Encrypting Health Record Data in Michigan Health Information Exchange
Michigan and Ohio are syncing up – health records, that is. State health information exchange groups, the Ohio Health Information Partnership CliniSync and Michigan Health Connect have joined forces to allow residents of Ohio to seek medical treatment in Michigan. These state organizations allow for data-sharing of electronic medical records (EMRs), including immunization records, MRI results, and more, making it convenient for physicians and hospitals to treat patients in either state.
As part of the federal Direct Project, part of the Nationwide Health Information Network, the program’s objective is allow for a standardized way to send encrypted digital health information directly to recipients online. Focused mainly on the technical standards, the project includes a document explaining how to use SMTP, S/MIME and X.509 certificates for secure information exchange. The document, Applicability Statement for Secure Health Transport, is the most updated version, and it describes the standard encryption algorithms, trust verifications, and more.
To clarify, the Direct Project only addresses how information is sent, and not interoperability as a whole, which also involves the structure and format of exchanged content and what terms they will use within their content. The project also doesn’t specify if the standards are HIPAA compliant, although one might assume as such since it’s a federal project. It does indicate that the standards may satisfy some State 1 Meaningful Use requirements.
For some specific recommendations when it comes to encrypting data for HIPAA compliance, read Encrypting Data to Meet HIPAA Compliance.
With the health exchange movement comes the mobile movement – BYOD (Bring Your Own Device) is another way to expedite workflow in the healthcare industry. But sending health data via mobile devices comes with its own inherent risks. The best way to keep sensitive data safe and within compliance is to keep data off of the device itself, and in an offsite, secure location, like a HIPAA compliant data center. Read our Mobile Security white paper for best practices.
About the Michigan Health Connect
Michigan Health Connect is a nonprofit corporation founded by leading health systems in Michigan to advance the delivery and coordination of high quality, efficient, patient-focused health care across the state through collaboratively leveraging information technology and clinical data exchange.
About the Ohio Health Information Partnership, CliniSync
The Ohio Health Information Partnership is a nonprofit entity whose mission is to assist physicians and other providers with the adoption and implementation of health information technology (HIT) throughout Ohio, specifically in the adoption and use of electronic health records. Funded through the Office of the National Coordinator of HIT within the U.S. Department of Health and Human Services, we also are responsible for the creation of a technological infrastructure that will allow Ohio physicians, hospitals and healthcare professionals to electronically share patient health records across the state.