Home
We are CareSpark
For Patients
For Clinicians
Priority Health Issues
A Healthy Workforce
FAQ's
CareSpark Consortium
Key Decisions
Privacy and Security
Latest News
Announcements
Ask our Experts
Search
HIT Resources

We Care About Your Privacy and Security

CareSpark recognizes that privacy and security of health information are critical components in establishing the trust relationship between CareSpark, our authorized participants and patients.  CareSpark has established two governance bodies and an appointed Privacy Officer.  This structure guides the organization’s efforts in secure exchange of protected health information.

1.     The Health Information Control Board (HIC) functions as an advisory body regarding the management of protected health information.  The HIC Board has responsibility for developing policies and procedures in accordance with federal and state laws to facilitate providers in delivering quality care and encouraging clinical best practices through the use of health information technology.

2.     The Privacy Committee functions in an advisory capacity to the CareSpark Board in complying with requirements for effective collection and use of protected health information.  This body serves as a resource to review the implementation and adherence to CareSpark’s policies and procedures.  The Committee also provides assistance and advice to the CareSpark Privacy Officer in protecting the privacy and confidentiality of health information.

3.     The CareSpark Privacy Officer is credentialed in the management of health information and oversees the daily operations related to the development, implementation, maintenance and adherence to the organization’s privacy policies and procedures.  The Privacy Officer functions as the internal resource for privacy training and applies appropriate privacy practices for emerging technologies as well as works with our Data Participants to provide for the patient rights to inspect, amend and restrict access to protected health information.  If you have any questions or concerns about the privacy of your information at CareSpark, please contact Brenda Getaz, CareSpark Privacy Officer @ 423-765-9341.

Privacy and Security Reference Library

This reference library is intended to provide a focused set of key papers, presentations, and other resources to aid the readers in understanding the critical issues relating to privacy and security in electronic health information exchange. 

When Businesses ATAC: Duffield Data Center is Unmatched in the US
CareSpark's Data Center will be hosted by One Partner's Advanced Technology and Applications Center (ATAC) located in Duffield, Virginia and due to open June, 2008. The ATAC has achieved certification as the nation's first and only commercial Tier III facility. Tier III is a designation created by The Uptime Institute as part of a system of measuring reliability of service. It means that every component of the distribution path can be removed from service on a planned basis without causing any computer equipment to shut down.

Summary of the HIPAA Privacy Rule
Summary:  HHS Office for Civil Rights (OCR), May 2003.  This is a summary, compiled by the HHS Office for Civil Rights, of key elements of the HIPAA Privacy Rule.  It is not a complete or comprehensive guide to compliance, but it is often referred to as the best available and easiest to understand summary of the HIPAA privacy rule.

Review of TN Laws Related to Health Information Exchange
Review of Tennessee Laws Related to HIE, has been conducted by Randy Sermons and CareSpark. The final report contains approximately 260 statutes affecting the exchange of health information.

The Decade of Health Information Technology: Delivering Consumer-centric and Information-rich Health Care; Nationwide Health Information Infrastructure Framework for Strategic Action
Summary:  July 21, 2004, Tommy Thompson, David Brailer, HHS. This report, written by the Office of the National Coordinator for Health Information Technology to fulfill the requirements of Executive Order 13335, outlines a framework for development and implementation of a strategic plan to guide the nationwide implementation of health information technology in both the public and private sectors.


HIMSS Security Survey
Summary: The HIMSS Security Survey reports the opinions of information technology (IT) and security professionals from healthcare provider organizations across the U.S. regarding key issues surrounding the tools and policies in place to secure electronic patient data at healthcare organizations. The study was designed to collect information on a multitude of topics regarding organizations’ general security environment, including access to patient data, access tracking and audit logs, security in a networked environment, use of security in a networked environment and medical identity theft.

The Collaborative Response to the ONCHIT Request for Information
Summary:  From a collaboration of organizations including AHIMA, ANSI, CITL, Connecting for Health, eHealth Initiative, HL7, HIMSS, and others, January 2005.  On November 1, 2004, in an effort to gain broad input regarding the best mechanisms to achieve nationwide interoperability and exchange of electronic health information, the Office of the National Coordinator for Health Information Technology (ONC) released a Request for Information (RFI).  Thirteen major health and technology organizations developed this collaborative response endorsing a "Common Framework" to support health information exchange in the United States while protecting patient privacy.

Emerging Trends and Issues in Health Information Exchange
Summary:  eHealth Initiative, 2005.  Selected findings from eHealth Initiative Foundation's Third Annual Survey of State, Regional and Community-based Health Information Exchange Initiatives and Organizations.

An Introductory Resource Guide for Implementing the Health Insurance Portability Act (HIPAA) Security Rule
Summary:  NIST Special Publication 800-66, National Institute of Standards and Technology, March 2005.  This Special Publication summarizes the HIPAA security standards and explains some of the structure and organization of the Security Rule.  This publication helps to educate readers about information security terms used in the HIPAA Security Rule and to improve understanding of the meaning of the security standards set out in the Security Rule.  The publication is also designed to direct readers to helpful information in other NIST publications on individual topics the HIPAA Security Rule addresses.  Readers can draw upon these publications for consideration in implementing the Security Rule.  This publication is intended as an aid to understanding security concepts discussed in the HIPAA Security Rule, and does not supplement, replace or supersede the HIPAA Security Rule itself.

Linking Health Care Information:  Proposed Methods for Improving Care and Protecting Privacy
Summary:  Connecting for Health, February 2005.  The linking of vital information as patients receive care from a fragmented healthcare system is a problem that has consistently plagued interoperability efforts in healthcare.  The goal of Linking Working Group was to address these issues, proposing practical strategies for improving healthcare through improved linking of information in a secure and effieient manner, and in a way that allows healthcare professionals much improved access to needed information while respecting patients' privacy rights.