Skip Navigation Archive: U.S. Department of Health and Human Services
Archive: Agency for Healthcare Research Quality
Archive print banner

New Reports Identify State-level Privacy and Security Solutions for Secure Exchange of Health Information

This information is for reference purposes only. It was current when produced and may now be outdated. Archive material is no longer maintained, and some links may not work. Persons with disabilities having difficulty accessing this information should contact us at: Let us know the nature of the problem, the Web address of what you want, and your contact information.

Please go to for current information.

Press Release Date: August 1, 2007

The Department of Health & Human Services' (HHS) Agency for Healthcare Research and Quality (AHRQ) today released a set of reports titled Privacy and Security Solutions for Interoperable Health Information Exchange. The reports review 34 state Health Information Exchange plans and identify the challenges and feasible solutions for ensuring the safety and security of electronic health information exchange. This work was funded under a contract with AHRQ, the Office of the National Coordinator for Health Information Technology and RTI International.

All States followed a standard core methodology, but each was provided an opportunity to tailor the process to meet their needs. As a result, States varied on several key dimensions, including degree of adoption of electronic health information exchange, health care market forces in the State, legal and regulatory conditions related to health information, demographic composition of the State, and financial status of the State.

"These reports address one of the greatest concerns that Americans have about health information technology: Will their personal data be safe?" said AHRQ Director Carolyn M. Clancy, M.D. "This work presents information on how to develop privacy and security solutions that allow for the exchange of information safely and securely."

"Work at the State and local levels is integral to our success. The number of stakeholders involved in this initiative demonstrates the magnitude of this work," said Robert Kolodner, M.D., National Coordinator for Health Information Technology. "The report findings and recommendations will provide ongoing guidance for local, state and federal governments as we move toward greater interoperability."

Some of the key findings point to the need for additional research and guidance on:

  • Identifying different interpretations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule among States and increasing awareness among stakeholders.
  • Addressing variations regarding the potential intersections between federal/State privacy laws.
  • Evaluating the technologies available to protect security and privacy of individuals as well as the associated administrative processes and liabilities.
  • Developing a system that accurately and consistently matches individual patients with their health record information-one that is created and updated by various health care providers/organizations.
  • Developing a standard set of definitions and terms to facilitate sharing of health information. For example, terms such as medical emergency, current treatment, related entity, and minimum necessary do not have agreed-upon definitions and may increase variation as organizations attempt to meet compliance.

The reports can be downloaded from AHRQ's Health IT Web site.

For more information, please contact AHRQ Public Affairs: (301) 427-1855 or (301) 427-1241.


The information on this page is archived and provided for reference purposes only.


AHRQ Advancing Excellence in Health Care