Throughout the week-long HIMSS13 conference that recently took place in New Orleans, there were new healthcare technologies from around the country being put on display and each vendor was attempted to better the one beside it. But one of the most fascinating technologies that HealthITSecurity.com interacted with ended up being a local community-based Health IT infrastructure called the Greater New Orleans Health Information Exchange (GNOHIE)
The Louisiana Public Health Institute (LPHI) manages GNOHIE and the Office of the National Coordinator for Health Information Technology (ONC) funded its launch through the Beacon Community Program initiative in November 2012. HealthITSecurity.com met with Gaurav Nagrath, CIO, and Liam Bouchier, Associate Director of the Information Services Division of LPHI, at HIMSS13 to explain how a community of partners had built the health information exchange (HIE) around care co-ordination use cases and the organization’s security strategies and methodologies.
While the system is relatively young (it was virtually stood up in January 2012 and began operating with live data in July 2012), the fact that it’s a Centralized Data Repository (CDR) with two years of clinical and demographic backfill and not a distributed model makes management of that data an easier proposition. As a result of this infrastructure, community-based physicians now receive emergency department and in-patient notifications directly into their electronic medical records (EMRs), the primary care coordination use case for any of their patients that touch a connected hospital care setting. Clinic care navigators are then able to navigate those patients back to their medical home for follow up care and prevent possible re-admissions.
GNOHIE has its privacy and security policies in place, such as the user access control policy below, but Bouchier and Nagrath went into detail in discussing the HIE’s security framework as well.
The User Access Control policy aims to ensure that the Greater New Orleans Health Information Exchange (GNOHIE) and Participating Organizations and Members comply with all applicable laws in allowing Users to view information, and the type of information available to view, on the MirthResults component or any other component of the GNOHIE, including Mirth Care and Mirth Analytics (“Mirth”). Establishing protocols related to Users access of the protected health information (PHI) is essential to build trust among members and remain in compliance with federal and state privacy laws.
GNOHIE technical safeguards and penetration tests
From infrastructure security to transactional security, to authentication both at a personal level and organizational level, Nagrath said that there is encryption of data at all points and audit trails are perpetually kept for every single person who touches the HIE. Similar to most well-developed HIEs, GNOHIE adheres to industry state standard and security practices that go far beyond HIPAA regulations.
There’ll be continued advances in the way we manage protected health information (PHI). As custodians of PHI, we always have to be at or beyond the curve when managing it. The community has trusted us to do so, as it’s an obligation. Our philosophy is one where we don’t take anything for granted and we’re astute in our protocols and audits. And we’ve made sure that the necessary policies developed get framed with community input.
Nagrath said that the community uses security penetration testing on a bi-annual basis that works out well because using an outside source can provide perspective in defining the sensitivity of the data in the protocols when managing the data store for us internally. And this allows us to compartmentalize data in many ways, such as the way it’s stored, user access or walled-off data. “The partition between PHI and [normal] information is dramatic because the safeguards in place to ensure PHI remains protected are tremendous,” Nagrath said.
A look at GNOHIE security layers
GNOHIE uses open-source Mirth Corp. architecture and software, for the most part which is delivered over the Web. There are a few ways, according to Bouchier, in which you can prevent that data from being readily accessible.
One is looking at the actual method of access – the URL to actually get to any Web facing portals of the system for example. You’re not going to find that URL via Google or easily on the Web, we’ve made a very conscious effort in any of our system documentation to not publish this type of information and to make sure the link is integrated within an EMR system for providers. So you have that on top of usual user access controls, privileges for the right user and appropriate level of privileges etc… Then you have the level of data segmentation on the back end that Gaurav was talking about. Lastly there is the normal front end system user access control, administrative access and just regular users.
Bouchier explained that there are also domain-type restrictions are location-specific that set specific parameters for access to sensitive data behind firewalls based on user credentials and where that user is located. One of the more interesting layers of HIE data security is managing the portion where staff have access to data for analytics, some of which just requires data segmentation and others require data de-identification. The data that is being used for future research and analysis and includes some non-sensitive personal information can just be segmented, whereas anything that’s more descriptive beyond that must be de-identified in the GNOHIE with very limited access.
“The main analytics staff that would be analyzing the data, would be doing so with de-identified data,” Bouchier said. “And any partner dashboards we publish, data powering these dashboards is de-identified but can still be specific to their clinic population.”