The Patient as Steward of Healthcare Data Managing Consent Preferences John D. Halamka MD Louis Sullivan Lecture.

Slides:

Advertisements

Similar presentations

Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.

Advertisements

A Plan for a Sustainable Community Behavioral Health Information Network Western States Health-e Connection Summit & Trade Show September 10, 2013.

Chapter 11 by Dee McGonigle, Kathleen Mastrian, and Nedra Farcus

HEALTH HOMES HEALTH HOMES TECHNOLOGY SIMULATION WORKSHOP Ron HendlerNish Thakker.

SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.

Enforceable Specification of Privacy Peter Mork Jean Stanford CEM IR&D.

Massachusetts: Transforming the Healthcare Economy John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.

A Primer on Healthcare Information Exchange John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.

Inter-institutional Data Sharing, Standards and Legal Arthur Davidson, MD, MSPH Agency for Healthcare Research and Quality, Washington, DC June 9, 2005.

Consumer Privacy using HITSP TP30 John Moehrke – GE Healthcare Co-Chair HITSP Security/Privacy/Infrastructure Co-Chair HL7 Security Workgroup Member IHE.

NewYork-Presbyterian System SelectHealth – an HIV Special Needs Plan (SNP) The Challenge people living with HIV and receiving care from a multitude.

Working Session 4: Quality and Efficiency Expanding the Use of Healthcare IT: The United States Initiative and the Development of Healthcare IT in Japan.

The Final Standards Rule John D. Halamka MD. Categories of Standards Content Vocabulary Privacy/Security.

HIE Implementation in Michigan for Improved Health As approved by the Michigan Health Information Technology Commission on March 4, 2009.

Clinician or proxy Public Health Patient or proxy Business Actors Sys Admin Outside Systems Clinical Results Source Systems Registration Systems Claims.

Florida HIE Overview Child Development Screening Task Force March 23, 2012.

© 2010 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

1 Health Information Security and Privacy Collaboration (HISPC) National Conference HISPC Contributions to Massachusetts HIE Privacy and Security Progress:

HITSP’s Scope  The Panel’s mission is to assist in the development of a Nationwide Health Information Network (NHIN) by addressing the standards-related.

Medical Law and Ethics Lesson 4: Medical Ethics

Update on Federal HIT Legislation Kirsten Beronio Mental Health America.

MA-SHARE MedsInfo-ED Engaging Community Leaders: Developing a Plan and Strategy for the MedsInfo-ED Project A patient safety initiative to automate communication.

1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.

Public Health Data Standards Consortium

OpenPASS Open Privacy, Access and Security Services “Quis custodiet ipsos custodes?”

Beyond the EMR – Exchanging Health Information Outside of Your Organization John W. Loonsk, MD, FACMI Office of the National Coordinator for Health Information.

Chapter 2 Standards for Electronic Health Records McGraw-Hill/Irwin Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved.

Interoperability Framework Overview Health Information Technology (HIT) Standards Committee June 24, 2010 Presented by: Douglas Fridsma, MD, PhD Acting.

THINC RHIO, Inc. Connecting Communities Learning ForumApril 9-11, 2006 Taconic Health Information Network & Community Fundamentals of Securing Upfront.

Organizational and Legal Issues -- Developing organization and governance models for HIE Day 2 -Track 5 – SECOND SESSION – PRIVACY AND SECURITY CONNECTING.

Bi-monthly call with NDIIC Joining Prepared for:SAMHSA – OBHITA Team Prepared by:Tony Calice FEI Systems FEI Systems Inc. Copyright All Rights.

0 Connectathon 2009 Registration Bob Yencha Webinar | August 28, 2008 enabling healthcare interoperability.

Hurdles and Solutions for the Interoperable EHR John W, Loonsk, MD FACMI Chief Medical Officer CGI.

Community Connectivity The MA Experience John D. Halamka MD CIO, Harvard Medical School CIO, CareGroup Chairman, NEHEN.

Achieving Meaningful Use Quality Measures John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.

HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.

The HIT Symposium at the Massachusetts Institute of TechnologyJuly 19, 2006 THINC A case study A. John Blair, III, MD President and Chief Executive Officer.

Knowledge Services and the Role of Medical Libraries in Health Care Information Technology John D. Halamka MD 2010 Leiter Lecture.

September, 2005Cardio - June 2007 IHE for Regional Health Information Networks Cardiology Uses.

Component 3-Terminology in Healthcare and Public Health Settings Unit 16-Definitions and Concepts in the EHR This material was developed by The University.

Training. Intro to HEALTHeLINK HEALTHeLINK, the Western New York Clinical Information Exchange (WNYCIE), is a Regional Health Information Organization.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

Healthcare Information Standards Panel 2007,2008, and Beyond John D. Halamka MD Chair, HITSP.

S ecure A rchitecture F or E xchanging Health Information in Central Massachusetts Larry Garber, M.D. Peggy Preusse, R.N. June 9 th, 2005.

September, 2005What IHE Delivers 1 Basic Patient Privacy Consents IHE Educational Workshop 2007 John Moehrke Lori Forquet.

The Electronic Personal Health Record (ePHR) Beth Friedmann CS Spring 2007.

What IHE Delivers Basic Patient Privacy Consents HIT-Standards – Privacy & Security Workgroup John Moehrke GE Healthcare.

Office of the National Coordinator for Health Information Technology ONC Update for HITSP Board U.S. Department of Health and Human Services John W. Loonsk,

Terry McInnis, MD MPH President- Blue Thorn, Inc - Mobile Co-Chair- Center for.

1 Web Based Decision Support Tools Providing Information to Empower Consumers Consumer Driven Healthcare Summit John Mills Washington, DC September 27,

Confidentiality of Substance Use Disorder Treatment Information in an Era of Integration and Health Information Exchanges Ellen Weber University of Maryland.

Terminology in Healthcare and Public Health Settings Electronic Health Records Lecture b – Definitions and Concepts in the EHR This material Comp3_Unit15.

COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,

Health Information Exchange: Alaska’s Health Pipeline Alaska Bar Association Health Law Section February 2, 2012 Carolyn Heyman-Layne.

September, 2005What IHE Delivers 1 Joyce Sensmeier, MS, RN, BC, CPHIMS, FHIMSS Vice President, Informatics, HIMSS Charles Parisot, GE Healthcare IT infrastructure.

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 3 This material was developed by Oregon Health & Science University,

1 The information contained in this presentation is based on proposed and working documents. Health Information Exchange Interoperability Minnesota Department.

Background On the Rochester RHIO October 2014

Health Information Security and Privacy Collaborative (HISPC) Overview

MIT HIT Symposium How HIPAA Applies to HIT

SHARING CLINICAL DATA: Legal and Privacy Issues

Commonwealth of Virginia Health Information Technology

Disability Services Agencies Briefing On HIPAA

Health Information Exchange Interoperability

manatt | phelps | phillips

Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP

2006 AHIC Initial Use Cases Lab results reporting Medication tracking

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

Community Connectivity The MA Experience

ONC Update for HITSP Board

Presentation transcript:

The Patient as Steward of Healthcare Data Managing Consent Preferences John D. Halamka MD Louis Sullivan Lecture

Privacy is the Final Frontier  How do we record patient preferences about information sharing?  How do we transfer consent preferences among payers, providers, labs, pharmacies, personal health record vendors and other stakeholders?  How do we manage continually changing privacy preferences, situations and use cases?

1998 – Payer/Provider data exchange Health Insurance Portability and Accountability Act (HIPAA)‏

2004 – Provider/Provider data exchange Regional Health Information network Organizations (RHInOs)‏

2008 – The Patient as Data Steward  Consent Assertion Markup Language (CAML)‏

How it might work?  A Consent Wizard, available as an open source web application, codifies all the consent options inventoried by HISPC  The output of the Consent Wizard is a transportable XML representation of patient preferences that can be hosted by a payer, a PHR, or a RHIO and used to guide all information exchange

Flavors of Consent  Opt-Out = data is exchanged by default unless restricted by the patient  Opt-In = data is not exchanged by default until the patient consents  Quilted = a subset of data is exchanged with patient consent based on institution, data user, data producer, and situation

Scope of Consent  Institution –Opt Out = I do not wish the information at this institution to be shared –Opt In = I agree to share all information from this institution –Quilted = I agree to share my medications and labs but not my problem list and notes from this institution

Scope of Consent  Data User –Opt Out = I do not want to participate in this research study –Opt In = I want my data used by all stakeholders with audit protections, to optimize my health –Quilted = I want all my data shared with emergency providers, primary care physicians, payers and public health agencies, but not with pharmaceutical firms

Scope of Consent  Data Producer –Opt Out = I do not want my laboratory records shared –Opt In = I want my data from labs, pharmacies and payers shared with providers –Quilted = I want my pharmacy records shared except medications used for mental health, HIV, and substance abuse treatment

Scope of consent  Situation –Opt Out = I do not want my data shared for simple office visits with one-time providers i.e. out of town visit to an urgent care for a small laceration repair –Opt In = I want my data shared for all care situations –Quilted = I want my data shared for all emergency visits but not for routine care

How it might appear

How it might appear

What this means  I opt-in to share all my data from Beth Israel Deaconess Medical Center  I opt-out of participating in a clinical trial at Harvard Clinical Research Institute  I opt-in to sharing my Walgreens prescription data except mental health medications  I opt-in to sharing all data (including mental health medications) for emergency care

The devil is in the details  The Consent Wizard would need to enforce integrity of consent options to avoid conflicting preferences i.e. patients cannot both opt-out and opt-in for data sharing with the same data user and situation  A hierarchy must be created to ensure consistent interpretation of complex consent such as situation > institution > data user > data producer i.e. an opt-in for emergency department data sharing overrides data producer opt-outs

How could this be implemented?  A Payer implements a patient portal which hosts the Consent Wizard and authenticates the patient. When a provider does a 270/271 transaction, the CAML data is returned with the 271 response or is available as a 275 claims attachment

How could this be implemented?  A Personal Health Record vendor provides the Consent Wizard to patients but does not need to verifiably authenticate the patient. When the patient 'authenticates' with the provider during the care registration process, the patient provides the PHR vendor name and account information needed to access their CAML data

How could this be implemented?  A RHIO, on behalf of the community, hosts the Consent Wizard and provides access to the CAML records of the community

Next steps  Consideration by the AHIC Security and Privacy Working Group  If AHIC proposes a use case, then SDOs would need to work on CAML or adapt XACML (existing standard for access control) to support CAML principles  Pilot projects for Consent Wizard development