Presentation is loading. Please wait.

Presentation is loading. Please wait.

What IHE Delivers Basic Patient Privacy Consents HIT-Standards – Privacy & Security Workgroup John Moehrke GE Healthcare.

Published byMaya Maher Modified over 11 years ago

Similar presentations

Presentation on theme: "What IHE Delivers Basic Patient Privacy Consents HIT-Standards – Privacy & Security Workgroup John Moehrke GE Healthcare."— Presentation transcript:

1 What IHE Delivers Basic Patient Privacy Consents HIT-Standards – Privacy & Security Workgroup John Moehrke GE Healthcare

2 2 What do Standards Define? Policy Driven by business goals Driven by business goals Informed by Risk Assessments Informed by Risk Assessments Defines rights and responsibilities Defines rights and responsibilities Defines punishment Defines punishmentProcess Enforces policy Enforces policy How people or organizations act How people or organizations act who / what / where / when / how who / what / where / when / howTechnology Enforces policy Enforces policy How equipment should act How equipment should act Algorithms and data formats Algorithms and data formats Policy Process Technology

3 3 Before (2006) One Policy for the XDS Affinity Domain (HIE) Patient doesnt agree Dont publish VIP Patient Dont publish Sensitive Data Dont publish Research Use No Access

4 4 Basic Patient Privacy Consents Human Readable Machine Processable Characteristics of a CDA Document Multiple Consent Types and Documents (e.g., HIPAA) Wet Signature Capture (i.e. XDS-SD) Digital Signature Capture Possible (i.e. DSG) Provider, Witness, Patient or Legal Representative Provider, Witness, Patient or Legal RepresentativeExtensible

5 5 Document Content & Modes of Exchange Document Exchange Integration Profiles Document Sharing XDS Media Interchange XDM Reliable Interchange XDR Document Content Profiles Consent BPPC Emergency EDR Pre Surgery PPH P Scanned Doc XDS-SD Laboratory XD*-Lab PHR Exchange XPHR Discharge & Referrals XDS-MS Imaging XDS-I Cross-Community Access XCA

6 6 Value Proposition An XDS Affinity Domain (RHIO, HIE) Develop a set of privacy policies, Develop a set of privacy policies, Each policy is given a number (OID) Each policy is given a number (OID) Implement them with role-based or other access control mechanisms supported by EHR systems. Implement them with role-based or other access control mechanisms supported by EHR systems. A patient can Be made aware of the privacy policies. Be made aware of the privacy policies. Have an opportunity to selectively acknowledge the from the policies presented Have an opportunity to selectively acknowledge the from the policies presented Have control over access to their healthcare information. Have control over access to their healthcare information.

7 7 Written Policy Example The patient agrees to share their healthcare data to be accessed only by doctors wearing a chicken costume.

8 8 BPPC supportable Consents Explicit Opt-In is required which enables HIE allowed document use Explicit Opt-Out that would prevent all use of their documents Implicit Opt-In allows for document use Explicit Opt-Out of any document publication Explicit Opt-Out of sharing outside of local event use, but does allowing emergency override Explicit Opt-Out of sharing outside of local event use, and without emergency override Explicit authorization that would allow specific research project Change the consent policy (change from opt-in to opt-out) Allow direct use of the document, but not re-publishing Enable use of document retrieval across communities using XCA Explicit individual policy for opt-in at each clinic Explicit individual policy for opt-in for a PHR choice Explicit Opt-In for a period of time (episodic consent)

9 9 HHS Whitepaper on Consent (March 2010) No consent. Health information of patients is automatically includedpatients cannot opt out; Opt-out. Default is for health information of patients to be included automatically, but the patient can opt out completely; Opt-out with exceptions. Default is for health information of patients to be included, but the patient can opt out completely or allow only select data to be included; Opt-in. Default is that no patient health information is included; patients must actively express consent to be included, but if they do so then their information must be all in or all out; and Opt-in with restrictions. Default is that no patient health information is made available, but the patient may allow a subset of select data to be included.

10 10 Characteristic of a CDA document PersistenceStewardship Potential for authentication ContextWholeness Human readability A CDA document is a defined and complete information object that can include text, images, sounds, and other multimedia content.

11 11 Capturing the Patient Consent act One of the Affinity Domain Consent policies CDA document captures the act of signing Effective time (Start and Sunset) Effective time (Start and Sunset) templateID – BPPC document templateID – BPPC document XDS-SD – Capture of wet signature from paper XDS-SD – Capture of wet signature from paper DSIG – Digital Signature (Patient, Guardian, Clerk,System) DSIG – Digital Signature (Patient, Guardian, Clerk,System) XDS Metadata classCode – BPPC document classCode – BPPC document eventCodeList – the list of the identifiers of the AF policies eventCodeList – the list of the identifiers of the AF policies confidentialityCode – could mark this document as sensitive confidentialityCode – could mark this document as sensitive

12 12 Scanned Document details Privacy Consent details Policy 9.8.7.6.5.4.3.2.1 S S t t r r u u c c t t u u r r e e d d C C o o n n t t e e n n t t w w i i t t h h c c o o d d e e d d s s e e c c t t i i o o n n s s : : Structured and Coded CDA Header Time of Service, etc. Base64 encoded XDS-MS + XDS-BPPC + XDS-SD Patient, Author, Authenticator, Institution, XDS Metadata: Consent Document Digital Signature IHE-DSG – Digital Signature Signature value Pointer to Consent document Consent document

13 13 Standards and Profiles Used HL7 CDA Release 2.0 IHE - XDS Scanned Documents PDF/A - ISO 19005-1b PDF/A - ISO 19005-1b IHE - Document Digital Signature XML-Digital Signature, XadES XML-Digital Signature, XadES IHE - Cross Enterprise Document Sharing IHE - Cross Enterprise Sharing on Media IHE - Cross Enterprise Reliable Interchange IHE - Cross Community Access

14 14 Using documents XDS Registry Stored Query Transaction Consumer may request documents with specific policies Filtered response Consumer may request documents with specific policies Filtered response XDS Consumer Actor Informed about confidentialityCodes -- Metadata Informed about confidentialityCodes -- Metadata Knows the user, patient, setting, intention, urgency, etc. Knows the user, patient, setting, intention, urgency, etc. Enforces Access Controls (RBAC) according to confidentiality codes Enforces Access Controls (RBAC) according to confidentiality codes No access given to documents marked with unknown confidentiality codes No access given to documents marked with unknown confidentiality codes

15 15 XDR & XDM XDR & XDM Same responsibilities Should include copy of relevant Consents Importer needs to coerce the confidentiality codes Need to recognize that in transit the document set may have been used in ways inconsistent (e.g. Physical Access Controls)

16 16 Informed by Privacy Policy Standards ISO IS22857 Trans-border Flow of Health Information ISO TS 26000 Privilege Management and Access Control (Parts 1, 2, draft 3) ASTM E1986 Standard Guide for Information Access Privileges to Health Information

17 17 Active Standards Work OASIS Profile for how to express attributes in cross-organization (SAML, XACML, WS-Trust, WS-Federation, WS-Policy) Profile for how to express attributes in cross-organization (SAML, XACML, WS-Trust, WS-Federation, WS-Policy)HL7 Standard for Consent Directive Document Standard for Consent Directive Document Ontology for Security and Privacy (Permissions, Sensitivity, Healthcare User Roles, etc) Ontology for Security and Privacy (Permissions, Sensitivity, Healthcare User Roles, etc) Identified Privacy Policy Reference Catalog (opt-in, opt-out, ++) Identified Privacy Policy Reference Catalog (opt-in, opt-out, ++) SOA model for Privacy/Security Access Control as a Service SOA model for Privacy/Security Access Control as a ServiceIHE White Paper on overall Access Control Model for healthcare White Paper on overall Access Control Model for healthcare Updates to XUA profile to recognize user attributes such as role, intended- use, authentication level of assurance. Updates to XUA profile to recognize user attributes such as role, intended- use, authentication level of assurance.ISO ISO14265: Classification of purposes for processing personal health information ISO14265: Classification of purposes for processing personal health information

18 What IHE Delivers Questions?

Download ppt "What IHE Delivers Basic Patient Privacy Consents HIT-Standards – Privacy & Security Workgroup John Moehrke GE Healthcare."

Similar presentations

IT Infrastructure Glen Marshall Siemens Health Solutions IHE IT Infrastructure Committee Co-chair.

IT Infrastructure Glen Marshall Siemens Health Solutions IHE IT Infrastructure Committee Co-chair.
September, 2005What IHE Delivers 1 Key Image Notes Evidence Documents Simple Image & Numeric Report Access to Radiology Information IHE Vendors Workshop.

September, 2005What IHE Delivers 1 Key Image Notes Evidence Documents Simple Image & Numeric Report Access to Radiology Information IHE Vendors Workshop.
XDM / XDR Point-to-Point Transmission of Documents

XDM / XDR Point-to-Point Transmission of Documents
September, 2011What IHE Delivers Cross-enterprise Workflow Management (XDW profile) IT Infrastructure Planning Committee Luca Zalunardo, Arianna Cocchiglia.

September, 2011What IHE Delivers Cross-enterprise Workflow Management (XDW profile) IT Infrastructure Planning Committee Luca Zalunardo, Arianna Cocchiglia.
September, 2005What IHE Delivers 1 CDA-based content integration profiles Philippe Lagouarde, Cegedim Co-chair Vendor, IHE-France.

September, 2005What IHE Delivers 1 CDA-based content integration profiles Philippe Lagouarde, Cegedim Co-chair Vendor, IHE-France.
IHE IT Infrastructure Domain Update

IHE IT Infrastructure Domain Update
IHE ITI Profile Proposal XCA Query and Retrieve Fraunhofer ISST and Tiani Spirit on behalf of epSOS Consortium and epSOS Industry Team.

IHE ITI Profile Proposal XCA Query and Retrieve Fraunhofer ISST and Tiani Spirit on behalf of epSOS Consortium and epSOS Industry Team.
XDM / XDR Point-to-Point Push of Documents

XDM / XDR Point-to-Point Push of Documents
September, 2005What IHE Delivers 1 Implementing IHE in Regional Health Information Networks IHE Europe 2006 - Changing the Way Healthcare Connects IHE.

September, 2005What IHE Delivers 1 Implementing IHE in Regional Health Information Networks IHE Europe Changing the Way Healthcare Connects IHE.
IHE IT Infrastructure Outreach to Patient Care Coordination Domain Michael Nusbaum IT Infrastructure Planning Committee December 13 th, 2010.

IHE IT Infrastructure Outreach to Patient Care Coordination Domain Michael Nusbaum IT Infrastructure Planning Committee December 13 th, 2010.
September, 2005What IHE Delivers 1 Basic Patient Privacy Consents (BPPC) IHE Vendors Workshop 2006 IHE Patient Care Coordination Education

September, 2005What IHE Delivers 1 Basic Patient Privacy Consents (BPPC) IHE Vendors Workshop 2006 IHE Patient Care Coordination Education
September, 2005What IHE Delivers 1 Presenters: Keith W. Boone, John Donnelly, Larry McKnight, Dan Russler IHE Patient Care Coordination.

September, 2005What IHE Delivers 1 Presenters: Keith W. Boone, John Donnelly, Larry McKnight, Dan Russler IHE Patient Care Coordination.
XDS Security ITI Technical Committee May 27, 2006.

XDS Security ITI Technical Committee May 27, 2006.
IHE IT Infrastructure Domain Update

IHE IT Infrastructure Domain Update
PRESENTATION TITLE Name of Presenter Company Affiliation IHE Affiliation.

PRESENTATION TITLE Name of Presenter Company Affiliation IHE Affiliation.
June 28-29, 2005IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Cross-enterprise Document Sharing for Imaging (XDS-I) Rita Noumeir.

June 28-29, 2005IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Cross-enterprise Document Sharing for Imaging (XDS-I) Rita Noumeir.
Nationwide Health Information Network Exchange and the SSA Patient Authorization June 18, 2012.

Nationwide Health Information Network Exchange and the SSA Patient Authorization June 18, 2012.
PH Reporting Health IT Standardization Framework Proposal for Review S&I PH Reporting Initiative-Call 10/12.

PH Reporting Health IT Standardization Framework Proposal for Review S&I PH Reporting Initiative-Call 10/12.
September, 2005What IHE Delivers 1 Karen Witting IBM Cross-Community: Peer- to-Peer sharing of healthcare information.

September, 2005What IHE Delivers 1 Karen Witting IBM Cross-Community: Peer- to-Peer sharing of healthcare information.
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT, EUA, PWP, DSIG IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn,

September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT, EUA, PWP, DSIG IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn,

Similar presentations

Ads by Google