Presentation is loading. Please wait.

Presentation is loading. Please wait.

Report to the HITPC Security and Privacy Tiger Team S&I Framework Data Segmentation for Privacy Initiative Pilots 3/10/2014 1.

Similar presentations


Presentation on theme: "Report to the HITPC Security and Privacy Tiger Team S&I Framework Data Segmentation for Privacy Initiative Pilots 3/10/2014 1."— Presentation transcript:

1 Report to the HITPC Security and Privacy Tiger Team S&I Framework Data Segmentation for Privacy Initiative Pilots 3/10/2014 1

2 User Story Example (1)  The Patient receives care at their local hospital for a variety of conditions, including substance abuse as part of an Alcohol/Drug Abuse Treatment Program (ADATP).  Data requiring additional protection and consent directive are captured and recorded. The patient is advised that the protected information will not be shared without their consent.

3 User Story Example (2) 3  A clinical workflow event triggers additional data to be sent to Provider/Organization 2. This disclosure has been authorized by the patient, so the data requiring heightened protection is sent along with a prohibition on redisclosure.  Provider/ Organization 2 electronically receives and incorporates patient additionally protected data, data annotations, and prohibition on redisclosure.

4 HL7 Implementation Guide: Data Segmentation for Privacy (DS4P), Release 1 Completed Normative Ballot in Jan 2014 and was successfully reconciled in Feb HL7 approved the final standard for publication and are processing with ANSI. The standard uses document level tagging to convey confidentiality levels and obligations. The standard uses vocabularies to convey specific meanings, such as “Do not re-disclose without consent” or “This document is restricted”. DS4P Standard 4

5 HL7 Implementation Guide: Data Segmentation for Privacy (DS4P), Release 1 Contains three volumes: Content Specification DS4P with Direct DS4P with Exchange DS4P Standard 5

6 Volume 1: CDA R2 and Privacy Metadata Reusable Content Profile Contains templates and reusable building blocks for the transport specifications. – The reusable building blocks may be applied to other information exchange standards Enables the association of information object (e.g. document) with security labels, which can be linked to privacy policies. Supports the requirement to specify the provenance of clinical data contained in the structured content of a clinical document. DS4P Standard 6

7 Volume 2 : NwHIN Direct Transport Profile, and Volume 3: NwHIN Exchange Transport Profile Transport Profiles containing transport specific constraints based on the reusable building blocks. The constraints are applied to the transport-specific metadata (e.g. Document Sharing /XDS Metadata used by Exchange, and XDM Metadata used by Direct). The generic transport-specific metadata were added to the underlying technical framework (i.e. IHE ITI Vol. 3) DS4P Standard 7

8 Selected Standards 8 STANDARD: HL7 Implementation Guide: Data Segmentation for Privacy (DS4P), Release 1 (Includes Content Profile, Profile for Direct, Profile for exchange) Capability Standards/Profiles used by the HL7 DS4P R1 Standard Specific Usage Metadata Vocabularies (for Transport and/or Document Metadata) HL7 RefrainPolicy Conveys specific prohibitions on the use of disclosed health information (e.g. prohibition of redisclosure without consent) HL7 PurposeofUse Conveys the purpose of the disclosure of health information (e.g. treatment, research, emergency) HL7 BasicConfidentialityCode Kind Used to represent confidentiality codes associated with disclosed health information (e.g. restricted) as specified in the HL7 Healthcare Security Classification standard (HCS). HL7 ObligationCode Used to convey specific obligations associated with disclosed health information (e.g. encryption) HL7 ActPolicyTypeUsed to convey a type of policy HL7 SensitivityPrivacyPolicy Used to convey the sensitivity level of a specific policy

9 CapabilityStandard/ProfileSpecific Usage Patient Consent Structure HL7 Implementation Guide for CDA®, Release 2: Consent Directives, Release 1 (DSTU) Provides representations for expressing privacy preferences and exchanging privacy policies that can be enforced by consuming systems TransportSOAPTransport-level security TransportSMTP and S/MIME S/MIME attributes are bound to SMTP to provide for the use of secure as the transport mechanism for exchanging patient data Conveying Identity - Cross-Enterprise User Assertion (XUA) - OASIS SAML Specification Version 2.0 IHE XUA Metadata SAML Assertion (SAML Request and Response) Conveying IdentityX.509 Digital CertificatesPKI to support Direct implementations Selected Standards 9 Other Standards Referenced by the HL7 DS4P Standard:

10 DS4P PILOT ACCOMPLISHMENTS Data Segmentation for Privacy Initiative 10

11 VA/SAMHSA Pilot: The pilot was successfully tested and demonstrated in multiple venues, including the Interoperability showcase at HIMSS 2013 and the HL7 Plenary meeting in Baltimore, September VA have extended the DS4P capabilities to demonstrate utilization of FHIR for DS4P (demonstrated at HL7 in Jan 14, in real time, using resources from Australia, Canada and USA). Pilot Accomplishments 11

12 NETSMART Pilot: The pilot was successfully tested and demonstrated in multiple venues, including the Interoperability showcase at HIMSS The Netsmart DS4P Part 2 solution has been implemented with the community services referral network in Tampa Bay (2-1-1 system), helping them manage restricted data associated with programs regulated by 42 CFR part 2. Pilot Accomplishments 12

13 Jericho Systems / University of Texas/Conemaugh Pilot: Utilized an external patient consent repository to provide machine readable consent directives that can be processed according to various privacy policies as part of any automated release of PHI on the eHealth Exchange. The pilot used standards based message formats, consistent with current healthcare standards to support patient consent over released PHI, including segmented data. Pilot Accomplishments 13

14 CERNER BH (Formerly SATVA Pilot): Included Cerner Anasazi, Valley Hope Association, Defran Systems, Inc. and HEALTHeLINK Cerner recently reported their Behavioral Health solution will have DS4P (using Direct) incorporated into full production for release in April of this year. At HIMSS 2014 Cerner demonstrated marked-up CCDs being sent from the Cerner BH solution to the Cerner Millennium (large scale, general medical) solution. Demonstrated ability to send notice of prohibition on re-disclosure (as required by 42 CFR part 2) The Cerner Millennium solution design teams have begun work to recognize and process the DS4P marked-up data received from the Cerner BH solution. Their expectation is to include this functionality in a production release later this year. Pilot Accomplishments 14

15 CONCLUSION Data Segmentation for Privacy Initiative 15

16 Conclusion: Data segmentation standards are readily available, normative standards. They utilize widely adopted vocabularies to allow BH systems to better control how the information is handled. Pilots have demonstrated ability to mark data and to accompany data with requisite notice at the document level. One major vendor expects to include sending, receiving and processing BH information, using DS4P functionality, in a production release later this year (BH to general EHR) 16

17 Contact Information Thank you! Johnathan Coleman, CISSP, CISM Initiative Coordinator, Data Segmentation for Privacy Principal, Security Risk Solutions Inc. 698 Fishermans Bend, Mount Pleasant, SC Tel: (843) Julie Chua, PMP, CAP, CISSP Office of the Chief Privacy Officer Office of the National Coordinator for Health Information Technology Department of Health and Human Services Tel : (202) 17 Ioana Singureanu, MS Standards SME, Data Segmentation for Privacy Principal, Eversolve LLC 8 Woodvue Road, Windham, NH Tel: (603)

18 BACKUP SLIDES Data Segmentation for Privacy Initiative 18

19 Layered Approach for Privacy Metadata “Russian doll” concept of applying metadata with decreasing specificity as layers are added to the clinical data. Privacy metadata uses standards to convey: – Confidentiality of data in clinical payload – Obligations of receiving system – Allowed purpose of use Technical Approach 19

20 Types of Privacy Metadata used by DS4P Purpose of Use: –Defines the allowed purposes for the disclosure (e.g. Treatment, Emergency Treatment etc). Obligations: –Refrain Codes: Specific obligations being placed on the receiving system (e.g. do not re-disclose without consent) Confidentiality Codes: –Used by systems to help convey or enforce rules regarding access to data requiring enhanced protection. Uses “highest watermark” approach. Technical Approach 20

21 SENDING SYSTEM: Provider/Healthcare Organization A System Behavior Add privacy metadata to health information to be disclosed to other organization Identify Information that is further restricted Verify the patient’s privacy consent allows the disclosure of protected information RECEIVING SYSTEM: Provider/Healthcare Organization B Verify patient’s consent before re-disclosure of protected health information Process privacy metadata associated with health information received from other organizations Identify third-party protected information before re-disclosure Technical Approach 21

22 - LOINC Document Type/Datatype for CDA - ASC X /5010 for Healthcare Provider & facility types and Healthcare Coverage Type - SNOMED-CT for Protected diagnoses/problems -Query for consent directive location (optional) -Query for consent directive (optional) -Check HL7 CDA R2 PCD - HL7 Confidentiality Code: for CDA (N,R,V) -HL7 Refrain Code: (e.g. prohibition on re-disclosure without consent) -HL7 Purpose of Use: The purpose for the information disclosure (e.g. support treatment, payment, operations, research, etc.) -URL or XACML Pointer for Policy Reference if needed Requirements of Sending System Technical Approach SENDING SYSTEM: Provider/Healthcare Organization A Add privacy metadata to health information to be disclosed to other organization Identify Information that is further restricted Verify the patient’s privacy consent allows the disclosure of protected information 22

23 ALIGNMENT WITH PREVIOUS HITSC RECOMMENDATIONS Data Segmentation for Privacy Initiative 23

24 Response to HITSC S&P WG 24 HITSC RecommendationDS4P Analysis Metadata pertaining to privacy should include: Policy Pointer: A URL that points to the privacy policy in effect at the time the TDE is released. A Policy Pointer should point to a universally recognized Policy Reference to enable the consuming organizations to apply their interpretation of that policy.* Metadata can also be used to provide some context as to why the information is protected (i.e. policy pointer/reference), as well as the special handling obligation placed on the receiver as a result of the policy. *The Policy Pointer can be included in the IHE XD* metadata or in the Patient Consent Directive. Excerpt from 6/29/2012 Report

25 Response to HITSC S&P WG 25 HITSC RecommendationDS4P Analysis Metadata pertaining to privacy should include Content Metadata (Datatype and Sensitivity). Content Metadata that are needed to enforce current federal and state policies as well as to anticipate more granular policies that may be defined. Datatype: Information category from a clinical perspective. Sensitivity: Indicates special handling that may be necessary per the referenced policy. DS4P Approach uses Datatype and Confidentiality* content metadata Datatype as a data element refers to the document type (patient data) being exchanged. An initial list of possibly sensitive document types that would require data segmentation has been provided in the implementation guide. DS4P Approach leverages Confidentiality codes. Initial approaches recommended for piloting focus on using the confidentiality code specified within privacy metadata, or by using the Patient Consent Directive. * DS4P approach uses HL7 confidentiality codes as metadata to describe sensitivity. * Initial approaches recommended for piloting focus on using either the Patient Consent Directive as expressed using CDA or by specifying a confidentiality code within the IHE XDS/XDR/XDM metadata. Excerpt from 6/29/2012 Report

26 Response to HITSC S&P WG 26 HITSC RecommendationDS4P Analysis In order to provide coded values for Datatype, the LOINC codes specified in the CDA document code element are suggested. LOINC codes are suggested because they provide additional granularity. DS4P concurred with this recommendation and a constrained list of document types are included in the Data Segmentation for Privacy implementation guide that are specific to the requirements of data segmentation. As recommended by the Health IT Standards Committee, document codes MUST be defined using LOINC, and Sending and receiving systems MUST be able to validate and evaluate LOINC document types to be able to implement this guide. Excerpt from 6/29/2012 Report


Download ppt "Report to the HITPC Security and Privacy Tiger Team S&I Framework Data Segmentation for Privacy Initiative Pilots 3/10/2014 1."

Similar presentations


Ads by Google