Download: docx | pdf

Healthcare Facilities Granting State Health Departments Access to Electronic Health Record Data during a Healthcare-Associated Infection Outbreak: A Retrospective Assessment

New Information Collection Request

OMB No. XX

Part A

Submitted: February 19, 2015

Program Officials/Project Officers

Elizabeth Mothershed, Deputy Director for Policy (Acting)

Centers for Disease Control and Prevention

Division of Healthcare Quality and Promotion

1600 Clifton Rd, Mailstop A07, Atlanta, GA 30333

Phone: 404-639-4780

Email: [email protected]

Fax: 404-639-4043

Matthew Penn, Director, Public Health Law Program

Centers for Disease Control and Prevention

Office for State, Tribal, Local and Territorial Support

2500 Century Center Boulevard, Mailstop, E70, Atlanta, GA 30345

Phone: 404-498-0452

Email:[email protected]

Fax: 404-498-6882

Laura Conn, Lead, Health Information Technology Strategy Unit

Centers for Disease Control and Prevention

Office of Public Health Scientific Services

2500 Century Center Boulevard, Mailstop, E97, Atlanta, GA 30345

Phone: 404-498-0971

Email:[email protected]

Fax: 404-498-6235

Project Goals and Use	To assess healthcare facilities’, hospitals and clinics, experience granting HDs EHR access during a healthcare-associated infection (HAI) outbreak. This work builds on phase I (OMB 0920-0879) of this project: “State Health Department Access to Electronic Health Record Data during an Outbreak: A Retrospective Assessment” , which examined the health departments’ (HDs) experience requesting and getting access to electronic health records (EHRs) in healthcare facilities’ in their jurisdiction. Responses from healthcare facilities will be used to help the project team build a report and toolkit that will help state HDs address the needs and perspective of the healthcare facilities’ when requesting EHR access.
Design	This assessment will use a qualitative description assessment design.
Population	State Sample (Same states also used in Phase I)	Florida Indiana Kansas Maryland Michigan Minnesota North Caroline New Hampshire		New Jersey New York Ohio Oregon Tennessee Texas Virginia
	Healthcare Facilities’	2 Hospitals per state	2 Clinics per state
	Role in State Health Department	Epidemiologist
	Roles in Healthcare facilities’	Infection Preventionist Informatics Director Other as referred (privacy officer, risk management, etc.)	Clinic Manager, Other as referred (patient records manager, etc.)
Procedure	15 state HD epidemiologists will help identify the healthcare facilities involved in the HAI fungal meningitis outbreak in their state. Then, 150 participants will be interviewed for 30 minutes each on the phone, using an interview guide, to assess HD EHR access in healthcare facilities’ by using questions that address concepts such as authority, capacity, security, privacy, relationships, and sustainability.
Project Output	The report and toolkit will be distributed to states, including but not limited to HDs and healthcare facilities’, to support awareness of best practices, barriers, and policies to help spur and strengthen relationships between public health and clinical care in an effort to facilitate quick and efficient identification of cases during outbreak investigations, and to ensure the health and safety of patients.

This is a new request for OMB approval of a new data collection for the Centers for Disease Control and Prevention (CDC) for 1 year.

1. Justification

1. Circumstances Making the Collection of Information Necessary

Background

Two years ago, contaminated steroid injections caused the largest fungal meningitis outbreak in the United States, affecting 20 states and resulting in 751 infections and 64 deaths. The subsequent healthcare-associated infection (HAI) outbreak response required significant collaboration between healthcare providers and facilities and public health departments (HDs). Following the outbreak response, HDs reported that various challenges with access to patient health information in electronic health records (EHRs) hindered the efficient and rapid identification of potential fungal meningitis cases in healthcare facilities. These facilities included pain clinics, surgery centers, ambulatory care facilities, and other clinics, where patients primarily received contaminated injections, and hospitals in which patients received treatment for the resulting meningitis. As of this submission, we are unaware of any published reports describing healthcare facilities staff perspective on these issues; however, two reports have focused on the HD experiences when seeking access to EHRs from healthcare facilities.

The documents examining HD experiences on this topic include an after-action presentation by HD officials¹ and the Public Health’s Direct Access to Hospital Electronic Medical Records ASTHO Report,² both of which cited challenges that HDs faced in obtaining access to EHRs from healthcare facilities. In particular, HDs that requested access to EHRs from healthcare facilities identified the following barriers to their ability to access EHRs during a public health emergency: (1) capacity to access EHRs; (2) relationships with healthcare facilities; (3) sustainability of agreements; and (4) perceptions of privacy requirements and data security. These concerns are summarized below.

First, HDs’ capacity for EHR access and use varied widely across jurisdictions and healthcare facilities. Even when HD officials were granted access to EHRs in facilities, the manner of gaining access and ability of HDs to retrieve information was not consistent across facilities.^{1, 2, 3} Access was provided either on-site at the healthcare facility or remotely. Some hospitals granted HDs on-site EHR access for a single location, whereas potential patients may have sought treatment across a hospital system. Clinics were often not part of either a hospital or a healthcare system, so HD officials had to visit individual sites daily to access EHRs, spending time and resources that were very valuable during the outbreak response. HDs with remote access could access multiple healthcare facilities within a healthcare system from within their network. However, EHR systems created and tailored for unique clinical needs differed functionally across facilities, further complicating the HD’s ability to identify potential cases quickly and efficiently. HD officials may have also lacked the knowledge, skills, and training to use different EHR systems and technologies, making the retrieval and analysis of patient information “labor-intensive.”^1,2,3 Additionally, HDs’ capability to query an EHR system for a specific symptom or procedure related to the HAI fungal meningitis outbreak proved challenging and, in some cases, impossible because healthcare facility staff were unaware of the full range of capabilities of their EHR system.^{1, 2, 3} Therefore, HDs often resorted to manually creating external data collection systems and instruments to cull vital information from patient records.

Second, while HDs maintain relationships with healthcare facilities for public health surveillance needs and requirements, they may not have approached healthcare facilities with questions about EHR access during an HAI outbreak.³ Because EHRs are a relatively recent technology for many facilities, EHR adoption has been uneven and coordination of clinical care and public health may not be a priority. Those adopting EHR technology may have done so because of incentives provided under the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009,⁵ which is clinically centered.⁸ However, requirements for EHR access and use by HDs may not have been formalized by healthcare facilities prior to the outbreak.²

Third, HDs and healthcare facilities were forced to make short-term agreements about EHR access and use during the fungal meningitis outbreak, whether or not they had a pre-existing relationship. ^{1, 2, 3} Because these agreements were created during a specific outbreak they were often made in rapid fashion the applicability and sustainability of the agreements may not have been considered.³ Many agreements have expired³ and many HDs have not renewed them across facilities due to limited resources. HDs and facilities therefore have reverted back to a relationship defined by traditional practices involving disease reporting and surveillance.³

Finally, perceptions of privacy and security remain a challenge for HDs.^1,2,3 The HITECH Act, state laws, and individual healthcare facility policies create numerous security and privacy requirements for EHR implementation. During the fungal meningitis outbreak, many healthcare facilities and HDs lacked uniform understanding of the guidance federal and state laws provide related to patient privacy and EHRs, particularly related to the Health Insurance Portability and Accountability Act of 1996 (HIPAA).⁴ Even though HIPAA allows HDs to access health records for disease investigation purposes, some facilities delayed granting HDs access to their EHR systems, or initially denied access altogether, due to privacy concerns.^{1, 2, 3} Recent breaches of EHR security and the fear of financial and legal repercussions also could have complicated healthcare facilities’ willingness to grant HDs EHR access.^{6, 7}

The fungal meningitis outbreak experience highlights the need to better address the landscape of granting and using access to EHRs for outbreak investigations. This assessment, “State Health Department Access to Electronic Health Record Data during an Outbreak: A Retrospective Assessment” examines stakeholder perspectives in granting and using access to EHRs in outbreak settings. An initial data collection (Phase I OMB 0920-0879) of this assessment examined HD experiences, and this data collection (Phase II) seeks to assess healthcare facility experiences. Together, the results will provide a complete picture of the barriers to HDs’ access to EHRs from healthcare facilities during a public health emergency and inform tools to support the response of HAI outbreaks in states.

CDC is authorized to collect this information by Section 301 of the Public Health Service Act (42 U.S.C. 241) (Appendix A).

2. Purpose and Use of the Information Collection

The purpose of this request is twofold:

1. To assess healthcare facilities’, hospitals’ and clinics’, experiences granting HDs EHR access during a healthcare-associated infection (HAI) outbreak with a focus on the 2012 fungal meningitis outbreak. This work builds on phase I (OMB 0920-0879) of this project: “State Health Department Access to Electronic Health Record Data during an Outbreak: A Retrospective Assessment” , which examined the health departments’ (HDs) experience requesting and getting access to electronic health records (EHRs) in healthcare facilities in their jurisdiction. Existing data sources do not include the information that is necessary to assess these objectives; therefore, it is necessary to collect this information prospectively. Responses from healthcare facilities will be used to help the project team build a report and toolkit that will help state HDs address the needs and perspectives of the healthcare facilities when requesting EHR access.

2. Responses from healthcare facilities will be used to help the project team build a report and toolkit that will help state HDs address the needs and perspective of the healthcare facilities’ when requesting EHR access. The toolkit and report will help state HDs address the perspectives and needs of the healthcare facilities related to EHR access. The toolkit will provide perceived barriers, recommendations to overcome those barriers, best practices that support EHR access, and practical tools such as templates, memorandums of understanding (MOUs), or policies. The toolkit will be distributed in states to HDs, healthcare facilities, and other stakeholders to support awareness and strengthen relationships between public health and clinical care. These activities will support quick and efficient identification of cases in HAI outbreaks and protect the health and safety of patients.

3. Use of Improved Information Technology and Burden Reduction

Data will be collected using telephone interviews with the support of an interview guide for each of the different roles being interviewed. Telephone interviews were chosen for the following reasons.

1. No identified studies have asked healthcare facility staff about their perspective on HDs’ EHR access. This collection of individuals’ experiences in their own words will be foundational to developing the toolkit.

2. This assessment, “State Health Department Access to Electronic Health Record Data during an Outbreak: A Retrospective Assessment” examines stakeholder perspectives in granting and using access to EHRs in outbreak settings, and together, the results will provide a complete picture of the barriers to HDs’ access to EHRs from healthcare facilities during a public health emergency and inform tools to support the response of HAI outbreaks in states.

3. A survey would not provide an in-depth assessment of the nuanced challenges healthcare facilities faced when granting HDs access to EHRs during an outbreak. EHR access is likely dependent on a number of complex factors that include, but are not limited to:

1. Authority. Do healthcare facilities question the HDs authority to access EHRs? These challenges are unique for each state or facility, such as state laws, agreements, policies, and interpretations.

2. Relationship. How does the relationship between the HD and healthcare facilities impact EHR access? Challenges could include the following: state laws that grant the HD authority to access EHRs, but affect its working relationship with facilities; written agreements; and the history of the institutions involved.

3. Capacity. Do healthcare facilities have the ability to grant the HD EHR access? Capacity challenges could include the following: the manner of access (on-site, remote, or other); software compatibilities; policies; and the knowledge, skills, and abilities of HD personnel related to information technology. These factors could be unique to each facility included in the in the assessment.

4. Privacy and Security. How do perceptions of privacy laws and data security affect the healthcare facilities’ decisions to grant the HD access to EHRs? Privacy-related concerns could include perceptions of existing federal laws such as HIPAA, other state laws, and healthcare facilities’ policies. Security-related concerns could include breaches of policies and resulting interpretations within healthcare facilities and the HD.

Because of the complex and nuanced factors affecting EHR access (authority, relationships, capacity, and privacy and security) it is important the interviews be tailored to each individual interviewee ; therefore, interviews are be the best method of data collection and will help assess the challenges healthcare facilities face when granting EHR access to HDs.

4. Efforts to Identify Duplication and Use of Similar Information
   
   

Existing data sources do not include the information that is necessary to assess the project objectives. We are aware of two reports^1,2 focused on the HD experiences when seeking access to EHRs from healthcare facilities; however as of this submission, we are unaware of any published reports describing healthcare facilities staff perspectives on this issue. Healthcare facility experiences will differ from HD experiences due to their specific regulatory obligations, internal policies, and focus on treatment and individualized care. Because of these differences, healthcare facilities may face unique barriers, identify different methods to overcome those barriers, and employ different best practices and policies that support EHR access for HDs. Addressing these perspectives and needs will provide results for HDs to identify opportunities to support, engage, and collaborate with facilities during HAI outbreaks to promote the common goal of patient safety and health.

5. Impact on Small Businesses or Other Small Entities

Small healthcare facilities, including small hospitals and clinics, may voluntarily participate in the telephone interviews. We anticipate that most of the facilities selected for participation will agree to participate because: (1) HAI elimination is a major goal of all U.S. healthcare institutions; and (2) the magnitude and immediate issues of the fungal meningitis outbreak in small healthcare facilities highlighted significant challenges around HD EHR access that has yet to be assessed. The data collection burden for small healthcare facilities that choose to participate will be minimized as much as possible.

6. Consequences of Collecting the Information Less Frequently

This request is for a one-time data collection to assess healthcare facilities’, hospitals’ and clinics’ experiences granting EHR access to HDs during an HAI outbreak, with a focus on the 2012 fungal meningitis outbreak. Existing data sources do not include the information that is necessary to assess these objectives; therefore, it is necessary to collect this information prospectively. This work builds on phase I (OMB 0920-0879) of this project: “State Health Department Access to Electronic Health Record Data during an Outbreak: A Retrospective Assessment” , which examined the health departments’ (HDs) experience requesting and getting access to electronic health records (EHRs) in healthcare facilities’ in their jurisdiction. Responses from healthcare facilities will be used to help the project team build a report and toolkit that will help state HDs address the needs and perspective of the healthcare facilities’ when requesting EHR access.

7. Special Circumstances Relating to the Guidelines of 5 CFR 1320.5

There are no special circumstances with this information collection package. This request fully complies with the regulation 5 CFR 1320.5.

8. A. Comments in Response to the Federal Register Notice

A Federal Register Notice was published on December 2, 2014, Vol. 79, No. 231, Page 71429 (see Appendix B). One non-substantive comment was received (see attachment M) from the public and a response was sent.

8. B. Efforts to Consult Outside the Agency

A group of expert external stakeholders reviewed the design, methodology, and sample for this assessment during an hour-long conference call. These experts included state epidemiologists, state healthcare-associated infection coordinators, informatics specialists, HD legal counsel, and representatives from Consumers Union, Society of Healthcare Epidemiology of America (SHEA), and the Association for Professionals in Infection Control and Epidemiology (APIC). Feedback from these expert stakeholders was used to refine the sampling plan, interview guide questions, and interview guide probes for all participants.

8. Explanation of Any Payment or Gift to Respondents

CDC will not provide payments or gifts to respondents.

8. Assurance of Confidentiality Provided to Respondents

This submission has been reviewed by the CDC National Center for Emerging and Zoonotic Infectious Diseases (NCEZID), which determined that the Privacy Act does not apply.

This data collection was determined non-research by CDC, therefore an IRB review is not required (Appendix F.)

10.1 Privacy Impact Assessment Information

The Keystone Center, an external contractor, will collect data from 15 state HD epidemiologists through email identifying the healthcare facilities involved in the HAI fungal meningitis outbreak in their state. Following the collection of that information, the Keystone Center will collect data through telephone interviews with 150 healthcare facility employees in the following roles: Infection Preventionists (n=30), Clinic Directors (n=30), or other roles as referred (n=30), and Informatics Directors (n=30) or other roles as referred (n=30). All identifiable information will be stored in a secure location. Phone interviews will be recorded, and transcribed verbatim using a professional transcription company. All final transcriptions will be de-identified and reviewed alongside the audio recordings to ensure accuracy. Data will be shared using secure modes of transmission. Because voices are personally identifiable, audio files will be destroyed once the transcript is deemed accurate. All data will be reported at the state level to help ensure participant privacy.

8. Justification for Sensitive Questions

No information will be collected that are of a personal or sensitive nature.

8. Estimate of Annualized Burden Hours and Costs

The estimated burden hours being requested for this one-time OMB request is 90 hours, at a cost of $3,844.50. The estimate for burden hours is based on interviews conducted in Phase I (OMB 0920-0879). Phase I interviews with HAI coordinators, state epidemiologists, HD legal counsel, and informatics directors took on average 27 minutes, including time for reading the invitation, reviewing instructions, and consent. Since we are using an edited version of the same interview guides with infection preventionists, clinic directors, and others as referred (for example, privacy officers, risk management specialists, or patient records managers who are staff at the healthcare facility included in the sample), as well as informatics directors and others as referred, we estimate the same amount of time will be needed for each interview. For the purposes of estimate burden hours, the 30-minute upper limit is used.

We will be requesting participation from the HD epidemiologist and hospital and clinic staff in their official capacities across 15 states. The states chosen for Phase I (OMB 0920-0879) and Phase II data collections are: Florida, Indiana, Kansas, Maryland, Michigan, Minnesota, New Hampshire, New Jersey, New York, North Carolina, Ohio, Oregon, Tennessee, Texas, and Virginia. These states were chosen based on four criteria: 1) case count during the fungal meningitis outbreak; 2) experience with other outbreaks, 3) existing state or local laws related to EHRs, and 4) demonstrated leadership in EHR and health information exchange (HIE) implementation, shown by research, publications, and active engagement in national health information technology organizations.

Data will be collected one-time from15 HD epidemiologists and 150 hospital and clinic staff in their official capacities using telephone interviews, limiting interviews to two hospitals and two clinics per state. HD epidemiologist will help identify the hospitals and clinics involved in the HAI fungal meningitis outbreak. Hospital participants include: infection preventionists, informatics directors, and others as referred. Clinic participants include: clinic directors and others as referred. Due to the variations in staff roles and titles in hospitals and clinics, this data collection builds a category for “others as referred” to include other important perspectives supporting HDs EHR access during an outbreak (for example, privacy officers, risk management specialists, patient records managers, and others).

Two staff roles were identified for interviews, one clinically-oriented and the other information technology-oriented, with corresponding interview guides (Appendix D for hospital infection preventionists or clinical directors or others as referred and Appendix E for informatics directors). Similar interview guides were used during phase I (OMB 0920-0879), which helped to refine the questions, probes, and estimated burden hours for this proposed data collection. There are six overarching questions and related probes that focus questions to the role interviewed. The probes, specific to the role interviewed, serve as a guide for the interviewer should they need support and to ensure all project objectives are being collected; therefore, not all of the probes will be used in every interview. For example, question two asks interviewees: “What has been your experience with the health department requesting, accessing, and using electronic health records in your healthcare facility?” The following list demonstrates how different probes will be used by the interviewer for the different roles to support the interview with the above question.

• Infection preventionists, clinic directors, and others as referred (such as privacy officers, risk management specialists, or patient records managers) were likely the first point of contact in the healthcare facility. The probes for this role focus on:

  • the interviewee’s role in providing the HD EHR access;

  • the manner of EHR access that the HD requested, needed, and received (on-site, remote, or other);

  • any differences across facilities;

  • factors that facilitated or hindered EHR access during the investigation; and

  • the facility’s relationship with the HD before, during, and after granting EHR access

• Informatics Directors and others as referred were likely to be involved in the technological aspects of EHR access. The probes for this role focus on:

  • technological expertise they provided to HDs;

  • any differences across facilities; and

  • experiences with different kinds of access (on-site, remote, or other) and technological barriers.

1. Estimated Annualized Burden Hours to Respondents

Type of Respondent	Form Name	No. of Respondents	No. of Responses per Respondent	Average Burden per Response (in hours)	Total Burden Hours
HD Epidemiologist	Appendix G	15	1	60/60	15
Infection Preventionist	Appendix D	30	1	30/60	15
Informatics Director	Appendix E	30	1		15
Other as referred by Infection Preventionist or Informatics Director (for example, privacy officer or risk management specialist)	Appendix D	30	1		15
Clinic Director	Appendix D	30	1		15
Other as referred by Clinic Director (for example, patient records manager)	Appendix D	30	1		15
Totals		165	1		90

Estimates for the average hourly wage for respondents are based on the U.S. Department of Labor Bureau (DOL) of Labor Statistics May 2013 National Occupational Employment and Wage Estimates (http://www.bls.gov/oes/current/oes_nat.htm). Based on DOL data, average hourly wage varies depending on the official role we are interviewing. The table below shows estimated burden information for each of the roles in our sample.

2. Estimated Annualized Cost

Type of Respondent	No. of Respondents	Total Burden Hours	Hourly Wage Rate	Total Respondent Costs
HD Epidemiologist	15	15	$22.34	$355.10
Infection Preventionist	30	15	$31.89	$478.35
Informatics Director	30	15	$59.59	$893.85
Other as referred by Infection Preventionist or Informatics Director (for example, privacy officer or risk management specialist)	30	15	$32.10	$481.50
Clinic Director	30	15	$92.25	$1,383.75
Other as referred by Clinic Director (for example, patient records manager)	30	15	$18.13	$271.95
Totals	165	90		$3,844.50

8. Estimates of Other Total Annual Cost Burden to Respondents or Record Keepers

There will be no direct costs to the respondents other than the time it takes to participate in an interview.

8. Annualized Costs to the Government

The estimated one-time cost to the federal government is $161,342.50 as described in the table below. There are no equipment or overhead costs. The only cost to the federal government would be the salary of the supporting CDC staff and the external contractor.

Estimated Annualized Cost to the Federal Government

Staff (FTE)	Average Hours per Collection	Average Hourly Rate	Average Cost
Associate Director for Policy (Acting) (GS14) Primary support in the revision of interview instruments, review of the OMB package preparation, and support in data analysis, and report preparation	100	$48.41	$4,841.00
Associate Director for Behavioral Science (GS14) Primary support in the revision of interview instruments, review of the OMB package preparation and support data review, and report preparation	100	$74.77	$7,477.00
Director of Public Health Law (GS15) Support the revision of interview instruments, review OMB package preparation, data review, and report preparation	10	$63.27	$632.70
Public Health Analyst (GS13) Support the revision of interview instruments, OMB package preparation, data review, and report preparation	20	$41.38	$827.60
Health Information Technology Strategy Unit Lead (GS15) Support the revision of interview instruments, review OMB package preparation, data review, and report preparation.	10	$57.52	$575.20
Health Scientist, Informatics (GS14) Data review and report preparation.	10	$48.90	$489.00
Association of State and Territorial Health Officials (ASTHO), grantee	250	$274	$68,500.00
External Contractor (The Keystone Center), which supports revisions of interview instruments for OMB data collection and data collection, data analysis, and report preparation.	500	$156.00	$78,000.00
Estimated Total Cost of Information Collection			$161,342.50		.50

8. Explanation for Program Changes or Adjustments

This is a new data collection.

8. Plans for Tabulation and Publication and Project Time Schedule

A summary of this timeline after OMB approval is received is provided below:

Project Time Schedule	Weeks after OMB Approval
Edit interview guides	Completed
Develop interview guide protocol, instructions, and analysis plan	Completed
Pilot test interview guides	Completed
Prepare OMB package	Completed
Prepare IRB package	Completed
Submit IRB package	Completed
Submit OMB package	In Process
OMB approval	TBD
Email Announcing Project	1
Emails sent to potential Participants, scheduling dates for interview, reminder email, and practice interviews with contractor	3
Conduct Interviews	7
Collect, code, enter, quality control, and analyze data	15
Prepare report/Toolkit	19
Disseminate results/publication of findings	22

8. Reason(s) Display of OMB Expiration Date is Inappropriate

We are requesting no exemption.

8. Exceptions to Certification for Paperwork Reduction Act Submissions

There are no exceptions to the certification. These activities comply with the requirements in 5 CFR 1320.9.

References

1. Hamilton JJ (2013). Public Health Data and Informatics Needs during the Fungal Meningitis Outbreak. [PowerPoint slides]. Retrieved from http://www.amia.org/sites/amia.org/files/PHIWG-Meningitis-WebinarSlides.pdf

2. Association of State, and Territorial Health Officials. Public Health’s Direct Access to Hospital Electronic Medical Records: Benefits and Barriers. Published December, 2013.

3. Centers for Disease Control and Prevention. State Health Department Access to Electronic Health Record Data during an Outbreak: A Retrospective Assessment Preliminary Summary Report. (unpublished data, 2014)

4. Department of Health and Human Services (1996). Health and Insurance Portability and Accountability Act (HIPAA). Retrieved from http://www.hhs.gov/ocr/privacy/

5. Health IT (2009). HITECH ACT. Retrieved from http://www.healthit.gov/policy-researchers-implementers/hitech-act

6. Shultz, D (2012). As Patients’ Records Go Digital, Theft and Hacking Problems Grow. Retrieved from http://www.kaiserhealthnews.org/Stories/2012/June/04/electronic-health-records-theft-hacking.aspx

7. Health and Human Services (2013). Idaho State University Settles HIPAA Security Case for $400,000. Retrieved from 20http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/isu-agreement-press-release.html.html13

8. Kakafka R, Ancker JS, Chan C, Chelico J, Khan S, Mortoti S, Natarajan K, Presley K, Stephens K Redesigning electronic health record systems to support public health. J Biomed Inform. 2007 Aug; 40(4): 398-409.

LIST OF ATTACHMENTS –Section A

Appendix A: Section 301 of the Public Health Service Act (42 U.S.C. 241); Authorizing Legislation

Appendix B: 60 Day Federal Register Notice

Appendix C: Phase I(OMB 0920-0879) Summary Report

Appendix D: Telephone Interview Guide for Infection Preventionist and Clinics Directors, or other as Defined

Appendix E Telephone Interview Guide Informatics Directors

Appendix F: CDC IRB Letter of Determination

Appendix G: Emails to Health Department Point of Contact for Healthcare Facilities

Appendix H: Email to Healthcare Facility Point of Contact

Appendix I: Email to Clinic Directors

Appendix J: Individual Email to Infection Preventionist, Health Informatics Director, other as referred Clinic Director or Other as referred by Clinic Director, other as referred

Appendix K-Email reminder to All Participants

Appendix L-Thank you Email to All Participants

Appendix M-60 Day FRN Comment

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
Author	CDC User
File Modified	0000-00-00
File Created	2021-01-25