IBM/HIPAAT press release | May 15, 2008



Privacy management spans local, regional and national boundaries

ARMONK, NY and NAPLES, FL – May 15, 2008IBM (NYSE: IBM) and HIPAAT Inc. (HIPAAT), the leading provider of consent management solutions to the healthcare industry, are joining forces to bring innovative health-information privacy controls to patients and care providers everywhere.

The IBM-HIPAAT collaboration extends patient-driven privacy to Electronic Medical Records (EMRs), Electronic Health Records (EHRs), Personal Health Records (PHRs) and Health Information Exchanges (HIEs). Combined IBM and HIPAAT technologies allow patients to easily specify who is granted access to their personal health information (PHI), what information can be accessed and when. They enable caregivers to implement and enforce patient consent directives, providing “break the glass” access to PHI and EHR data in emergency-care situations, where appropriate.

This commercially-available patient-directed solution is a privacy-based approach to securely controlling PHI access across diverse healthcare applications and settings. When installed in HIE environments as the “consent engine,” Privacy eSuite empowers patients and designated providers to create and record privacy directives. The software then evaluates a provider’s authorization to access a patient’s PHI based on such directives. With the combined offerings, a patient can restrict a particular clinician from accessing PHI, even if that clinician – based on medical role – would typically be granted such access. All access requests are recorded and an audit trail is created.

"The ability to share electronic health information nationwide is transforming the industry by placing increased control of healthcare delivery squarely where it belongs: in the hands of patients themselves,” said Ivo Nelson, Vice President, IBM Healthcare Provider. “Our work with HIPAAT will ensure that, as the use of electronic health data proliferates and improves healthcare services and results, patients themselves will be able to ensure their own health-information privacy as the true custodians of access to such highly personal information.”

IBM and HIPAAT are integrating HIPAAT’s Privacy eSuite software – based on Service Oriented Architecture (SOA) -- with IBM’s SOA Foundation for joint projects. The IBM SOA Foundation supports IBM's global healthcare strategy, which is based on the adoption of an asset-based, interoperable SOA approach and the use of open standards and standards-based EHRs to ensure secure and private exchanges of records between authorized healthcare services and benefits organizations.

To achieve these goals, IBM is currently working with partners and clients within the healthcare industry to make information delivery and related business processes more patient-centric. One important initiative currently benefiting from the IBM-HIPAAT collaboration is the Nationwide Health Information Network (NHIN) Trial Implementation now under development by the North Carolina Healthcare Information and Communications Alliance, Inc. (NCHICA). This initiative gives patients and providers transparent access to Privacy eSuite’s privacy controls across the broad spectrum of applications enabled by the SOA Foundation.

“The IBM-HIPAAT technology will provide NCHICA members and NHIN participants an opportunity to exercise more control over their sensitive health information,” said Holt Anderson, NCHICA Executive Director. “This is a capability the public has demanded.” NCHICA was established as a non-profit in 1994 by Executive Order of Governor James B. Hunt, Jr. to “improve health and care by accelerating the adoption of information technology and enabling policies.”

IBM’s SOA strategy incorporates aspects of several industry-leading product portfolios including IBM WebSphere, Lotus, Tivoli, Rational and Information Management and is a critical component of IBM’s Information on Demand initiative. These portfolios have been further strengthened by a series of key acquisitions such as Cognos, ISS and Watchfire.

For example, Privacy eSuite’s capabilities extend IBM’s Tivoli identity and access management security offerings, thereby ensuring information protection in multiple healthcare-delivery settings and situations.

“Patients understand that it is beneficial for caregivers to share their health information electronically, but those informed of their rights want to control the conditions of access,” said Terry Callahan, HIPAAT Managing Director. “Some patients will avoid participating in EHR programs or provider portals if they aren't given the capability to restrict access to their PHI, which could negatively affect their care and put them in harm’s way. Our collaboration with IBM provides the industry with a forward-thinking, patient-centric consent management solution that benefits both patients and providers.”

About IBM
For more information on IBM, visit

HIPAAT provides patient-centric consent management solutions to the healthcare industry. Our interoperable, scalable web services approach – with software that aggregates patient privacy directives and organizational / jurisdictional policies – enables privacy-sensitive access control to PHI across healthcare organizations and regions. For more information, visit

Media contacts:    

For IBM:
Gina Jesberg
IBM Public Relations
Direct: (203) 445-1545
Mobile: (203) 545-3186

Christine Callahan
HIPAAT Corporate Relations
Direct: (905) 891-8540

Release date: May 15, 2008