Presentation is loading. Please wait.

Presentation is loading. Please wait.

Project Proposal to IHE IHE ITI Representational State Transfer (REST) Transport Implementation Guide for Data Segmentation for Privacy (DS4P) Submitted.

PublishGiles Hill Modified over 6 years ago

Similar presentations

Presentation on theme: "Project Proposal to IHE IHE ITI Representational State Transfer (REST) Transport Implementation Guide for Data Segmentation for Privacy (DS4P) Submitted."— Presentation transcript:

1 Project Proposal to IHE IHE ITI Representational State Transfer (REST) Transport Implementation Guide for Data Segmentation for Privacy (DS4P) Submitted by S&I Framework Data Segmentation for Privacy Initiative 10/12/2013 Detailed Proposal Presentation 11/12/2013 Johnathan Coleman, CISSP Initiative Coordinator, Data Segmentation for Privacy OCPO/ONC/HHS (CTR) Tel: (843)  

2 Why Segment Data? The Need for Data Segmentation
Some healthcare information requires special handling that goes beyond the protection already provided through the HIPAA Privacy rule, which allows health care providers to disclose protected health information without patient consent for treatment, payment and health care operations purposes. Protection through the use of data segmentation emerged in part through state and federal privacy laws which address social hostility and stigma associated with certain medical conditions.* According to recent estimates posted on healthit.gov: An estimated 26% of Americans age 18 and older are living with a mental health disorder in any given year. 46% will have a mental health disorder over the course of their lifetime. An estimated 8% of Americans are in need of drug or alcohol abuse treatment. Patients suffering from serious mental illness have increased rates of co-occurring conditions, which results in a reduced life expectancy of 8-17 years. * The confidentiality of alcohol and drug abuse Patient records regulation and the HIPAA privacy rule: Implications for alcohol and substance abuse programs; June 2004, Substance Abuse and Mental Health Services Administration.

3 Why Segment Data? Examples of Legal Privacy Protections :
42 CFR Part 2: Federal Confidentiality of Alcohol and Drug Abuse Patient Records regulations protect specific health information from exchange without patient consent. Title 38, Section 7332, USC : Laws protecting certain types of health data coming from covered Department of Veterans Affairs facilities and programs. Types of data include sickle cell anemia, HIV, and substance abuse information. PIPEDA: Personal Information Protection and Electronic Documents Act (Canada) requires consent of the individual for collection, use, or disclosure (with some exceptions). Other State and Federal laws relating to certain conditions or types of data, including: Mental Health - Data Regarding Minors Intimate Partner Violence/Sexual Violence - Genetic Information HIV Related Information.

4 Supporting Material Data Segmentation for Privacy Use Case document.
HL7 DS4P Implementation Guide (going through ballot reconciliation) describes standards for privacy metadata for use over eHealth Exchange and DIRECT. Analysis of HITSC recommendations for privacy metadata supporting the PCAST vision for tagged data elements. DS4P IG Test Procedures Strong Community Participation: Over 300 Participating Individuals, 98 Committed Members, 92 Organizations 6 Pilots (1 Federal, 5 Industry): VA/SAMHSA (Demonstrated at HIMSS 2013 Interoperability Showcase) NETSMART (Demonstrated at HIMSS 2013 Interoperability Showcase) Software and Technology Vendors' Association (SATVA) Jericho / University of Texas Greater New Orleans Health Information Exchange (GNOHIE) TeraDact

5 Technical Approach We look forward to feedback and IHE guidance regarding the technical approach for development of this supplement. Possibilities include development of a RESTful guide for the secure exchange of privacy-annotated documents, JSON (JavaScript Object Notation)/ Extensible Markup Language (XML) resources, or other types, in collaboration with S&I community and pilot participants. The technical approach will leverage existing efforts with RESTful standards development and utilization of common/reusable components from ongoing standards development efforts. FHIR may be considered a potential consumer of this proposed supplement, leveraging standards as possibly constrained and/or specified for use in the exchange of healthcare FHIR-based resources. Security Labels to support Authorization and Access Control policies – reusing the fields and terminology specified in the HL7 Healthcare Classification System and that support the needs of project such as the S&I DS4P. This specification may be able to clarify the use of security labels in the RESTful API.

6 Development Considerations
Risks: Policy considerations: Over-thinking the merits of any particular privacy policy used as an example/reference for implementation. Need to stay focused on the technical application of privacy metadata in a RESTful API rather than engage in a policy discussion about the benefits or drawbacks of any particular privacy policy. The specification may constrain the base standards for healthcare and, specifically, for secure exchange of privacy-protected information Effort Estimates This project proposal is looking to result in a useful, concise, policy agnostic supplement (less than 30 pages). The ONC S&I DS4P community will be encouraged to join/participate in the IHE process for the development of this supplement, including encouraging existing and new S&I DS4P pilots to work with IHE to develop, implement and test the supplement in a healthcare setting. DS4P S&I resources and pilots will be encouraged to help support the development effort and participate in community meetings.

7 User Story Example (1)  The Patient receives care at their local hospital for a variety of conditions, including substance abuse as part of an Alcohol/Drug Abuse Treatment Program (ADATP).  Data requiring additional protection and consent directive are captured and recorded. The patient is advised that the protected information will not be shared without their consent.

8 User Story Example (2)  A clinical workflow event triggers additional data to be sent to Provider/Organization 2. This disclosure has been authorized by the patient, so the data requiring heightened protection is sent along with a prohibition on redisclosure.  Provider/ Organization 2 electronically receives and incorporates patient additionally protected data, data annotations, and prohibition on redisclosure.

Download ppt "Project Proposal to IHE IHE ITI Representational State Transfer (REST) Transport Implementation Guide for Data Segmentation for Privacy (DS4P) Submitted."

Similar presentations

Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.

Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.
1 Patients’ Rights and Responsibilities. PATIENT RIGHTS 2 Every healthcare facility is mandated to display the following Rights and Responsibilities:

1 Patients’ Rights and Responsibilities. PATIENT RIGHTS 2 Every healthcare facility is mandated to display the following Rights and Responsibilities:
Confidentiality and HIPAA

Confidentiality and HIPAA
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
National Cancer Institute Cancer Therapy Evaluation Program (CTEP) presents: How to Obtain Protected Health Information (PHI) from an Outside Healthcare.

National Cancer Institute Cancer Therapy Evaluation Program (CTEP) presents: How to Obtain Protected Health Information (PHI) from an Outside Healthcare.
Ethics, Confidentiality, and HIPAA! 2006 ASAC Drug Court Confidentiality FMJ Multi- County November 8, 2006.

Ethics, Confidentiality, and HIPAA! 2006 ASAC Drug Court Confidentiality FMJ Multi- County November 8, 2006.
ONC Privacy and Security Update May 7, 2013 Joy Pritts, JD Chief Privacy Officer.

ONC Privacy and Security Update May 7, 2013 Joy Pritts, JD Chief Privacy Officer.
Davis Wright Tremaine LLP Non-HIPAA Governmental Regulation of Healthcare Privacy and Security Sixteenth HIPAA Summit/The Privacy Symposium August 21,

Davis Wright Tremaine LLP Non-HIPAA Governmental Regulation of Healthcare Privacy and Security Sixteenth HIPAA Summit/The Privacy Symposium August 21,
THE FOLLOWING SLIDES EXPLAIN THE REQUIRED ELEMENTS THAT MUST BE INCLUDED FOR A HIPAA AUTHORIZATION TO BE VALID HIPAA Authorizations.

THE FOLLOWING SLIDES EXPLAIN THE REQUIRED ELEMENTS THAT MUST BE INCLUDED FOR A HIPAA AUTHORIZATION TO BE VALID HIPAA Authorizations.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA)
Objectives  Review federal statutes (HIPAA, FERPA)  Discuss state guidelines  Review local procedures 6 - 2.

Objectives  Review federal statutes (HIPAA, FERPA)  Discuss state guidelines  Review local procedures
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Project Proposal to IHE: Implementation Guide for Data Segmentation For Privacy (DS4P) over REST Submitted by S&I Framework Data Segmentation for Privacy.

Project Proposal to IHE: Implementation Guide for Data Segmentation For Privacy (DS4P) over REST Submitted by S&I Framework Data Segmentation for Privacy.
Beth DeLair, JD, RN DeLair Consulting, LLC. Discussion Topics Background Existing WI Requirements State Efforts to Change Law Senate Bill 487 Changes.

Beth DeLair, JD, RN DeLair Consulting, LLC. Discussion Topics Background Existing WI Requirements State Efforts to Change Law Senate Bill 487 Changes.
BH07 - Protecting Privacy in an Interoperable World John Leipold, DBA, MBA, COO Valley Hope Association, SATVA Board Member, Former Chair Frances Loshin-Turso,

BH07 - Protecting Privacy in an Interoperable World John Leipold, DBA, MBA, COO Valley Hope Association, SATVA Board Member, Former Chair Frances Loshin-Turso,
Connecting Health and Care for the Nation: A Shared Nationwide Interoperability Roadmap – DRAFT Version 1.0 Joint FACA Meeting Chartese February 10, 2015.

Connecting Health and Care for the Nation: A Shared Nationwide Interoperability Roadmap – DRAFT Version 1.0 Joint FACA Meeting Chartese February 10, 2015.
Report to the HITSC Privacy and Security Work Group S&I Framework Data Segmentation for Privacy Initiative 3/20/2013 1.

Report to the HITSC Privacy and Security Work Group S&I Framework Data Segmentation for Privacy Initiative 3/20/
EsMD Background Phase I of esMD was implemented in September of 2011. It enabled Providers to send Medical Documentation electronically Review Contractor.

EsMD Background Phase I of esMD was implemented in September of It enabled Providers to send Medical Documentation electronically Review Contractor.

Similar presentations

Ads by Google