Data Segmentation for Privacy VA/SAMHSA/Mitre/Jericho/HIPAAT Pilot Sprint 7 Review Sprint #7 Technical Objectives – (2 week sprint ending August 24, 2012) Integrate DS4P Audit Services, executed rules, annontated C32 – FEi Team Complete document entry masking – FEi Team Design XDM Metadata Packaging – FEi Team Validate Current IG Test Cases – FEi Team Write Test Cases – FEi Team Additional Clinical Domains to Policy Editors - VA Team Finalize XACML Policies - VA Team Integrate HIPAAT - VA Team Standup XDS.b Respository and Services - VA Team Resolve Web Service Issues - Mitre

Mitre Patient Authorization And Restrictions SAMHSA/FEISystems VA/Edmond Scientific Jericho Systems REM Reference ‘EHR’ PUSH SENDER HCS/ACS ORCHESTRATION HCS Rules Engine HCS Document Processing (Tagging) XACML PDP Enforcement Patient Sensitivity Constraints/Obligations Organizational/Jurisdictional/Applicable Privacy Law Obligations and Refrain Policies Consent Locator Access Control System (ACS) Clinical Rules Organizational Rules Push Receiver XDS and XD* Re-Disclosure ex. Enforce Release Constraints Enforce Internally Prototypic Third Party Enforce Constraints on Re-Disclosure Pilot Development Activities Phase I – Push Scenarios Patient Consent Directive Auth Decision Req AuthZ request(ACS) C32 AuthZ decision(ACS) Obligations Clinical Rules Organization Rules Data Segmentation for Privacy VA/SAMHSA/Mitre/Jericho/HIPAAT Pilot Sprint 6 Review Integrated HIPAAT Patient Authorization And Restrictions Partial Patient Consent Directive

Data Segmentation for Privacy VA/SAMHSA/Mitre/Jericho/HIPAAT Pilot Sprint 7 Review Sprint #7 Accomplishments FEiSystems Integrated DS4P Audit Service to log executed Drools rules and annotated C32 document Implemented document entry masking based patient consent directives Designed and partially implemented XDM Metadata packaging

Data Segmentation for Privacy VA/SAMHSA/Mitre/Jericho/HIPAAT Pilot Sprint 7 Review Sprint #7 Accomplishments Mitre Added Masking Constraints In Web Service Response Ability to add New Recipients Updated RequestManager GUI look and feel

Data Segmentation for Privacy VA/SAMHSA/Mitre/Jericho/HIPAAT Pilot Sprint 7 Review Sprint #7 Accomplishments - VA HIEOS XDS.b Respository stood up – Currently Testing Services Integrated HIPAAT Patient Consent Services Clinical Annotation Rules – Problem list now using UMLS UTS Services Clinical Annotation Rules – Medication list now using NLM RxNORM services Created New XACML Policies for HL7 Demonstration – Test Sprint 8 -NwHINDirectSendMitre -NwHINDirectSendHIPAAT -NwHINDirectReceive -NwHINDirectCollect -NwHINDirectRedisclose Embedded Karion GUI into Demonstration Harness

Data Segmentation for Privacy VA/SAMHSA/Mitre/Jericho/HIPAAT Pilot Sprint 7 Review Sprint #7 Accomplishments – Jericho Systems Policy and Engineering Support Sprint #7 Accomplishments – HIPAAT Policy and Engineering Support Created 5 Test Patient Consent Directives Exposed ConsentValidation Services on Web

Data Segmentation for Privacy VA/SAMHSA/Mitre/Jericho/HIPAAT Pilot Sprint 7 Review Sprint #8 Holdovers XDS.b Test and Validation, issues were identified in Sprint 7 - VA Team Integrate HIPAAT into ContextHandler – VA Team Update Consent Policies - HIPAAT XDM Metadata and Packaging – FEiSystems

Data Segmentation for Privacy VA/SAMHSA/Mitre/Jericho/HIPAAT Pilot Sprint 7 Review July 2012 August 2012 September 2012 Patient Consent Services Reference Model Release/ Foundation Library Build Design Release Draft Final HL7 Demonstration Virtual Demonstrations/Testing Development/Integrate/Test DS4P Rules Engine Design Release Development/Integrate/Test DS4P Policy Engine and Services Design Release Development/Integrate/Test Sprint #5 September 10 th Mitre/VA FEISystems/VA JerichoSystems/VA Team Integration Sprint #6 Test and Validation Sprint #7 Test and Validation Sprint 8 Project Milestones Phase 1 – Push Scenarios Document & Demo Sprint 9