Privacy & Security
Privacy policies and security controls are being developed to provide assurances to Iowans that their personal health information is kept confidential and secure. These policies will be incorporated in the Iowa Health Information Network (IHIN) Participation Agreement, and will address:
- compliance with applicable laws
- cooperation with other IHIN participants
- expectations to use the IHIN only for permitted purposes
- limitation on the future use of data received through the IHIN
- privacy and security measures required to be in place before using the IHIN
Iowa e-Health is working to incorporate the privacy and security provisions included in House File 649 - specifically for pilot participants of the IHIN - into the Strategic and Operational Plan.
How will Iowa e-Health protect privacy and security?
- Secure Authentication: All participants having access to the IHIN will have a unique ID. Additionally, all participants will be required to provide at least two levels of authentication to gain access to the system.
- Role-Based Authorization: Health care providers will have specific "roll-based" access to the IHIN. This means IHIN participants will be given certain access based on the role they have in the hospital or clinic. For example, an emergency room physician will have much more access to patient information available in the IHIN than would an employee in the hospital's business office.
- Compliance HIPAA: Health care providers exchanging protected health information through the IHIN must comply with the policies, procedures, and regulations established by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and other applicable laws.
- Audit and Tracking: Monitoring the access to the IHIN is essential to help ensure the security of the system and the privacy of patient health information. Reports or alerts generated from audit records can be used to provide transparency in how health information has been accessed or exchanged.