Point-of-care Identity Management (PCIM)

Slides:



Advertisements
Similar presentations
Red Flag Rules: What they are? & What you need to do
Advertisements

Positive Patient Id and Medical Device Data: Essential Safety Requirements 1.
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
Software Quality Assurance Plan
Identity Theft and Red Flag Rules Training Module The University of Texas at Tyler.
This presentation prepared for Now is the time to initiate the one change that will have the most leverage across your business systems Patient Identity.
Lecture 7 Access Control
Cross Domain Patient Identity Management Eric Heflin Dir of Standards and Interoperability/Medicity.
HIPAA Health Insurance Portability & Accountability Act of 1996.
Cross Domain Patient Identity Management Eric Heflin Dir of Standards and Interoperability/Medicity.
What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin – Medicity/THSA.
Sierra Systems itSMF Development Days Presentation March 4 th, 2014 Colin James Assyst Implementation Specialist.
IHE Profile – SOA Analysis: In Progress Update Brian McIndoe December 6, 2010.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Computer Science and Engineering 1 Service-Oriented Architecture Security 2.
Distributed systems – Part 2  Bluetooth 4 Anila Mjeda.
Privacy and Security Tiger Team Today’s Discussion: Query/Response Scenarios for Health Information Exchange February 21, 2013.
Privacy and Security Tiger Team Today’s Discussion: Query/Response Scenarios for Health Information Exchange March 12, 2013.
IHE Profile – SOA Analysis: In Progress Update Brian McIndoe January 18, 2011.
Cross-Community Patient Identification (XCPI) Brief Profile Proposal for 2009 presented to the IT Infrastructure Technical Committee Karen Witting November.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.
IHE Workshop – February 2007 What IHE Delivers 1 Credits for many slides to: Cynthia A. Levy, Cedara Software IHE Technical Committee Import Reconciliation.
PIX/PDQ – Today and Tomorrow Vassil Peytchev Epic.
ISO 9001:2015 Subject: Quality Management System Clause 8 - Operation
Integrating the Healthcare Enterprise The Integration Profiles: Basic Security Profile.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin - Medicity.
IHE IT Infrastructure Integration Profiles: Adaptation to Cardiology Harry Solomon.
The Quality Gateway Chapter 11. The Quality Gateway.
©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
Dr. Ir. Yeffry Handoko Putra
Finance and Accounts.
Trust Profiling for Adaptive Trust Negotiation
Welcome to M301 P2 Software Systems & their Development
IT Infrastructure Plans
Software Quality Control and Quality Assurance: Introduction
Point-of-Care Identity Management
Chapter 4 – Requirements Engineering
Chapter 4 – Requirements Engineering
Chapter 5 – Requirements Engineering
HOGAN & HARTSON, L.L.P. “Publications” “Health”
The Human Resource Business Process
Patient’s Bill of Rights
IHE Workshop: Displayable Reports (DRPT)
System Directory for Document Sharing (SDDS)
SNS College of Engineering Coimbatore
Patient Medical Records
Network Services Interface
IS442 Information Systems Engineering
Software Requirements analysis & specifications
Redundancy and diverse routing for data exchange
IHE: Integrating the Healthcare Enterprise
Disability Services Agencies Briefing On HIPAA
Maryna Komarova (ENST)
Object Oriented Analysis and Design
Health records and the role of the health sector
D3 Confidentiality.
Identity Verification – ROP Compliance
How does the “Iron Triangle” relate to project management?
CSCE 813 Internet Security Fall 2012
Clemson University Red Flags Rule Training
Enterprise Integration
AUDIT TESTS.
HLN Consulting, LLC® November 8, 2006
Discrepancy Management
Software Development Process Using UML Recap
Project leader: Richard Morton Lead Editor: Jalal Benhayoun
Presentation transcript:

Point-of-care Identity Management (PCIM)

Principle #1 Incorrect association of patient and device data can contribute to improper treatment which can be harmful or fatal to patients.

Principle #2 The design process for any clinical use of device data shall include identification of the means by which correct association of device data with a particular patient will be assured, and a rigorous risk analysis covering the ways correct association can fail and how the risks can be mitigated. 

The risk analysis and design analysis flow from study of the use cases for the total system of systems exchanging information of patient-device associations. As part of this, it is necessary to identify the specific information exchanges that need to exist for systems to communicate about associations between patient identities and device identities in the use cases.

The purpose of the PCIM profile is to specify transactions that meet those needs for identified use cases.

Identity assertion Anybody can say anything about any entity. Within the scope we are looking at, different assertions have different value for establishing a reliable unique identity. There must be criteria for “good enough” There must be mechanisms for resolving conflicts if discrepant association assertions exist in the system of systems

Unique identities and identification factors Within the relevant domain (e.g. hospital, national, worldwide), a unique identifier belongs to no more than one person In some situations, identity is defined or confirmed using more than one attribute if a patient (identification factor), for example, date of birth, name and mother’s maiden name.

Need flexibility in where in the system you create assertions of patient-device association Ex. the device could do the main part of the job (authorized person admits patient to device by barcoding wristband). Some system is used to read barcodes of patient, device, person making the association.

System Issues What is the single source of truth for patient-device associations (if such a thing exists)

Conflict resolution There may be times when inconsistent Patient-Device association assertions exist in the system To what extent can automation help in a particular point in the workflow? But in general when inconsistency detected: then user interface presents information to a person for so that they may resolve the problem

Is there a need to support a device asking what patient it is associated with? Intuitive answer is yes?

Some Transactions Device to Patient Association Assertion Device to Patient Association Query Device to Patient Association Conflict Notification

ID-less data? Is it proper to permit transactions in the system of systems that lack patient demographic data? Possible answer: yes, but not in the enterprise-facing interfaces. That is, that would be dangerous outside a stated boundary, but there is a place for it between components of the system of systems that synthesizes what gets sent to the enterprise

ID-less Devices Some devices have little perceived need and little capability for dealing with patient identity data, but somewhere within the system of systems the association to patient identity must be asserted and verified.

ID-less devices Proposition: it is the ID-less devices that are most in need of identity-management services in order to be patient-safe! Implication: there is a place for ID-less data, just not escaping the bounds of the device-oriented system of systems

Proto-slides…

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.