info@ehidc.org

 202-624-3270

Privacy & Cybersecurity

Hide On Website: 
No

WEBINAR: COVID-19 Vaccine Administration & Tracking: Understanding the Privacy Implications

April 27, 2021

At the beginning of the COVID-19 pandemic, privacy concerns related to contact tracing were a dominating topic in the national dialogue around the virus. As its days appear finally to be numbered, it is closing with an uproar over the privacy implications of “vaccine passports” and the delicate balance between protecting the public and an individual’s right to privacy. Along the way, we as a nation have worried about data collection, storage, and sharing; public health surveillance; and potential bias and discrimination related to one’s COVID and/or vaccine status. Although there are no easy answers to these complex public health, civil liberties, and equity issues, understanding the issues and where the tensions lie is key to combating and ultimately eradicating the virus.

eHI's Alice Leiter joined panelists Chuck Curran, head of CDC Consulting and a collaborator with the Good Pass Collaborative, and privacy attorneys Karen Mandelbaum of Epstein Becker Green and Madeline Gitomer of Hogan Lovells, for a discussion of privacy issues related to COVID-19.

 

 

Speakers:


Madeline Gitomer
Senior Associate
Hogan Lovells

Madeline Gitomer works with legal counsel and privacy officers to navigate the regulatory landscape for organizations responding to cyber attacks and data breaches. Whether it is life sciences, education technology, digital health, or technology-driven startups, Madeline regularly advises clients on compliance with various data privacy laws, regulations, and public policy initiatives. She served as a professional staff member for the U.S. Senate Committee on Health, Education, Labor, and Pensions. Maddy holds a J.D. and a M.S. Ed from the University of Pennsylvania. 

 


Karen Mandelbaum
Senior Counsel
Epstein Becker Green

Karen Mandelbaum is a Senior Counsel in the Health Care and Life Sciences practice, in the Washington, DC, office of Epstein Becker Green. Prior to joining Epstein Becker Green, Ms. Mandelbaum served as the Senior Advisor for Security & Privacy Policy and Governance to the Chief Information Officer, Chief Information Security Officer, and Senior Official for Privacy in the Office of Information Technology at the Centers for Medicare and Medicaid Services (CMS), where she was responsible for developing and implementing an integrated approach to CMS’s cybersecurity and privacy program.  She was previously a Privacy Policy Subject Matter Expert at the Center for Consumer Information & Insurance Oversight (CCIIO), responsible for defining the scope of privacy requirements and the privacy policy program for the health insurance exchanges and the Federally-Facilitated Marketplace.

 


Chuck Curran
CDC Consulting LLC

Chuck advises on industry self regulation and accountability for ad-supported digital products and services. He was previously AOL’s Chief Counsel for policy and regulatory matters. He is a contributor to the Good Health Pass Collaborative, an open, cross-sector initiative for digital health passes.

 

 

 

Alice Leiter
Vice President and Senior Counsel
eHealth Initiative 

Alice is a health regulatory lawyer with a specialty in health information privacy law and policy. She previously worked as a Senior Associate at the law firm Hogan Lovells, where she worked with clients on Medicare and Medicaid pricing and reimbursement. Alice spent several years as policy counsel at two different non-profit organizations, the National Partnership for Women & Families and the Center for Democracy & Technology. She currently sits on the DC HIE Policy Board, as well as the boards of Beauvoir School, Educare DC, and DC Greens, the latter of which she chairs. She received her B.A. in human biology from Stanford University and her J.D. from the Georgetown University Law Center. Alice and her husband, Michael, live in Washington, D.C. with their four children.

Privacy, Passports, and Public Health

April 14, 2021

It is nearly impossible to read or listen to the news these days without seeing or hearing something about “vaccine passports.” Do we need them? Do we want them? Are they happening regardless, and if so, where and when?

As the conversation swirls around the utility and benefit of a simple, fast way to see if individuals – students, customers, employees – have been vaccinated against COVID-19, the legal and ethical implications of any such system have turned the whole issue into, as the New York Times said this week, a “cultural flashpoint.”

A vaccine passport is a standardized credential that would allow people to prove that they have been vaccinated against COVID-19. They have been oft-discussed in relation to travel, and airlines such as Jet Blue and United have already implemented them on select flights through an application called Common Pass. Universities including Northeastern, Brown, Cornell, and Rutgers have all said in recent weeks that they will require proof of vaccination in order to allow students to return to campus in the fall. And New York has rolled out the “Excelsior Pass,” described by the state as “a free, fast and secure way to present digital proof of Covid-19 vaccination” in the event that large venues such as sports arenas or concert halls require proof of an entrant’s vaccination status. 

Whether or not such a requirement is legal depends on whether or not the entity implementing it is public or private – in some senses, this can be seen as akin to a “no shirt, no shoes, no service” edict by local businesses. Regardless of its legality, however, there are significant and legitimate concerns that the credential, or lack thereof, could be used against people unfairly, or in a manner that promotes or results in discrimination or bias.

After the governor of Texas used his executive power Tuesday to ban the state and organizations that receive funding from the state from requiring vaccine passports, over concerns that they intrude on “personal freedoms,” White House Press Secretary Jen Psaki made clear that the federal government “is not now, nor will we be, supporting a system that requires Americans to carry a credential…There will be no federal vaccinations database and no federal mandate requiring everyone to obtain a single vaccination credential.” Citing concerns related to equity, the World Health Organization also said on Tuesday that it currently does not support mandatory proof of vaccination for international travel.

Regardless, Walmart, which is the country’s largest private employer, has already begun offering electronic applications verifying the vaccination status of patients who receive their vaccines at Walmart, and there are at least 17 different vaccine passport development initiatives currently underway, according to the Washington Post, for use by businesses who want to restrict admission to those who have been vaccinated.

Is your head hurting yet?? In an effort to help increase understanding of the current landscape and the legal, privacy, and ethical issues at play, eHI is hosting a webinar on April 27 at 2:00 EDT. Join us to have all your questions answered (we hope!) – register and submit your questions below. 

WEBINAR: COVID-19 Vaccine Administration & Tracking: Understanding the Privacy Implications

At the beginning of the COVID-19 pandemic, privacy concerns related to contact tracing were a dominating topic in the national dialogue around the virus. As its days appear finally to be numbered, it is closing with an uproar over the privacy implications of “vaccine passports” and the delicate balance between protecting the public and an individual’s right to privacy. Along the way, we as a nation have worried about data collection, storage, and sharing; public health surveillance; and potential bias and discrimination related to one’s COVID and/or vaccine status.

Executive Spotlight: Protecting “Health-Ish” Data

March 03, 2021

As we enter our third month of 2021 and the new Administration and Congress, new national, comprehensive data privacy legislation is still not guaranteed any time soon. In the absence of such a law, consumer health data remains governed by HIPAA, several other narrowly applicable federal laws, and a patchwork of state laws and regulations, leading to concern about how under-protected health data is collected, used, and shared. The exponential proliferation of mobile health applications, wearable devices, remote monitoring and online health-related communication in recent years has accelerated the need for prompt federal and industry action. Additionally, the COVID-19 pandemic has shone a spotlight on the collection and sharing of data and the legal landscape that does – or does not – protect it.

In this featured panel from eHI’s Annual Meeting in January, eHI Vice President and Senior Counsel Alice Leiter joined Jodie Daniel of Crowell & Moring, Laura Hoffman of the AMA, and Liz Salmi of OpenNotes and Beth Israel Deaconess Medical Center to discuss the challenging balance of shoring up legal protections for the increasing amount of non-HIPAA-covered health data, establishing consumer trust in new technologies, and encouraging innovation in health and health care.

WEBINAR: Impact of Information Blocking Rules on Health Information Exchanges

March 02, 2021

Nearly one year ago, the Office of the National Coordinator for Health Information Technology (ONC) and the Centers for Medicare & Medicaid Services (CMS) released final regulations to implement information blocking provisions of the 21st Century Cures Act.

This year, all eyes turn to compliance with the regulations, which could be especially complicated for health information exchanges (HIEs) given how they operate in the health care system and their contractual arrangements with providers. In this webinar, hear from experts and HIEs directly about the impact of regulation on HIEs, and the implementation challenges they’re facing as they prepare for the upcoming compliance deadlines.

 

 

Speakers: 


Deven McGraw 
Co-Founder & Chief Regulatory Officer 
Ciitizen

Deven McGraw is the Chief Regulatory Officer for Ciitizen. Prior to joining Ciitizen, she directed U.S. health privacy and security policy through her roles as Deputy Director for Health Information Privacy at the HHS Office for Civil Rights (the office that oversees HIPAA policy and enforcement) and Chief Privacy Officer (Acting) of the Office of the National Coordinator for Health IT. Deven also advised PCORNet (the Patient Centered Outcomes Research Network), as well as the federal All of Us Research Initiative, on HIPAA and patient-donated data research initiatives.

 

 


Melissa Kotrys, MPH
Chief Executive Officer
Health Current

 

Melissa Kotrys is the Chief Executive Officer (CEO) for Health Current, the health information exchange (HIE) that helps partners transform care by bringing together communities and information across Arizona. Through her vision and leadership, the Arizona HIE is recognized as a model for aligning the healthcare community with the possibilities of connected electronic health information to advance individual and community health and wellbeing.

Melissa is recognized as a collaborative partner of hospitals and health systems, health plans, healthcare providers, healthcare associations and other healthcare sectors in Arizona. She currently serves as the Board Chair of the Strategic Health Information Exchange Collaborative (SHIEC), the national association of HIEs. She also serves as a member of the Healthcare Information and Management Systems Society (HIMSS) Americas Advisory Board, the Employers Council Board of Directors, the State Medicaid Advisory Committee, and the Crisis Response Network’s Advisory Council.

Prior to joining Health Current, Melissa worked as a consultant and health policy analyst at Deloitte Consulting.  She holds a Master of Public Health in health policy from The George Washington University and a Bachelor of Arts from The University of North Carolina at Chapel Hill.


Amy Warner
General Counsel, Privacy and Compliance Officer
Rochester RHIO 

Amy Warner is the Chief Counsel, Privacy and Compliance Officer at Rochester RHIO. Prior to that, she was an Attorney and Manager at Sedgewick. She served as the Assistant State’s Attorney in Broward County, Florida, and Deputy County Attorney in Monroe County.

She led the EHNAC Accreditation Initiative for the Rochester RHIO in 2014, 2016 and 2018. Obtained national accreditation by the Electronic Healthcare Network Accreditation Commission.

She has been the recipient of the Rochester Business Journal Corporate Counsel Award in 2020, the Rochester Business Journal Healthcare Achievement Award 2013 and the Eastridge High School Hall of Fame Award. She volunteers on the board of Verona St Animal Society and the board of the Children’s Institute. She co-chairs the Legal Workgroup of the Systems Integration Project, NYS Privacy and Security Policy Committee, and chairs both the SHIN-NY Qualified Entity Privilege Committee and the Rochester RHIO Cross Sector Data Sharing Committee.

Amy has a Bachelor’s in Business Administration from UNC, an MBA from St John Fisher’s University, and a JD from NOVA Southeastern University.

 


Adrienne Ellis
Advisor
CRISP

Adrienne Ellis brings substantial health policy and financing expertise to Burton Policy Consulting. In her previous work at the Mental Health Association of Maryland and the National Council for Community Behavioral Health, Adrienne advanced public policy at the state and federal level to ensure that individuals with mental illness or substance use disorders have access to quality and timely treatment. In these roles, Adrienne worked with Maryland’s implementation of the Affordable Care Act. She has trained behavioral health consumers and providers to understand insurance regulations and worked with behavioral health stakeholders and consumer organizations to improve their organizational policies.​

Adrienne has extensive experience in coalition building, training, and facilitation. As a consultant, Adrienne focuses on helping organizations understand the impact of their policies and evaluate their effectiveness in achieving goals. Currently, Adrienne serves as an advisor to CRISP, assisting them to improve health outcomes for behavioral health patients by increasing provider access to clinical mental health and substance use disorder information.  

Adrienne has a Master of Social Work from the University of Maryland, Baltimore and is a graduate of Northern Michigan University.


Alice Leiter
Vice President and Senior Counsel
eHI

Alice is a health regulatory lawyer with a specialty in health information privacy law and policy. She previously worked as a Senior Associate at the law firm Hogan Lovells, where she worked with clients on Medicare and Medicaid pricing and reimbursement. Alice spent several years as policy counsel at two different non-profit organizations, the National Partnership for Women & Families and the Center for Democracy & Technology. She currently sits on the DC HIE Policy Board, as well as the boards of Beauvoir School, Educare DC, and DC Greens, the latter of which she chairs. She received her B.A. in human biology from Stanford University and her J.D. from the Georgetown University Law Center. Alice and her husband, Michael, live in Washington, D.C. with their four children.

 

 

This webinar is sponsored by

WEBINAR: Providers Ditch Paperwork & Reduce Burden with AI

February 17, 2021

While healthcare organizations have been under tremendous financial stress during the COVID-19 pandemic, a recent United healthcare survey shows that 56% of healthcare organizations reported accelerating their artificial intelligence (AI) plans. Since the pandemic struck, investment in AI platforms has skyrocketed. In this webinar, we heard what is driving the current AI investments including cost savings, improved provider and patient experiences, reducing staff burnout and administrative burden.


- Learn how a cutting-edge platform uses AI and RPA to quickly eliminate repetitive operational tasks at scale by using existing administrative processes and applications (i.e. EHR, web-based apps)

- Hear experts discuss how healthcare organizations are investing in AI and automation technologies to cut costs, reduce staff burn-out, create resilience, and enhance the employee and patient experience

China's Push to Control Americans' Health Care Future

February 11, 2021

CBS recently published a 60 Minutes interview titled "China's Push to Control Americans' Health Care Future," featuring Edward You, Supervisory Special Agent in the FBI's Weapons of Mass Destruction Directorate and friend of eHI. According to the interview, the officials say the Chinese government is trying to collect Americans' DNA, and they believe a recent offer from a Chinese company for assistance in COVID-19 testing was suspicious.

The National Counterintelligence and Security Center released a fact sheet about China's interest in our genetic data as a supplement to the 60 Minutes segment. 

CDT and EHI Release Proposed Consumer Privacy Framework for Unprotected Health Data

February 09, 2021

The Center for Democracy & Technology (CDT) and the Executives for Health Innovation (EHI), formerly eHealth Initiative (eHI), with generous support from the Robert Wood Johnson Foundation have released a proposed Consumer Privacy Framework for Health Data. The Framework responds to increasing concerns about the use of underprotected health data in the absence of federal privacy legislation, an issue magnified by the COVID-19 pandemic.

“Much of the information consumers provide through health, retail, genomics, GPS apps and online is not protected. While federal regulation is urgently needed, the Framework and proposed self-regulatory body are a solid first step to holding companies accountable,” says EHI CEO Jen Covich Bordenick.

CDT President & CEO Alexandra Reeve Givens says, “Frequently, consumers are surprised to find out how their data is used. Our proposal aims to limit use of data about physical and mental health to ways that meet consumer expectations and help organizations stay ahead of the regulatory curve.”

The proposed Framework sets much-needed standards around the collection, disclosure, and use of health data that falls outside the protection of the Health Insurance Portability and Accountability Act (HIPAA), and aims to limit these practices to purposes consistent with consumer requests and expectations. It also proposes an independent self-regulatory body to hold member companies accountable to those standards.

Katherine Hempstead, senior policy adviser at RWJF, which provided funding for the study, said “Given the lack of federal legislation, the Framework is an important building block toward strengthening consumer privacy.”

The Framework covers a wide range of information used to make inferences or conclusions about a person’s physical or mental health and applies to a spectrum of non-HIPAA-covered entities that collect, disclose, or use consumer health information.

The Framework builds on an earlier draft proposal and is the culmination of a year-long collaborative process that involved dozens of organizations and experts, including clinicians, consumer groups, employers, health plans, hospitals, laboratories, privacy experts, pharmacies, public health agencies, policymakers, and the general public.

“Moving forward, CDT and EHI intend to continue developing the Framework with a particular focus on ensuring that company practices adequately address the unique and often discriminatory uses of health-related information affecting historically marginalized communities and vulnerable populations,” says Givens.

“This is especially urgent given how the pandemic is shining a spotlight on health disparities and discriminatory uses of health-related information,” adds Bordenick.

Download the Phase Two Report: The Case for Accountability: Protecting Health Data Outside the Healthcare System »