Presentation is loading. Please wait.

Presentation is loading. Please wait.

September, 2005What IHE Delivers 1 Basic Patient Privacy Consents IHE Educational Workshop 2007 John Moehrke GE Healthcare Lori Fourquet e-HealthSign LLC.

Published byAldous Evans Modified over 8 years ago

Similar presentations

Presentation on theme: "September, 2005What IHE Delivers 1 Basic Patient Privacy Consents IHE Educational Workshop 2007 John Moehrke GE Healthcare Lori Fourquet e-HealthSign LLC."— Presentation transcript:

1 September, 2005What IHE Delivers 1 Basic Patient Privacy Consents IHE Educational Workshop 2007 John Moehrke GE Healthcare Lori Fourquet e-HealthSign LLC

2 2 Basic Patient Privacy Consents XDS-MS Medical Documents Medical Summaries Referral Discharge Summary BCCP Consent EDR Emergency Department Referral PPHP Preprocedure History and Physical History and Physical XPHR PHR Update XDS-LAB Lab Report PHR Extract BCCP Consent

3 3 What do Standards Define? Policy  Driven by business goals  Informed by Risk Assessments  Defines rights and responsibilities  Defines punishment Process  Enforces policy  How people or organizations act  who / what / where / when / how Technology  Enforces policy  How equipment should act  Algorithms and data formats Policy Process Technology

4 4 Before One Policy for the Affinity Domain Patient doesn’t agree  Don’t publish VIP Patient  Don’t publish Sensitive Data  Don’t publish Research Use  No Access

5 5 Basic Patient Privacy Consents Small number of pre-coordinated Affinity Domain Privacy Consent  Patient can choose which ones to agree to Data is classified and published under the authority of a specific Privacy Consent Data is used in conformance with original Privacy Consent Applicable for XD* mechanism

6 6 Abstract The Basic Patient Privacy Consents (BPPC) profile provide mechanisms to:  Record the patient privacy consent(s),  Mark documents published to XDS/XDR/XDM with the patient privacy consent(s) that was used to authorize the publication,  Enforce the privacy consent(s) appropriate to the use.

7 7 XD* OPTIONS XDS Document Source XDS Document Consumer XDR Document Source XDR Document Recipient XDM Document Sources XDM Document Receivers Nothing new for XDS Registry and Repository

8 8 Key Technical Properties Human Readable Machine Processable Supports standards-based Access Controls Multiple Consent Types and Documents (e.g., HIPAA)  Opt-in or Opt-out  Implicit or Explicit  Time Limited Wet Signature Capture (i.e. XDS-SD) Digital Signature Capture Possible (i.e. DSG)  Provider, Witness, Patient or Legal Representative Extensible

9 9 Value Proposition An Affinity Domain (RHIO, HIE)  develop a set of privacy policies,  and implement them with role-based or other access control mechanisms supported by EHR systems. A patient can  Be made aware of the privacy policies.  Have an opportunity to selectively control access to their healthcare information.

10 10 Standards and Profiles Used CDA Release 2.0 XDS Scanned Documents Document Digital Signature Cross Enterprise Document Sharing Cross Enterprise Sharing on Media Cross Enterprise Sharing with Reliable Messaging

11 September, 2005What IHE Delivers 11 Deeper Dive

12 12 Value Proposition An Affinity Domain (RHIO, HIE)  develop a set of privacy policies. For Example: No HIE use allowed (e.g. Opt-Out) No HIE use allowed (e.g. Opt-Out) All clinical use (e.g. Opt-In) All clinical use (e.g. Opt-In) Restricted to Assigned Clinician + Emergency Mode Restricted to Assigned Clinician + Emergency Mode Emergency Data Set Emergency Data Set De-Identified document De-Identified document  Each policy is given a number (OID)  implement them with role-based or other access control mechanisms supported by EHR systems.

13 13 Capturing the Patient Consent act One of the Affinity Domain Consent policies CDA document captures the act of signing  Effective time (Start and Sunset)  templateID – BPPC document  XDS-SD – Capture of wet signature from paper  DSIG – Digital Signature (Patient, Guardian, Clerk,System) XDS Metadata  classCode – BPPC document  eventCodeList – the list of the identifiers of the AF policies  confidentialityCode – could mark this document as sensitive

14 14 Scanned Document details Privacy Consent details Policy 9.8.7.6.5.4.3.2.1 S S t t r r u u c c t t u u r r e e d d C C o o n n t t e e n n t t w w i i t t h h c c o o d d e e d d s s e e c c t t i i o o n n s s : : Structured and Coded CDA Header Time of Service, etc. Base64 encoded XDS-MS + XDS-BPPC + XDS-SD Patient, Author, Authenticator, Institution, XDS Metadata: Consent Document Digital Signature IHE-DSG – Digital Signature Signature value Pointer to Consent document Consent document

15 15 Marking all XDS Documents Use Affinity Domain well formed vocabulary Indicated in XDS Metadata – confidentialityCode  List of appropriate-use consents  OR logic Registry rejects non-conformant confidentialityCodes Affinity Domain Policy must indicate rules for publishing documents with codes for which the patient has not specifically consented to.

16 16 Using documents XDS Registry Stored Query Transaction  Consumer may requests documents with specific policies  Filtered response XDS Consumer Actor  Informed about confidentialityCodes -- Metadata  Knows the user, patient, setting, intention, urgency, etc.  Enforces Access Controls (RBAC) according to confidentiality codes  No access given to documents marked with unknown confidentiality codes

17 17 XDR & XDM XDR & XDM Same responsibilities Should include copy of relevant Consents Importer needs to coerce the confidentiality codes Need to recognize that in transit the document set may have been used in ways inconsistent (e.g. Physical Access Controls)

18 September, 2005What IHE Delivers 18 Examples

19 19 Sample: HIMSS Privacy Demo Normal sharing  treatment, operations, and billing.  The normal sharing policy is implicit and does not need to exist prior to publication of documents  OID-A = 1.3.6.1.4.1.21367.2006.7.107 Sensitive topic  (e.g. HIV tests, and victims of domestic violence)  restricted sharing for treatment operations and billing.  Emergency override is allowed in cases with serious threat to patient safety, emergency override audit logging must be done.  OID-B = 1.3.6.1.4.1.21367.2006.7.109

20 20 Basic Patient Privacy Consents Example Encounter 1 (Patient Requires A) Encounter 2 (Patient OK with B) Log-in= local role R1 R1=Consent B Register Log-in= local role R3 R3=Consent A&B QueryRetrieve Consent A Consent B Register RHIO XDS Doc Registry/Repositories

21 21 Entries restricted to health service Private entries shared with GP Private entries shared with several named parties Entries restricted to sexual health team Entries accessible to administrative staff Entries accessible to clinical in emergency Entries accessible to direct care teams Sensitive Document Accessibility Source: Dipak Kalra & prEN 13606-4

22 22 Sample Consent Policies HIV StatusInformation published under the HIV Status policy may be released to: The healthcare providers providing treatment to the patient for HIV or related illness at the institution where the consent was provided. The patient and/or their legal representative. Any payer responsible for payment of that treatment. Sexual Health Information Information published under the Sexual Health Information policy may be released to: The healthcare providers providing treatment to the patient for the Sexual Health at the institution where the consent was provided. The patient and/or their legal representative. Any payer responsible for payment of that treatment. Mental Health Information Information published under the Mental Health Information policy may be released to: The healthcare providers providing treatment to the patient for the Mental Health at the institution where the consent was provided. The patient and/or their legal representative. Any payer responsible for payment of that treatment. Developmental Disability Information Information published under the Developmental Disability Information policy may be released to: The healthcare providers providing treatment to the patient for the Developmental Disability at the institution where the consent was provided. The patient and/or their legal representative. Any payer responsible for payment of that treatment Alcohol/Drug Abuse Information Information published under the Alcohol/Drug Abuse Information policy may be released to: The healthcare providers providing treatment to the patient for Alcohol/Drug Abuse at the institution where the consent was provided. The patient and/or their legal representative. Any payer responsible for payment of that treatment. TreatmentInformation published under the Treatment policy may be released to: Any healthcare provider providing treatment to the patient. The patient and/or their legal representative. Any payer responsible for payment of that treatment. ResearchInformation published under the research policy may be accessed by researchers.

23 23 eHealthConnecticut Sensitivity classes Care Management  Patient admission, clerk, billing Clinical Management  Technicians, lab, Clinical Care  Direct and indirect care Privileged Care  Mental Health, Substance Abuse, AIDS Personal care  Patient directed blocks Functional Role Subject of Care Subject of care agent Personal health professional  Named by patient Privileged health professional  Role specific Health-related professional  technician Administrator  clerk

24 24 Consent Matrix Care Mgmt Clinical Mgmt Clinical Care Privileged Care Personal Care Subject of Care YesYesYesYesYes Subject of Care Agent YesYesYesYesYes Personal Health Professional YesYesYesYesYes Privileged Health Prof YesYesYesYesYes Health Prof YesYesYesSpecialSpecial Health-Related Prof YesYesYesSpecialNo AdministratorYesYesSpecialNoNo

25 25 eHealthConnecticut Treatment allowed uses are enforced through typical role-based-access A Policy Table shows allowed use between sensitivity classes vs functional role Some table entries include special behaviors Healthcare Professional needs to get a consent- to-disclose on each publication and/or use of Privileged Care and Personal Care sensitivity classes Healthcare Professional needs to get a consent- to-disclose on each publication and/or use of Privileged Care and Personal Care sensitivity classes Personal care sensitivity class data when accessed by a healthcare professional requires the review the patient’s published consent. Personal care sensitivity class data when accessed by a healthcare professional requires the review the patient’s published consent.

26 26 Active Consents Centric All clinical documents are published with sub- set of confidentiality codes, indicating the type of data only, not the status of consent at the moment. Consent acts are captured and managed as indicated. Including replacement, and time constraints On USE, the Document Consumer is responsible for pulling down all current consent document, and treating the clinical documents according to current consent documents

27 27 Not currently available Lab results that shouldn’t be disclosed to the patient until they are consulted to by their GP.  Could be supported with xds-metadata change transaction Patient block for specified individual  Could be through required viewing by the human user of current patient consent policy, with human enforcement  Future policies may be machine processable Patient authorization of specified agent  Could be through required viewing by the human user of current patient consent policy, with human enforcement  Future policies may be machine processable

28 September, 2005What IHE Delivers 28 Questions?

Download ppt "September, 2005What IHE Delivers 1 Basic Patient Privacy Consents IHE Educational Workshop 2007 John Moehrke GE Healthcare Lori Fourquet e-HealthSign LLC."

Similar presentations

September, 2005What IHE Delivers 1 Key Image Notes Evidence Documents Simple Image & Numeric Report Access to Radiology Information IHE Vendors Workshop.

September, 2005What IHE Delivers 1 Key Image Notes Evidence Documents Simple Image & Numeric Report Access to Radiology Information IHE Vendors Workshop.
September, 2011What IHE Delivers Cross-enterprise Workflow Management (XDW profile) IT Infrastructure Planning Committee Luca Zalunardo, Arianna Cocchiglia.

September, 2011What IHE Delivers Cross-enterprise Workflow Management (XDW profile) IT Infrastructure Planning Committee Luca Zalunardo, Arianna Cocchiglia.
IHE IT Infrastructure Domain Update

IHE IT Infrastructure Domain Update
What IHE Delivers Basic Patient Privacy Consents HIT-Standards – Privacy & Security Workgroup John Moehrke GE Healthcare.

What IHE Delivers Basic Patient Privacy Consents HIT-Standards – Privacy & Security Workgroup John Moehrke GE Healthcare.
September, 2005What IHE Delivers 1 Implementing IHE in Regional Health Information Networks IHE Europe 2006 - Changing the Way Healthcare Connects IHE.

September, 2005What IHE Delivers 1 Implementing IHE in Regional Health Information Networks IHE Europe Changing the Way Healthcare Connects IHE.
IHE IT Infrastructure Outreach to Patient Care Coordination Domain Michael Nusbaum IT Infrastructure Planning Committee December 13 th, 2010.

IHE IT Infrastructure Outreach to Patient Care Coordination Domain Michael Nusbaum IT Infrastructure Planning Committee December 13 th, 2010.
September, 2005What IHE Delivers 1 Basic Patient Privacy Consents (BPPC) IHE Vendors Workshop 2006 IHE Patient Care Coordination Education

September, 2005What IHE Delivers 1 Basic Patient Privacy Consents (BPPC) IHE Vendors Workshop 2006 IHE Patient Care Coordination Education
September, 2005What IHE Delivers 1 Presenters: Keith W. Boone, John Donnelly, Larry McKnight, Dan Russler IHE Patient Care Coordination.

September, 2005What IHE Delivers 1 Presenters: Keith W. Boone, John Donnelly, Larry McKnight, Dan Russler IHE Patient Care Coordination.
XDS Security ITI Technical Committee May 27, 2006.

XDS Security ITI Technical Committee May 27, 2006.
June 28-29, 2005IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Cross-enterprise Document Sharing for Imaging (XDS-I) Rita Noumeir.

June 28-29, 2005IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Cross-enterprise Document Sharing for Imaging (XDS-I) Rita Noumeir.
1 Patients’ Rights and Responsibilities. PATIENT RIGHTS 2 Every healthcare facility is mandated to display the following Rights and Responsibilities:

1 Patients’ Rights and Responsibilities. PATIENT RIGHTS 2 Every healthcare facility is mandated to display the following Rights and Responsibilities:
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.

Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.
Slide 1 Sharing Images without CDs, The Next Imaging Sea Change GE Healthcare Chris Lindop GE Healthcare Interoperability & Standards.

Slide 1 Sharing Images without CDs, The Next Imaging Sea Change GE Healthcare Chris Lindop GE Healthcare Interoperability & Standards.
Distributing Images: Cross-enterprise Document Sharing for Imaging (XDS-I) Access to Radiology Information (ARI) Retrieve Information for Display (RID)

Distributing Images: Cross-enterprise Document Sharing for Imaging (XDS-I) Access to Radiology Information (ARI) Retrieve Information for Display (RID)
Consumer Privacy using HITSP TP30 John Moehrke – GE Healthcare Co-Chair HITSP Security/Privacy/Infrastructure Co-Chair HL7 Security Workgroup Member IHE.

Consumer Privacy using HITSP TP30 John Moehrke – GE Healthcare Co-Chair HITSP Security/Privacy/Infrastructure Co-Chair HL7 Security Workgroup Member IHE.
1 Charles Parisot, GE Healthcare IHE IT Infrastructure Planning Committee Co-chair IHE Update to DICOM.

1 Charles Parisot, GE Healthcare IHE IT Infrastructure Planning Committee Co-chair IHE Update to DICOM.
Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.

Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.

Similar presentations

Ads by Google