09-24-13 | Blog Post

More Live-Blogging from the HIMSS Privacy & Security Forum

Blog Posts

Military Health System Research Findings: Implications on Patient Privacy and Identity Management


Rosemary Nelson, MSN, MA, RN-BC, CPHIMS President & CEO, MDM Strategies, Inc.

Loretta Schlachta-Fairchild, RN, PhD, FACHE, LTC(ret)  US Army Independent Consultant, MDM Strategies, Inc.

Rosemary Nelson and Loretta Schlachta-Fairchild today unveiled findings from an exhaustive review of studies, policies, and articles relating to health IT privacy and identity management. In addition to summarize their extensive compilation, they shared a link to all of the resources in the hopes that it will be useful to others interested in knowing what literature is currently available in the domain.

MDM Strategies Final Report for USAMRMC/TATRC

Rosemary Nelson shared context about the research study:

Between DoD & VA, they have responsibility to protect the health information for everyone who enters the service from the time they raise their hand until they reach their grave. This requires information to be transferred from a DoD facility to the VA, and sometimes civilian network providers when a specialist outside of the DoD and VA network becomes involved in patient care.

It’s time to identify the data integration policies, standards, and processes to ensure patient privacy is preserved among the 3 entities (D0D, VA, Network Providers). This report analyzes what happens when this data is moving in these 3 directions.

We were tasked to study the policies that impact policies and procedures in place now, and identify where we need to adapt new policies and standards to meet any existing gaps. We began with a literature review and an assessment of Military Health Systems Standards and Policies.

Loretta Schlachta-Fairchild shared the findings:

Our study used the AHRQ framework.  Our literature review spanned the world, not just DoD or VA documentation. We used 4 primary databases: Proquest, PubMed, Gale, Scopus.


  • 98 HITPIM standards

    • 54 ID management standards

    • 44 patient privacy standards

  • 196 HITPIM policies

    • 180 privacy policies

    • 16 are ID Management Policies

    • 36 are DoD policies (27 privacy and 9 ID Management)

  • 184 studies and 3064 articles (grey literature, not proven) on HITPIM from 2008-2012

    • 151 studies ar in privacy

    • 53 studies in ID management

    • 7 themes: Trust, Access/Identity, Control/Consent, Standardization/Interoperability, Security, RIsk, Confidentiality

Some key takeaways:

  • ID management is not addressed in the literature as strongly as privacy. If you are thinking of writing a privacy policy, don’t bother – the report includes all of them, and there are many examples out there.

  • There were no level 1 Gold Standard randomized control studies in the area of HIT. Most were level 4, so it’s tough to extrapolate this research reliably. To recommend additional research in the coming years, we will definitely recommend some randomized control studies of policies and technology.

  • Studies ranged from an N of 2 – over 36,000. The research remains immature. We would welcome recommendations from all of you as to what should be investigated in the future.

Our next steps will be to identify the solutions to meet the gaps for military stakeholders. The first draft of recommendations will be turned into the government November 1st. We welcome your feedback and input as to what future research studies related to health IT privacy would be helpful to you.

Overwhelmed by cloud chaos?
We’re cloud experts, so you don’t have to be.

© 2024 OTAVA® All Rights Reserved