Enforceable Specification of Privacy Peter Mork Jean Stanford CEM IR&D.

Slides:

Advertisements

Similar presentations

National HIT Agenda and HIE John W. Loonsk, M.D. Director of Interoperability and Standards Office of the National Coordinator Department of Health.

Advertisements

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.

A Plan for a Sustainable Community Behavioral Health Information Network Western States Health-e Connection Summit & Trade Show September 10, 2013.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

GPV is a QIC accredited organisation GP Referral.

HEALTH HOMES HEALTH HOMES TECHNOLOGY SIMULATION WORKSHOP Ron HendlerNish Thakker.

Veterans Health Administration Office of Informatics and Analytics Do You See a Non-VA Health Care Provider? VLER Health may benefit you! VLER Health is.

Brave New World: Understanding and Managing Privacy Programs in an E-Health World e-Health Conference 2013: Accelerating Change May 28, 2013, a.m.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

Youth Mental Health April 9, Overview History Current Youth Mental Health Resources – Wraparound Orange Youth Mental Health Proposal Action item.

Project Proposal to IHE: Implementation Guide for Data Segmentation For Privacy (DS4P) over REST Submitted by S&I Framework Data Segmentation for Privacy.

The Patient as Steward of Healthcare Data Managing Consent Preferences John D. Halamka MD Louis Sullivan Lecture.

International Forum - Quality & Safety in Healthcare |1 | An overview of the Guidance points Ethical issues in Patient Safety Research An overview.

Enabling a Medical Home With a Patient Communication Strategy Jeanette Christopher Northwest Primary Care Group, P.C.

16 February, 2003medXchange© 2003 Private & Confidential 1 PATIENT CENTRIC META DATA BASE AND INFORMATION SYSTEM FOR MEDICAL CALL CENTER SUPPORT.

Initial slides for Layered Service Architecture

August 10, 2011 A Leading Provider of Consulting and Systems Engineering Services to Public Health Organizations.

© 2013 The MITRE Corporation. All rights reserved. Systems Engineering: MITRE & SERC Dr. J. Providakes Director, SE Tech Center “The SERC-MITRE Doctoral.

Clinical Management for Behavioral Health Services (CMBHS)

How can I trust the rest of Europe ? Requirements and a possible organisation with regard to epSOS and eHealth Frank Robben General manager eHealth platform.

January 23, 2015 This product is supported by Florida Department of Children and Families Substance Abuse and Mental Health Program Office funding.

By: Dr Alireza Kazemi.  Computer science, the study of complex systems, information and computation using applied mathematics, electrical engineering.

1 Collaboration and Concept Exploration Nationwide Health Information Organization (NHIO) Gateway March 28, 2007.

Chapter 6 – Data Handling and EPR. Electronic Health Record Systems: Government Initiatives and Public/Private Partnerships EHR is systematic collection.

Working with Health IT Systems Introduction & Overview: Components of HIT Systems This material (Comp7_Unit1) was developed by Johns Hopkins University,

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Applying Science to Transform Lives TREATMENT RESEARCH INSTITUTE TRI science addiction Mady Chalk, Ph.D Treatment Research Institute CADPAAC Conference.

Privacy in Healthcare Challenges Associated with Implementing Privacy in an Electronic Health Records Environment John P. Houston, J.D. Vice President,

Privacy and Security Tiger Team Today’s Discussion: Query/Response Scenarios for Health Information Exchange February 21, 2013.

Whose Responsibility is it? Karen Korb TELUS Health Solutions November 24, 2009 Privacy and Confidentiality in the EHR:

Veterans Health Administration Office of Informatics and Analytics Do You See a Non-VA Health Care Provider? The Virtual Lifetime Electronic Record (VLER)

This material was developed by Oregon Health & Science University, funded by the Department of Health and Human Services, Office of the National Coordinator.

Working with HIT Systems

© 2006, The MITRE Corporation Toward a Standard Rule Language for Semantic Enterprise Integration Ms. Suzette Stoutenburg

SPECIAL REPORT with Sina Jahankhani.

Electronic Healthcare Records Acquisition Initiatives William E. Newell Chief, IT Development Division VA Office of Acquisition and Logistics, Technology.

Information Exchange Workgroup Recommendations to HIT Policy Committee October 3, 2012 Micky Tripathi, Larry Garber.

HIPAA and Academic Medical Centers, Colleges and Universities Presented By: Michael L. Blau, Esq.Tina S. Sheldon McDermott, Will & EmeryAssistant Compliance.

Health Insurance portability and Accountability Act (HIPAA)‏

BENEFITS OF ELECTRONIC HEALTH INFORMATION. Health IT Video from HealthIT.gov (Please wait for the video to load and click on the arrow to play)

HIT Policy Committee Meeting Nationwide Health Information Network Governance June 25, 2010 Mary Jo Deering, PhD ONC, Office of Policy and Planning NHIN.

Jan 14, 2009 Presentation to: 2009 ORD Local Accountability for Research Seth Eisen, MD, MSc Director, Health Services Research & Development HSR&D: The.

Testbed A Sun Microsystems PDP Domain A VMSlice Domain B VMSlice Jericho Systems PDP IP Address: xxx.xxx.xxx.xxx Duane’s Laptop IP Address: xxx.xxx.xxx.xxx.

Health Homes: SPA Application Process August 17, :00AM 1.

Board of Directors – March 24, 2016 Denise Mannon, AHFI, CHPC Corporate Compliance Officer.

Health Management Information Systems Health Information Systems Overview Lecture a This material Comp6_Unit2a was developed by Duke University, funded.

Chapter 1 Introduction to Electronic Health Records Copyright © 2011 by Saunders, an imprint of Elsevier Inc.

HIT Standards Committee NwHIN Power Team Dixie Baker, Chair July 20,

Health Management Information Systems Unit 3 Electronic Health Records Component 6/Unit31 Health IT Workforce Curriculum Version 1.0/Fall 2010.

Automating Maintenance of Care Team Relationships from Electronic Health Administrative Data to Decrease Variability of Care Coordination using the Health.

Project AViVA A Web-Based Electronic Health Record Based on Apollo, MDWS, and VistA March 8, 2010 Peter L. Levin Senior Advisor to the Secretary & Chief.

Chapter 15 by Emily B. Barey The Electronic Health Record and Clinical Informatics.

Project Proposal to IHE IHE ITI Representational State Transfer (REST) Transport Implementation Guide for Data Segmentation for Privacy (DS4P) Submitted.

Chapter 3 Legal Issues.

JACKSONVILLE SHERIFF’S OFFICE BODY WORN CAMERA Research Committee

JACKSONVILLE SHERIFF’S OFFICE BODY WORN CAMERA Research Committee

Community Oriented Approach to Population Health

Regional Health Information Exchange: Getting There

Unity Health Information Exchange

Role Based Access Control Update

Recovery Residences - Florida

Omnibus Care Plan (OCP) Care Coordination System

manatt | phelps | phillips

Enforcement and Policy Challenges in Health Information Privacy

A Policy-Based Security Mechanism for Distributed Health Networks

, editor October 8, 2011 DRAFT-D

Objectives Describe the purposes of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 Explore how the HITECH Act.

HLN Consulting, LLC® November 8, 2006

Head of Corporate Governance/ Board Secretary

Presentation transcript:

Enforceable Specification of Privacy Peter Mork Jean Stanford CEM IR&D

© 2011 The MITRE Corporation. All rights reserved Problem  Growing need for Health Information Exchange –Continuity of care –Decreased costs –Public health reporting –Facilitate clinical research  Health Information Exchange requires patient consent: –Paper-based –One form per transaction –Non-transferrable –Signed with limited time to think

© 2011 The MITRE Corporation. All rights reserved Background Paper consent forms prevent seamless health information exchange VA DoD

© 2011 The MITRE Corporation. All rights reserved Objective  Support Meaningful & Granular Patient Consent  Globally Accessible by: –Patients and –Record Holders  Platform Adaptable  Modular Design adapts to: –Technology Changes –Legal Changes

© 2011 The MITRE Corporation. All rights reserved Activities  Developed rules language for consent: –Basic constructs = purpose, topics, datatypes, time, etc. –Two forms of negation –Terminological hierarchies –Reusable knowledge components  Policy reasoner: –Input = Patient preferences + request –Output = Minimized rule tree  Policy enforcement: –Conversion to XACML –Prototype of EHR with XACML engine

© 2011 The MITRE Corporation. All rights reserved Highlight Request Server (e.g., hData) Record Holder Server EHREHR BrowserBrowser Consent Server Consent DB Policy Reasoner Policy Enforcer

© 2011 The MITRE Corporation. All rights reserved Demonstration Allow Direct Care Providers X = Primary Care Provider Referral from X to Recipient Purpose = Treatment Allowed Categories MedicationsAllergies ¬ Mental Health Purpose = Treatment Dr. BlassResearch Purpose = Research Anonymized¬ Imagery ¬ Mental Health Purpose = Emergency ¬ Mental Health Dr. Walsh: Purpose = Treatment Dr. Walsh: Purpose = Treatment (Medications or Allergies) and not Mental Health

© 2011 The MITRE Corporation. All rights reserved Impacts  Sponsor Engagements: –Office of the National Coordinator –Substance Abuse and Mental Health Services Administration –Department of Veteran’s Affairs  Other Engagements: –Healthcare Information and Management Systems Society –GE Healthcare –United Health  Open Source: –

© 2011 The MITRE Corporation. All rights reserved Future Plans Policy Maturity Accepted Practices Inchoate Technical Complexity Low High Preemptory Access Patient Review & Approve Integrate with State Mandates Intelligent Redaction Credential Matching Eliciting Patient Preferences Automated Enforcement Implemented Grand Challenges Under Development Integrate Care Relationships Audit