW., Washington, DC
20201), Conference Room 4090 (please bring photo ID for entry to a
Federal building).
FOR FURTHER INFORMATION CONTACT: https://www.hhs.gov/healthit/ahic/
confidentiality/.
SUPPLEMENTARY INFORMATION: The American Health Information Community
Confidentiality, Privacy, and Security (CPS) workgroup is seeking
public feedback on the following. To submit comments via e-mail
(preferred), please send them to cps-wkg@altarum.org (to ensure that
your e-mail is received and appropriately filed, we ask that you put
``CPS Public Comment'' in the subject line of your e-mail) or mail your
comments to Steven Posnack, Office of the National Coordinator (ONC),
330 C Street, SW., Suite 4090, Washington, DC 20201. Written testimony
submitted by the public is not required to address all of the questions
listed below, and answers to any or all of the questions will be
accepted so long as they comply with the following guidelines. Comments
should be double-spaced and submitted via e-mail or mail by 5 p.m.
Eastern Standard Time on November 30, 2007 in order to receive
consideration by the CPS workgroup.
On June 12th, 2007 the AHIC accepted for recommendation to the
Secretary of HHS the following recommendation made by the CPS
Workgroup: All persons and entities, excluding consumers, that
participate directly in, or comprise, an electronic health information
exchange network, through which individually identifiable health
information is stored, compiled, transmitted, modified or accessed
should be required to meet enforceable privacy and security criteria at
least equivalent to any relevant HIPAA requirements (45 CFR Parts 160
and 164). Furthermore, any person or entity that functions as a
Business Associate (as described in 45 CFR 160.103) and participates
directly in, or comprises, an electronic health information exchange
network should be required to meet enforceable privacy and security
criteria at least equivalent to any relevant HIPAA requirements,
independent of those established by contractual arrangements (such as a
Business Associate Agreement as provided for in HIPAA).
Over the past several months the CPS workgroup has been evaluating,
at a more granular level, two key questions raised by the
recommendation above. What constitutes a ``relevant'' HIPAA requirement
for particular ``direct participants'' and what, if any, additional
confidentiality, privacy, security protections may be needed beyond
those already contained in the HIPAA Privacy and Security Rules (the
Rules) in order to ensure trust in electronic health information
exchange.
Given that the Rules were written to be applicable to health plans,
healthcare clearinghouses, and health care provides conducting certain
electronic health care transactions, we understand that some persons or
entities may have an appropriate reason for not needing to meet a
particular requirement. To date, the CPS Workgroup is considering
recommendations regarding the relevancy of the following HIPAA
requirements: (1) Sec. 164.520 Notice of privacy practices for
protected health information; (2) Sec. 164.52 Access of individuals to
protected health information; and (3) Sec. 164.526 Amendment of
protected health information, with respect to organizations such as
health information exchanges (HIEs) and regional health information
organizations (RHIOs). The Workgroup would like to encourage HIEs,
RHIOs and other similar organizations to submit answers to the
following questions in order for the Workgroup to validate or refine
our current thinking.
(1) Please describe your electronic health information exchange
model.
a. What type(s) of health information do you exchange and for what
purpose(s)?
b. Who participates in your network (e.g., providers, patients,
insurers, labs)?
c. How do you exchange health information?
i. Do you maintain a ``repository'' where records/health
information is stored in one location? If so, is it by provider or as
one comprehensive record?
ii. Do you use a record locator (where records reside in numerous
locations)?
iii. If neither, please describe.
(2) Have you established business associate contracts or data
sharing agreements? If so, with whom (by category of entity)? Have you
established contracts or data sharing agreements with all of the
participants in your network? If not, why not?
(3) What level of participation do you provide to individuals (e.g.
patients/consumers)?
a. Do you provide individuals with a phone number and contact
person?
[[Page 57946]]
b. Do you permit individuals to access/review/obtain copies of
their health information via your network?
c. Do you provide individuals information about who has viewed or
exchange their health information?
d. Do you permit individuals to change/amend health information via
your network? If so, what type(s) of health information?
e. Do patients of providers or insurers who participate in the
network have the right not to have their information shared with you?
If so, how is the right exercised? Do individuals who participate have
the right to specify certain restrictions with respect to the
information that is shared (for example, who can access and what can be
accessed)? If so, please describe.
(4) Does our organization have a notice of privacy practices or
privacy policy? If so, do you send it out, when, and to whom do you
send it to? Do you have it posted on your Web site?
(5) Do you have a policy on notification in the event of a security
breach? Do you notify companies/entities participating in your network?
Do you ever notify individuals (patients)? If so, in what
circumstances?
The meeting will be available via Web cast. For additional
information, go to: https://www.hhs.gov/healthit/ahic/cps_
instruct.html.
Dated: October 2, 2007.
Judith Sparrow,
Director, American Health Information Community, Office of Programs and
Coordination, Office of the National Coordinator for Health Information
Technology.
[FR Doc. 07-5010 Filed 10-10-07 8:45 am]
BILLING CODE 4150-24-M
