“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review June 11, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.

Slides:



Advertisements
Similar presentations
PRESENTATION TITLE Name of Presenter Company Affiliation IHE Affiliation.
Advertisements

IHE Profile Proposal: Dynamic Configuration Management October, 2013.
September, 2005What IHE Delivers 1 Karen Witting IBM Cross-Community: Peer- to-Peer sharing of healthcare information.
Extending XDW in Cross-Community Editor: Charles Parisot Notes for the March 19 th, 2013 – ITI Tech Committee.
S&I Framework Testing HL7 V2 Lab Results Interface and RI Pilot Robert Snelick National Institute of Standards and Technology June 23 rd, 2011 Contact:
Electronic Submission of Medical Documentation (esMD) Face to Face Informational Session esMD Requirements, Priorities and Potential Workgroups – 2:00pm.
Interoperability Kevin Schmidt Director, Clinical Network.
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review September 17, 2013 Presented by: David Staggs and Michael Dufel Jericho Systems Corporation.
Direct Implementation Perspective 0 Mark Bamberg, Vice President Research & Development MEDfx.
NHIN Specifications Richard Kernan, NHIN Specification Lead (Contractor), Office of the National Coordinator for Health IT Karen Witting, Contractor to.
NextGen Interoperability – Leading the Charge Presenter – David Venier DISCLAIMER: The views and opinions expressed in this presentation are those of the.
EsMD Harmonization WG Meeting Wednesday, June 13 th, 2012.
Cross Domain Patient Identity Management Eric Heflin Dir of Standards and Interoperability/Medicity.
MiVoice Office v MiVoice Office v6.0 is mainly a service enhancement release, rather than a user feature rich enhancement release.
Electronic Submission of Medical Documentation (esMD) Face to Face Informational Session Charter Discussion – 9:30am – 10:00am October 18, 2011.
Cross Domain Patient Identity Management Eric Heflin Dir of Standards and Interoperability/Medicity.
S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review June 18, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Robert Horn Agfa Healthcare.
Improving the world's health and well-being by unleashing health IT innovation State Initiatives Alesha Adamson VP Strategic Relations & Initiatives Open.
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review July 9, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review July 16, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.
Configuration Management Issues in IHE Asuman Dogac, SRDC, METU, Turkey
What IHE Delivers Security and Privacy Overview & BPPC September 23, Chris Lindop – IHE Australia July 2011.
1.View Description 2.Primary Presentation 3.Element Catalog Elements and Their Properties Relations and Their Properties Element Interfaces Element Behavior.
Cross-Enterprise User Assertion IHE Educational Workshop 2007 Cross-Enterprise User Assertion IHE Educational Workshop 2007 John F. Moehrke GE Healthcare.
CS 493 Project Definition The project assignment is a simplified version of the Integrating Healthcare Enterprise (IHE) Cross-Enterprise Document Sharing.
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review April 9, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.
S&I Public Health * We will start the meeting 3 min after the hour October 7 th, 2014.
OpenPASS Open Privacy, Access and Security Services “Quis custodiet ipsos custodes?”
Finalized Solution Plan July 1 st, Solution Planning Work Group Approach 1. Overlay standards currently in general use per transaction - focus on.
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review April 23, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.
Data Segmentation for Privacy Agenda All-hands Workgroup Meeting May 9, 2012.
February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare.
“Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review April 16, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.
Dynamic Document Sharing Detailed Profile Proposal for 2010 presented to the IT Infrastructure Technical Committee Karen Witting November 10, 2009.
0 Connectathon 2009 Registration Bob Yencha Webinar | August 28, 2008 enabling healthcare interoperability.
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.
Key Issues of Interoperability in eHealth Asuman Dogac, Marco Eichelberg, Tuncay Namli, Ozgur Kilic, Gokce B. Laleci IST RIDE Project.
Implementing the XDS Infrastructure Bill Majurski IT Infrastructure National Institute of Standards and Technology.
Structured Data Capture (SDC) UCR to Standards Crosswalk Analysis July 11, 2013.
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review May 7, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review May 14, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.
Health eDecisions Use Case 2: CDS Guidance Service Strawman of Core Concepts Use Case 2 1.
1 Healthcare Information Technology Standards Panel Care Delivery - IS01 Electronic Health Record (EHR) Laboratory Results Reporting July 6, 2007.
S&I PUBLIC HEALTH REPORTING INITIATIVE: DEVELOPING OF A TEAMING APPROACH S&I Public Health Reporting Initiative Nikolay Lipskiy, MD, DrPH, Co-Lead September,
Cross-Enterprise User Authentication John F. Moehrke GE Healthcare IT Infrastructure Technical Committee.
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review May 21, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Patient Identifier Cross-referencing Charles PARISOT GE Healthcare.
Structured Data Capture (SDC) Gap Mitigation July 18, 2013.
The Patient Choice Project Project Kickoff December 14 th, 2015.
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review June 25, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review June 4, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.
Ongoing/Planned Activities for Week of 4/29 Final UCR Crosswalk due COB 4/30 Hold two working sessions to complete UCR Crosswalk on 4/30 Hold working session.
IHE IT Infrastructure Domain Update Karen Witting – IBM IT Infrastructure Technical Committee co-chair.
September, 2005What IHE Delivers 1 IT Infrastructure Planning Committee Karen Witting – Ready Computing XDS & XCA: On-Demand Documents.
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review May 28, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.
Dynamic/Deferred Document Sharing (D3S) Profile for 2010 presented to the IT Infrastructure Technical Committee Karen Witting February 1, 2010.
Standards Analysis Summary vMR – Pros Designed for computability Compact Wire Format Aligned with HeD Efforts – Cons Limited Vendor Adoption thus far Represents.
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 13, 2013 Presented by: Michael Dufel and David Staggs Jericho Systems Corporation.
Copyright 2007, Information Builders. Slide 1 iWay Web Services and WebFOCUS Consumption Michael Florkowski Information Builders.
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review April 30, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.
Cross Community Access Profile Karen Witting IBM Co-chair ITI technical committee.
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review November 5, 2013 Presented by: David Staggs JD, CISSP Jericho Systems Corporation.
Integrating the Healthcare Enterprise Retrieve Information for Display (RID) Integration Profile Ellie Avraham Kodak Health Imaging IHE IT Infrastructure.
Dynamic/Deferred Document Sharing (D3S) Profile for 2010 presented to the IT Infrastructure Technical Committee Karen Witting February 1, 2010.
IT Infrastructure Plans
Securing the Network Perimeter with ISA 2004
Integrating the Healthcare Enterprise
Presentation transcript:

“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review June 11, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation

206/11/2013 Agenda Administrative issues Updated data flow diagram Functional requirements summary Timeline J-UT Pilot Infrastructure CONNECT 4.1 Demonstration Related Topics Review of relevant standards Questions POA&M

306/11/2013 Pilot Administrivia This pilot is a community led pilot –Limited support provided by the ONC Apurva Dharia (ESAC) Jeanne Burton (Security Risk Solutions) Melissa Springer (HHS) In conjunction with DS4P bi-weekly return of an All Hands meeting Access to DS4P Wiki, teleconference, and calendar Meeting times: Tuesdays 11AM (ET) –Dial In: Access code: URL: d= d=

406/11/2013 Expected Data Flow (updated) Custodian of Data being Provided at  Patient PCD Repository 2 nd Requestor 1 st Requestor   B ,  = Clinical data A,B = PCD data = audit record And Subsequent Custodian of Data being Provided at 

Functional Requirements Summary Precondition Functional Requirements –Document format for establishing authentication exchange * –Document format for exchange of repository account holder and HIO identifiers? (in proxy) * –Document format for clinical data request (NwHIN) Functional Requirements –Document format for requesting consent directive –Document format for returning consent directive –Document format for sending result of decision to consent directive repository Post-Condition Functional Requirements –Document format for exchange of repository location and account holder identifier to 2nd requestors associated with data [based on DS4P IG UC 3 as discussed 30APR2013] * = non-normative 06/11/20135

6 Timeline General Timeline, conditioned on agreement of stakeholders MilestoneTarget DateResponsible Party Kick off and LogisticsApril 2013Jericho Systems Basic InfrastructureJune 2013Members AuthN via RepositoryAugust 2013Members Reporting CapabilityOctober 2013Members CompleteNovember 2013Members

7 CONNECT Infrastructure 06/11/2013 Code “as is” from: Training Tutorials/Webinars:

8 J-UT Notional Architecture 06/11/2013 Initial goal: request/provide patient clinical document.

906/11/2013 Pre-Configured Endpoint J-UT participants may use a pre-configured endpoint (optional) CONNECT 4.1 base functionality CONNECT 4.1 Master Patient Index (MPI) CONNECT 4.1 XDS.b document repository CONNECT 4.1 test scripts Available “as is” as a VM image 8 GB RAM 60GB Available HDD space 1.1 Ghz of available CPU Recommended Requires only configuration file changes and PKI set up Available to any formal member of the pilot

10 Demonstration 06/11/2013

Implementation Current implementation status –Created virtual machines for Custodian and Primary Requestor –Installed CONNECT 4.1 on each –Setup PKI infrastructure –Tested functionality with: CONNECT MPI CONNECT XDS.b 4.1 document repository XCPD / XCA Possible future enhancements: Open connect /11/201311

1206/11/2013 Completing Basic Infrastructure Additional steps required to complete Basic Infrastructure milestone Crosscheck each participant’s gateway Establish network connectivity between pilot participants –Custodian –Primary Requestor Re-Test Establish process for deploying code updates as development commences. Initiate development spirals for reference implementation

1306/11/2013 Additional Steps Provide UI’s to simplify use and demonstration From: CONNECT Universal Client (UC) GUI User Guide

Standard soapUI Test Interfaces 06/11/201314

15 Relevant Standards Standards from last week’s discussion: XCA and/or XDS.b (IHE) XUA (IHE) – IHE profile includes SAML (OASIS) XCPD (IHE) – not fully integrated into DS4P IG ATNA (IHE) – for returned audit of the release decision CDA r2 (HL7) – for PCD location in released clinical document – for format of the directive (includes XACML) XACML (OASIS) – specifically to PCD NwHIN specification ODD (IHE) - On-Demand Documents (Trial) Supplement Note: PCD (HL7) – just updated last WGM, will re-ballot 06/11/2013

DS4P Standards Material Location of DS4P Standards Inventory: Location of DS4P Standards Mapping Issues: xlsx/ /Copy%20of%20DataMappingsIssues% xlsx General Standards Source List: %20Analysis.xlsx/ /General%20SI%20Framework%20Standards%20A nalysis.xlsx Standards Crosswalk Analysis monizationhttp://wiki.siframework.org/Data+Segmentation+for+Privacy+Standards+and+Har monization (at bottom of page, exportable) Implementation Guidance 20Guidance_consensus_v1_0_4.pdf/ /Data%20Segmentation%20Impl ementation%20Guidance_consensus_v1_0_4.pdf 06/11/201316

1706/11/2013 Questions? For example: Can I use my own eHealth Exchange endpoint? Can use actual patient information? (No.)

18 Plan of Action Upon agreement of the participants the POA is: Identify the elements available from previous DS4P pilots Scope level of effort, decide on extended scenario Determine first draft of functional requirements Review standards available for returning information on requests Determine any gaps or extensions required in standards Stand up information holders and requestors Create XDS.b repository holding PCD Identify remaining pieces Document and update IG with results of our experience 06/11/2013

1906/11/2013 DS4P References Use Case: ases ases Implementation Guide: nsensus nsensus Pilots Wiki Page: +Pilots+Sub-Workgroup +Pilots+Sub-Workgroup

2006/11/2013 Backup Slides

Query and Response for Location 06/11/201321

Query and Response PCD 2206/11/2013

2306/11/2013 Expected Data Flow (updated) Custodian of Data being Provided at  Patient PCD Repository 2 nd Requestor 1 st Requestor   B ,  = Clinical data A,B = PCD data = audit record And Subsequent Custodian of Data being Provided at 

2406/11/2013 Expected Data Flow (updated) Custodian of Data being Provided at  Patient PCD Repository 2 nd Requestor 1 st Requestor Clinical exchange #  Clinical exchange #  B ,  = Clinical data A,B = PCD data = audit record And Subsequent Custodian of Data being Provided at  Fetch PCD Send audit

2505/25/2013 Expected Data Flow (1) Custodian of Data being Provided at  Patient PCD Repository 2 nd Requestor 1 st Requestor  ,  = Clinical data A,B = PCD data = audit record

2605/25/2013 Expected Data Flow (2) Custodian of Data being Provided at  Patient PCD Repository 2 nd Requestor 1 st Requestor  ,  = Clinical data A,B = PCD data = audit record

2705/25/2013 Expected Data Flow (3) Custodian of Data being Provided at  Patient PCD Repository 2 nd Requestor 1 st Requestor  B ,  = Clinical data A,B = PCD data = audit record And Subsequent Custodian of Data being Provided at 

2805/25/2013 Expected Data Flow (4) Custodian of Data being Provided at  Patient PCD Repository 2 nd Requestor 1 st Requestor  ,  = Clinical data A,B = PCD data = audit record And Subsequent Custodian of Data being Provided at 

2905/25/2013 Expected Data Flow (5) Custodian of Data being Provided at  Patient PCD Repository 2 nd Requestor 1 st Requestor ,  = Clinical data A,B = PCD data = audit record And Subsequent Custodian of Data being Provided at 

3006/11/2013 Expected Data Flow (updated) Custodian of Data being Provided at  Patient PCD Repository 2 nd Requestor 1 st Requestor   B ,  = Clinical data A,B = PCD data = audit record And Subsequent Custodian of Data being Provided at 

Informative Note: PCDs 05/14/ PCD Format PCD Header PCD Body Structure of the PCD

3205/14/2013 Scope of the Pilot 1. Define the exchange of HL7 CDA-compliant PCD between a PCD repository and a provider evaluating that includes a report on the outcome of the request back to the healthcare consumer. 2. Additional goal: use of identifiers that can uniquely identify the healthcare consumer and PCD repository used to report the outcome of the request back to the healthcare consumer by healthcare consumer’s provider and subsequent EHR custodians. 3. Stretch goal: use of the PCD repository as a proxy allowing direct authentication by the healthcare consumer to the provider, subsequently reducing correlation errors.

3305/14/2013 Secondary Goals of the Pilot Exchange and enforce privacy metadata to ensure proper policy- based disclosure and redisclosure of PHI Accept and display reports from information owners on access control decisions for requests for the patient’s PHI Create a token passing scheme that facilitates secondary use reporting Demonstrate dynamic reporting of access to a patient’s PHI and their ability to change their PCD using their PCD central repository

34 Call for Pilot Team Members 05/14/2013 NameRoleOrganization David StaggsParticipantJericho Systems Corporation Michael FieldParticipantUT Austin HIT Lab

3506/11/2013 Issues from Previous Call 1.Issues inherent in embedding PCD repository information Embedding PCD Repository information in clinical documents Providing a pointer to location is static (even if PCD dynamic) Can we meet goal by embedding query information? 2.Subsequent Custodian of Data should multicast query for PCD Provide broad information, specific to organization Provide unique PCD identifier in clinical document 3.Cover new use cases If PCD not found, multiple PCD found, or new repository 4.Build on previous pilots Most recent PCD, no de-confliction step considered

36 NHIN IHE XCA 06/11/2013 NHIN Query for Documents Web Service Interface Specification XCA Cross Gateway Query transaction [ITI-38] as the protocol for query for documents NHIN Retrieve Documents Web Service Interface Specification XCA Cross Gateway Retrieve transaction [ITI-39] as the protocol for retrieving documents

3706/11/2013 Issues from Previous Call 1.Issues inherent in embedding PCD repository information Embedding PCD Repository information in clinical documents Providing a pointer to location is static (even if PCD dynamic) Can we meet goal by embedding query information? 2.Subsequent Custodian of Data should multicast query for PCD Provide broad information, specific to organization Provide unique PCD identifier in clinical document 3.Cover new use cases If PCD not found, multiple PCD found, or new repository 4.Build on previous pilots Most recent PCD, no de-confliction step considered

3806/11/2013 Running Observations 1.XCA simplifies back-end implementation Although XDS.b is described in IHE documents, not required Many current examples of eHealth Exchange use XCA 2.On-Demand Documents Supplement NHIN has adopted the use of On-Demand Documents Updates XCA to use dynamically created documents Allows registration of content dynamically assembled 3.Audit record from custodian of release decision Previous pilots used unique message ID, not externalized 4.Creation of PCD on demand If PCD has sensitive data, should not give all information

3906/11/2013 PCD Reference Information 1.How a PCD is referenced depends on your environmental assumptions XCA takes care of patient id mappings and lookups of remote service endpoint URLs Using XCA, reference of PCD is by home community ID Using plain XDS.b, reference of PCD is by patient ID and service endpoint URL 2.What is the impact of clinical document exchange architectures?

4006/11/2013 Architecture Differences 1.eHealth Exchange using CONNECT Uses XCA for document queries Communities are connected with a service registry –If you are not in the service registry, you don’t exist Works well when you don’t know who has the information Typically requires MPI, XCA implementation, and a service registry. –Complex and expensive to manage the supporting systems

4106/11/2013 Architecture Differences (cont) 2.DIRECT Uses XDR and XDM instead of XCA. –i.e. either a direct SOAP web service call over HTTPS (XDR) or over S/MIME (XDM) Works great when you are pushing a record to someone you know Requires minimal supporting software and systems 3.Summary What is the appropriate standard for exchanges with the PCD repository: XCA – or – XDR & XDM?

4206/11/2013 PCD Reference Table

Using ATNA Mapping ATNA protocol to use case –ATNA protocol is based on syslog and consists of an XML payload Does the ATNA schema has the required data for our use case for directly interfacing with requesters: 05/14/201343

Gap Analysis Initial gap analysis for discussion: 1.Single PCD can apply to multiple requests (filter PCD?) 2.Discovered XDS.b issues (XUA “participant” issue) 3.Interoperability of current PCD (HL7 PCD structure) 4.Interoperability of current PCD (XACML payload) 5.Gaps in PCD vocabulary (supporting granularity) 6.Returning repository location in the clinical data (extension) 7.Mapping ATNA protocol to use case (sufficient for user story?) Newly added issues: 8.More attributes are required in request to PCD repository 9.XCPD caching issue can result in wrong attributes ‡ 10.Some attributes are missing or conflated 06/11/201344

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.