On March 4 and 5, 2010, national experts will gather at the University of Utah S.J. Quinney College of Law for a multi-disciplinary symposium focusing on issues of law, ethics, and maintaining patient confidentiality in the electronic age. The symposium, “Privacy and Ethics Meets Biomedical informatics,” begins at 2:00 p.m. and ends at 5:00 p.m. on Thursday, March 4 and begins at 9:00 a.m. and ends at 4:15 p.m. on Friday, March 5. Cosponsored by the National Committee on Vital and Health Statistics, the Division of Medical Ethics, and the Department of Biomedical Informatics, the symposium is free and open to the public, but pre-registration is requested.
Bioinformatics—the field of science in which biology, computer science, and information technology merge to form a single discipline—is currently undergoing changes that are nothing short of revolutionary. Interoperable electronic health records, e-prescribing, personal health records maintained by patients, and other recent developments promise great benefits for individual health, quality and cost of care, medical research and public health.
However, these developments also pose significant threats to individual privacy and confidentiality. Sensitive information—sexual histories, substance abuse or mental health treatment, genetic test results— that once rested in the paper records of individual providers, can be passed along as part of a complete medical record, unless methods for masking sensitive information are developed.
Once de-identified data sets are combined, possibilities for uniquely identifying individuals re-emerge. Data mining for infectious disease surveillance or identification of adverse drug events may also identify specific individuals.
“This symposium is especially exciting because it will bring together policy makers at the federal level with national experts in both privacy law and cutting edge health information technology,” explained conference organizer Leslie Francis, a professor at the College of Law.
Thursday, March 4th / Sutherland Moot Courtroom
2:00-3:15 p.m. Session 1: Setting the Stage
Welcome and Conference Objectives – Leslie Francis
NCVHS: An Introduction and Welcome – Marjorie Greenberg
The First Four Ages of Patient Privacy – Nicholas Terry
3:15 p.m. BREAK
3:30-5:00 p.m. Session 2: Deidentification
Re-identification Risk: Perception vs. Reality – Brad Malin
Minimum Necessary and Data Identifiability: A Next Frontier for Privacy? – Deven McGraw
Friday, March 5, 2010 / Sutherland Moot Courtroom
9:00-10:30 a.m. Session 3: Patient Control
Establishing trust in the NHIN: Methods for increasing patient control – Maya Bernstein
Interoperable Standards to Implement Consumer Privacy Preferences – Walter Suarez
10:30 a.m. BREAK
10:45 a.m.-12:00 p.m. Session 4: Patient Control: The Example of Genetic Information
Sequestering Genetic Information in EHRs - Mark Rothstein
General Discussion: How Do We Make Privacy Work in EHR Design?
12:00 p.m. LUNCH BREAK
1:00-2:30 p.m. Session 5: Multiple Actors
Different Standards for Protecting Privacy: A View from the States – Sallie Milam
Difficult Issues for Healthcare Institutions – John Houston
2:30 p.m. BREAK
2:45-4:15 p.m. Session 6: Liability and Regulatory Frameworks
Privacy Is Not the Whole Story: Quality, Safety, and Liability Concerns – Sharona Hoffman & Andy Podgurski
Discussion: Where Should We Go From Here? What Should be the Research Agenda? The Public Policy Agenda?
Click on a name to view their bio
Maya Bernstein, Department of Health and Human Services;
Ms. Bernstein is lead staff to the Privacy, Confidentiality, and Security Subcommittee of the National Committee on Vital and Health Statistics, a federal advisory committee. She also represents HHS on several government-wide committees, such as the CIO Council Privacy Committee, and served on the Presidential Task Force on Controlled Unclassified Information.
Ms. Bernstein began her federal career at the Office of Management and Budget, where she was a policy analyst in the Information Policy and Technology Branch from 1990-1999. In addition to carrying out OMB’s responsibility for oversight of the Privacy Act of 1974, she was involved in a number of significant legislative, regulatory, and program reviews, including welfare reform, medical records privacy under HIPAA, immigration reform, implementation of the Brady Bill, and the White House’s electronic commerce initiatives.
While at OMB, Ms. Bernstein earned a law degree. She clerked for the Honorable Vanessa Ruiz at the D.C. Court of Appeals in the 1999-2000 term, and was engaged in the private practice of law until returning to federal service in 2003 as the Privacy Advocate of the Internal Revenue Service. Ms. Bernstein earned a Bachelor of Arts at the University of Michigan, Ann Arbor, and a J.D. at American University.
Marjorie Greenberg, National Committee on Vital and Health Statistics;
Marjorie S. Greenberg is Chief of the Classifications and Public Health Data Standards Staff (CPHDSS) at the National Center for Health Statistics (NCHS), Centers for Disease Control and Prevention, U.S. Department of Health and Human Services (DHHS). Ms. Greenberg, who has been with NCHS since 1982, serves as Executive Secretary to the National Committee on Vital and Health Statistics, which is the external advisory committee to DHHS on national health information policy. She has been Head of the WHO Collaborating Center for the Family of International Classifications (FIC) for North America since 1996 and has chaired the WHO-FIC Education Committee since its inception in 1999. She currently co-chairs the Education Committee as well as serving as an ex-officio member of the Joint Collaboration with the International Federation of Health Records Organizations (IFHRO). Ms. Greenberg has co-chaired the WHO-FIC Network Council since 2007 and is a member of the Revision Steering Group for the International Statistical Classification of Diseases. She also serves on the Technical Advisory Group of the Health Information Systems (HIS) Knowledge Hub, University of Queensland, Australia. Ms. Greenberg is a founding member of the Public Health Data Standards Consortium, which represents the interests of public health and health services research in data standards setting processes. She serves on the Consortium Board of Directors and Executive Committee as Liaison for Federal agencies and is the Consortium’s federal representative to the National Uniform Billing Committee. Her areas of interest and expertise include health data standardization, uniform health data sets, health classifications, training and education, data policy development and evaluation policy. She speaks and writes on these subjects for national and international audiences and co-authored the chapter on Standards and Their Use in Health Statistics in a comprehensive edited volume on Health Statistics (Oxford University Press, 2005). She received her bachelor’s degree from Wellesley College and a master’s degree from Harvard University.
Sharona Hoffman, Case Western Reserve University Law School;
Sharona Hoffman is a Professor of Law and bioethics at Case Western Reserve University School of Law. She is also the Co-Director of the Law School’s Law-Medicine Center. Professor Hoffman received her B.A. magna cum laude from Wellesley College and her J.D. cum laude from Harvard Law School. She also earned an LL.M. in health law from the University of Houston.
Professor Hoffman teaches Health Law courses, Employment Discrimination, and Civil Procedure. In January-April of 2007 she served as a Guest Researcher at the Centers for Disease Control and Prevention’s (CDC) Public Health Law Program in Atlanta. She was later appointed by the U.S. Secretary of Health and Human Services to serve as a member of the Board of Scientific Counselors for the CDC Coordinating Office for Terrorism Preparedness and Emergency Response for a four year term (2008-2012).
Professor Hoffman has published over forty articles, most of which focus on health law and civil rights law and has been widely quoted in the national press. Her current research focuses on health information technology.
John Houston, University of Pittsburgh Medical Center;
Brad Malin, Vanderbilt University, Department of Biomedical Informatics;
Sallie Milam, West Virginia Chief Privacy Officer;
Sallie Milam has practiced law for over 20 years primarily in the health and privacy areas; Ms. Milam is a Certified Information Privacy Professional with a Government specialization. Since 2003, she has served as the State of West Virginia’s Chief Privacy Officer, and leads the Executive Branch’s Privacy Program, which is sponsored by the West Virginia Health Care Authority. Previously, she served as the Executive Director of the West Virginia Health Information Network, which is a public-private partnership charged to promote the design, implementation, operation and maintenance of a fully interoperable statewide health information exchange. Ms. Milam has been involved in multi-stakeholder collaborative processes around electronic health records, health information exchange, privacy and other legal issues through her work as the WV HISPC Legal Working Group Chair and Co-Chair of the Health Information Protection Taskforce to the eHealth Alliance. Ms. Milam is also a member of the National Committee on Vital and Health Statistics and its Security, Privacy, and Confidentiality Subcommittee, and is West Virginia’s Project Director for its Nationwide Health Information Network contract.
Deven McGraw, Center for Democracy and Technology, Washington, D.C.;
Deven McGraw is the Director of the Health Privacy Project at CDT. The Project is focused on developing and promoting workable privacy and security protections for electronic personal health information.
Ms. McGraw is active in efforts to advance the adoption and implementation of health information technology and electronic health information exchange to improve health care. She was one of three persons appointed by Kathleen Sebelius, the Secretary of the U.S. Department of Health & Human Services (HHS), to serve on the Health Information Technology (HIT) Policy Committee, a federal advisory committee established in the American Recovery and Reinvestment Act of 2009. She co-chairs the Committee’s Privacy and Security Workgroup and its Information Exchange Workgroup, and serves as a member of its Meaningful Use, National Health Information Network and Strategic Plan Workgroups. She also served on two key workgroups of the American Health Information Community (AHIC), the federal advisory body established by HHS in the Bush Administration to develop recommendations on how to facilitate use of health information technology to improve health. Specifically, she co-chaired the Confidentiality, Privacy and Security Workgroup and was a member of the Personalized Health Care Workgroup. She also served on the Policy Steering Committee of the eHealth Initiative and now serves on its Leadership Council. She is also on the Steering Group of the Markle Foundation’s Connecting for Health multi-stakeholder initiative.
Ms. McGraw has a strong background in health care policy. Prior to joining CDT, Ms. McGraw was the Chief Operating Officer of the National Partnership for Women & Families, providing strategic direction and oversight for all of the organization’s core program areas, including the promotion of initiatives to improve health care quality. Ms. McGraw also was an associate in the public policy group at Patton Boggs, LLP and in the health care group at Ropes & Gray. She also served as Deputy Legal Counsel to the Governor of Massachusetts and taught in the Federal Legislation Clinic at the Georgetown University Law Center.
Ms. McGraw graduated magna cum laude from the University of Maryland. She earned her J.D., magna cum laude, and her L.L.M. from Georgetown University Law Center and was Executive Editor of the Georgetown Law Journal. She also has a Master of Public Health from Johns Hopkins School of Hygiene and Public Health.
Andy Podgurski, Case Western Reserve University Department of Computer Science;
Andy Podgurski is Professor of Computer Science in the Electrical Engineering & Computer Science Department at Case Western Reserve University in Cleveland, OH, where he has been a faculty member since 1989. He holds a Ph.D. in Computer Science from the University of Massachusetts, Amherst. His research and teaching interests are mainly in the areas of Software Engineering and Computer Security. He has over 40 research publications and has been principal investigator or Co-PI on numerous funded research projects.
Mark Rothstein, University of Louisville Louis D. Brandeis School of Law;
Mark A. Rothstein holds the Herbert F. Boehl Chair of Law and Medicine and is Director of the Institute for Bioethics, Health Policy, and Law at the University of Louisville School of Medicine.
He received his B.A. from the University of Pittsburgh and his J.D. from Georgetown University.
Professor Rothstein has concentrated his research on bioethics, genetics, health privacy, public health, and employment law. From 1999-2008, he served as a member of the National Committee on Vital and Health Statistics (NCVHS), where he chaired the Subcommittee on Privacy and Confidentiality. NCVHS is the statutory advisory committee to the Secretary of Health and Human Services on health information policy. He is past president of the American Society of Law, Medicine and Ethics and a fellow of the Hastings Center.
He is the author or editor of 19 books and over 200 book chapters and articles on bioethics, law, and public health.
Walter Suarez, Kaiser Permanente;
Dr. Suarez is a physician and a public health and medical information systems specialist, and the Director of Health IT Strategy for Kaiser Permanente. Before joining Kaiser, Dr. Suarez was the President and CEO of the Institute for HIPAA/HIT Education and Research. Prior to this he was the CEO of the Midwest Center for HIPAA Education and before that the Executive Director and CEO of the Minnesota Health Data Institute. He also worked for the Minnesota Department of Health in various senior policy positions.
Dr. Suarez has provided project management, technical and policy consulting services and project/program evaluation services to health care provider organizations, health plans, Medicaid and Medicare programs, Public Health agencies and vendors in the areas of Health IT/HIE, public health data standards, health disparities, quality measurement, health information privacy and security standards, and HIPAA standards including Transactions and Code Sets (TCS) and the National Provider Identifier (NPI).
More recently, Dr. Suarez was a lead consultant to national and regional projects such as the Health Information Security and Privacy Collaboration – HISPC (ONC-AHRQ), Technical Assistance to Medicaid and CHIP Agencies on Health IT and HIE (AHRQ) and Development of Statewide Uniform Companion Guides for HIPAA Transactions (Minnesota).
Dr. Suarez was appointed in 2008 by the Secretary of Health and Human Services to the prestigious National Committee on Vital and Health Statistics (NCVHS). Last year the Secretary also appointed him to the HIT Standards Committee of the Office of the National Coordinator for Health Information Technology.
Nicholas Terry, St. Louis University School of Law.
Nicolas P. Terry is the Chester A. Myers Professor of Law and Senior Associate Dean at Saint Louis University School of Law where he teaches Torts, Products Liability, and Health Care Quality. Educated at Kingston University and the University of Cambridge, Professor Terry began his academic career as a member of the law faculty of the University of Exeter in England. He is a Senior Fellow at Melbourne Law School and holds the secondary appointment of Professor of Health Management & Policy at the Saint Louis University School of Public Health. He has held visiting faculty positions at the law schools of Santa Clara University, the University of Missouri-Columbia, Washington University, and the University of Iowa. From 2000-08 Professor Terry served as co-director of Saint Louis University’s Center for Health Law Studies — consistently ranked by U.S. News & World Report as the finest health law program in the nation. Professor Terry’s research interests lie primarily at the intersection of medicine, law, and information technology. His recent law review publications dealing with health information privacy include “Physicians And Patients Who ‘Friend’ Or ‘Tweet’: Constructing A Legal Framework For Social Networking In A Highly Regulated Domain,” xx Ind. L. Rev. xxx (forthcoming 2010); “Personal Health Records: Directing More Costs and Risks to Consumers?” 1 Drexel L. Rev. 216 (2009); “What’s Wrong with Health Privacy?” 5 J. Health & Bio. L. 1-32 (2009), and “Ensuring The Privacy and Confidentiality of Electronic Health Records” (with Leslie P. Francis) 2007 U. Ill. L. Rev. 681-735.
The symposium is free and open to the public, but pre-registration is requested. Contact Miriam Lovin: firstname.lastname@example.org or 801-581-7356. The event can also be viewed live online at dashboard.law.utah.edu.
The symposium is offered for 7.5 Hours CLE Credit (pending approval). Free parking is available at Rice-Eccles Stadium and no permit is required.
For more information and a complete schedule of events, visit:
http://medicine.utah.edu/internalmedicine/medicalethics/ or contact Professor Leslie Francis at email@example.com