IBM and HIPAAT team to give patients control over personal health information access

Naples 15 May 2008IBM and HIPAAT Inc., a provider of consent management solutions to the health care industry, are joining forces to bring innovative health-information privacy controls to patients and care providers everywhere. The IBM-HIPAAT collaboration extends patient-driven privacy to Electronic Medical Records (EMRs), Electronic Health Records (EHRs), Personal Health Records (PHRs) and Health Information Exchanges (HIEs).


Combined IBM and HIPAAT technologies allow patients to easily specify who is granted access to their personal health information (PHI), what information can be accessed and when. They enable caregivers to implement and enforce patient consent directives, providing "break the glass" access to PHI and EHR data in emergency-care situations, where appropriate.

This commercially available patient-directed solution is a privacy-based approach to securely controlling PHI access across diverse health care applications and settings. When installed in HIE environments as the "consent engine", Privacy eSuite empowers patients and designated providers to create and record privacy directives. The software then evaluates a provider's authorization to access a patient's PHI based on such directives. With the combined offerings, a patient can restrict a particular clinician from accessing PHI, even if that clinician - based on medical role - would typically be granted such access. All access requests are recorded and an audit trail is created.

"The ability to share electronic health information nationwide is transforming the industry by placing increased control of health care delivery squarely where it belongs: in the hands of patients themselves", stated Ivo Nelson, Vice President, IBM Healthcare Provider. "Our work with HIPAAT will ensure that, as the use of electronic health data proliferates and improves health care services and results, patients themselves will be able to ensure their own health-information privacy as the true custodians of access to such highly personal information."

IBM and HIPAAT are integrating HIPAAT's Privacy eSuite software - based on Service Oriented Architecture (SOA) - with IBM's SOA Foundation for joint projects. The IBM SOA Foundation supports IBM's global health care strategy, which is based on the adoption of an asset-based, interoperable SOA approach and the use of open standards and standards-based EHRs to ensure secure and private exchanges of records between authorized health care services and benefits organisations.

To achieve these goals, IBM is currently working with partners and clients within the health care industry to make information delivery and related business processes more patient-centric. One important initiative currently benefiting from the IBM-HIPAAT collaboration is the Nationwide Health Information Network (NHIN) Trial Implementation now under development by the North Carolina Healthcare Information and Communications Alliance Inc. (NCHICA). This initiative gives patients and providers transparent access to Privacy eSuite's privacy controls across the broad spectrum of applications enabled by the SOA Foundation.

"The IBM-HIPAAT technology will provide NCHICA members and NHIN participants an opportunity to exercise more control over their sensitive health information", stated Holt Anderson, NCHICA Executive Director. "This is a capability the public has demanded." NCHICA was established as a non-profit in 1994 by Executive Order of Governor James B. Hunt, Jr. to "improve health and care by accelerating the adoption of information technology and enabling policies."

IBM's SOA strategy incorporates aspects of several industry-leading product portfolios including IBM WebSphere, Lotus, Tivoli, Rational and Information Management and is a critical component of IBM's Information on Demand initiative. These portfolios have been further strengthened by a series of key acquisitions such as Cognos, ISS and Watchfire. For example, Privacy eSuite's capabilities extend IBM's Tivoli identity and access management security offerings, thereby ensuring information protection in multiple health care-delivery settings and situations.

"Patients understand that it is beneficial for caregivers to share their health information electronically, but those informed of their rights want to control the conditions of access", stated Terry Callahan, HIPAAT Managing Director. "Some patients will avoid participating in EHR programmes or provider portals if they aren't given the capability to restrict access to their PHI, which could negatively affect their care and put them in harm's way. Our collaboration with IBM provides the industry with a forward-thinking, patient-centric consent management solution that benefits both patients and providers."

HIPAAT provides patient-centric consent management solutions to the health care industry. Its interoperable, scalable web services approach - with software that aggregates patient privacy directives and organisational/jurisdictional policies - enables privacy-sensitive access control to PHI across health care organisations and regions.

More IBM news is available in this VMW issue's article The Quantum Group and IBM sign research collaboration agreement for the LA Grid University Consortium.

Leslie Versweyveld

[Medical IT News][Calendar][Virtual Medical Worlds Community][News on Advanced IT]