VA-SAMHSA DS4P Pilot Demonstrations Data Segmentation for Privacy Initiative Veterans Health Administration Healthcare Information Governance Emerging.

Slides:



Advertisements
Similar presentations
Broker Portal ECF Enhancements Screen Navigation Walkthrough Please progress through the walkthrough by clicking your mouse button following each informational.
Advertisements

PantherSoft Financials Smart Internal Billing. Agenda  Benefits  Security and User Roles  Definitions  Workflow  Defining/Modifying Items  Creating.
CareCentrix Direct Training.
Data Segmentation for Privacy VA/SAMHSA/Mitre/Jericho Pilot Sprint 5 Review Sprint #5 Technical Objectives – (2 week sprint ending July 27, 2012) Story:
Project Proposal to IHE: Implementation Guide for Data Segmentation For Privacy (DS4P) over REST Submitted by S&I Framework Data Segmentation for Privacy.
Enforceable Specification of Privacy Peter Mork Jean Stanford CEM IR&D.
Information Services Portal Login/Logout. LOGIN PAGE Please refer to the following pages for scenarios 1, 2 and 3 Please refer to the ‘Guest User’ User.
Introduction to Online Data Collection (OLDC) Community Based Abstinence Education September, 2009.
Direct Implementation Perspective 0 Mark Bamberg, Vice President Research & Development MEDfx.
Question: What is Secure Envelope?
Tutorial Introduction Fidelity NTSConnect is an innovative Web-based software solution designed for use by customers of Fidelity National Title Insurance.
Data Segmentation for Privacy VA/SAMHSA/Mitre Pilot Sprint 4 Review Sprint #4 Technical Objectives Integration of Drools Service, Document Processing,
Qualifications Portal Guide Personal Development and Employability Qualification.
Presentation to HL7 S&I Framework Data Segmentation for Privacy Initiative 9/25/2013 Johnathan Coleman, CISSP Initiative Coordinator, Data Segmentation.
SMART Agency Tipsheet Staff List This document focuses on setting up and maintaining program staff. Total Pages: 14 Staff Profile Staff Address Staff Assignment.
UNCLASSIFIED User Guide Applicant. UNCLASSIFIED Table of Contents What is the SAFETY Act? Applicant Guide Help Desk.
System for Administration, Training, and Educational Resources for NASA SATERN Overview for Learners May 2006.
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review July 9, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review July 16, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.
Encryption Cisco Ironport using Click here to begin Press the ‘F5’ Key to Begin.
Parent Guide for staying connected. To Begin using Skyward Family Access you will need:  A computer connected to the internet  A web browser (Windows.
PubMed/History, Advanced Search and Review (module 4.3)
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review April 9, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.
VA-SAMHSA DS4P Pilot – Phase 2 HIMSS13 Sprint 4 VA Activities Pilot Project Partnership VA SAMHSA Jericho Systems MITRE HIPAAT Data Segmentation for Privacy.
OpenPASS Open Privacy, Access and Security Services “Quis custodiet ipsos custodes?”
Duty Log and Chat Setup SSG Frese, Jerome S. Sensor Manager Cell 12 MDD.
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review April 23, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.
Meet and Confer Rule 26(f) of the Federal Rules of Civil Procedure states that “parties must confer as soon as practicable - and in any event at least.
Privacy and Security Tiger Team Today’s Discussion: Query/Response Scenarios for Health Information Exchange February 21, 2013.
Training Guide for Inzalo SOP Users. This guide has been prepared to demonstrate the use of the Inzalo Intranet based SOP applications. The scope of this.
Data Segmentation for Privacy Agenda All-hands Workgroup Meeting May 9, 2012.
“Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review April 16, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.
0 eCPIC Admin Training: Automating User Account Management These training materials are owned by the Federal Government. They can be used or modified only.
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.
Key Issues of Interoperability in eHealth Asuman Dogac, Marco Eichelberg, Tuncay Namli, Ozgur Kilic, Gokce B. Laleci IST RIDE Project.
Version November 5, Central Florida REGIONAL HEALTH INFORMATION ORGANIZATION GE Healthcare eHealth Solutions CDT Training Session.
Rev.04/2015© 2015 PLEASE NOTE: The Application Review Module (ARM) is a system that is designed as a shared service and is maintained by the Grants Centers.
Health eDecisions Use Case 2: CDS Guidance Service Strawman of Core Concepts Use Case 2 1.
Training Guide for Inzalo SOP Posting. This guide has been prepared to demonstrate the use of the Inzalo Intranet based SOP Posting applications. The.
Atrezzo Provider Portal Outpatient Case Creation July 2015 INTEGRATED CARE MANAGEMENT AND QUALITY IMPROVEMENT 1.
Data Segmentation for Privacy VA/SAMHSA/Mitre/Jericho/HIPAAT Pilot Sprint 7 Review Sprint #7 Technical Objectives – (2 week sprint ending August 24, 2012)
Office of Housing Choice Voucher Program Voucher Management System – VMS Version Released October 2011.
A user guide to accessing, reviewing and contributing to the Online Registry System.
MassHealth Medicaid Management Information System (MMIS) Provider Online Service Center (POSC) Technical Upgrade January 13, 2016.
XACML Showcase RSA Conference What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation logic n.
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 13, 2013 Presented by: Michael Dufel and David Staggs Jericho Systems Corporation.
The Patient Choice Project Use Case Working Session February 12 th, 2016.
SAGE Nick Beard Vice President, IDX Systems Corp..
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review April 30, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.
Handling the SSA Patient Authorization September, 2015.
Testbed A Sun Microsystems PDP Domain A VMSlice Domain B VMSlice Jericho Systems PDP IP Address: xxx.xxx.xxx.xxx Duane’s Laptop IP Address: xxx.xxx.xxx.xxx.
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review November 5, 2013 Presented by: David Staggs JD, CISSP Jericho Systems Corporation.
FHA Training Module 1 This document reflects current policy related to this topic. Its content is approved for use in all external and internal FHA-related.
IT Desktop Management GoToMeeting – Online Meeting Service Organizer/Presenter Guide May 2007 Prepared by Angela Mars IT Education and Training.
Reporter Training for High School RIO TM
Project Proposal to IHE IHE ITI Representational State Transfer (REST) Transport Implementation Guide for Data Segmentation for Privacy (DS4P) Submitted.
NATE Blue Button Directory Detailed overview
EZ MESSENGER CUSTOMER portal training
Deployment Planning Services
Materials Engineering Product Data Management (ePDM)
Online Testing System Assessment Viewing Application (AVA)
Online Testing System Assessment Viewing Application (AVA)
Electronic Health Record
Online Testing System Assessment Viewing Application (AVA)
Online Testing System Assessment Viewing Application (AVA)
Online Testing System Assessment Viewing Application (AVA)
Reporter Training for High School RIOTM
Welcome Effective May 13, 2019 the following services will require an authorization through the KEPRO Atrezzo Portal: Code Modifier Description T1017 HF.
Using AIM (for Instructors)
Presentation transcript:

VA-SAMHSA DS4P Pilot Demonstrations Data Segmentation for Privacy Initiative Veterans Health Administration Healthcare Information Governance Emerging Health Technologies Advancement Center (EHTAC) HIMSS 2013 Interoperability Showcase Demonstration Playbook Duane DeCouteau Senior Software Engineer (Edmond Scientific)

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Table of Contents VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative SectionSlides Demonstration Overview3-6 Demonstration How-To7-14 Use Case: Emergency Treatment15-20 Use Case: Share Partial21-25 Use Case: Share All26-28 Use Case: Patient Changes Mind (Modifying Patient Consent) An Unexpected Interop: VA-SAMHSA and NetSmart 36 Things to Consider37

Tablets #1-3 (Primary) SAMHSA – VA Exchange VA Prototypic Portal Mitre Patient Consent FEIsystems REM Jericho PDP Emergency Use Case VA Direct – Third Party VA Prototypic Portal Mitre Patient Consent FEIsystems REM Jericho PDP VA Repository No Redisclosure Tablet #4 VA Direct – Third Party VA Prototypic Portal Jericho Patient Consent VA Repository Jericho PDP Tablet #5 VA Direct – Third Party VA Prototypic Portal HIPAAT Patient Consent VA Repository HIPAAT Policy Engine [ Bull Pen ] Kiosk 11-1 FEISystems REM (EHR) Clinical Rules Manager Privacy Rules Manager Security and Privacy Administration Security Labeling Service (SLS) Document Orchestration Detailed Access Control Information Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Platforms MobilityPrimary Presentation Station VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Supporting Patient Consent Management Systems Jericho Systems Patient Portal Mitre Corporation DS4P GUI MyConsentMinder VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Clinical and Use Configuration(s) PUI Asample Patientone, 42 Male Active Problems Type 2 Diabetes Asthma Cononary Atery Atheroma Hyperlipidemia Hypertension Acute HIV Substance Abuse Active Medications Bupropion Hydrochloride Zidovudine PUI Asample Patienttwo, 32 Male Active Problems Psychotic Disorder Persistent Alcohol Abuse Diabetes mellitus type 2 Sickle Cell Anemia Active Medications Thorazine Metformin Hydroxyurea PUI Asample Patienthree, 27 Female Active Problems Anorexia nervosa (disorder) Obsessive compulsive personality disorder (disorder) Active Medications Sertraline 20 MG/ML Oral Solution [Zoloft] [861066] PUI Asample Patienfour, 42 Male Active Problems Acute stress disorder (disorder) Major depressive disorder (disorder) Active Medications Sertraline 20 MG/ML Oral Solution [Zoloft] [861066] DrDuane/DrBurak/DrMike/DrMichael/DrDavid/DrKel – Asample Patientone Use Cases Share Partial Emergency Treatment DrMike/DrDuane - Asample Patienttwo Use Cases Share All DrDavid/DrMichael - Asample Patientthree Use Cases Patient Changes Mind DrKel/DrBurak - Asample Patientfour Patients VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative User/Use Case AssignmentsAdditional Patients JERICHO TEST – Patient Consent Only HIPAAT TEST – Patient Consent Only

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Basics VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Login Screen (Username and Password Provided by VA Development Team) Logout Option (System will automatically logout User after 30 minutes of inactivity)

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Basics VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Tablet Navigation Bar Test Patient Selection eHealth Exchange VA – SAMHSA Document Query and Document Retrieve eHealth Direct VA – SAMHSA – Third Party Providers Inbox of Processed Documents (Note: XDM Packages must be processed via Reference Model) Access Control Decisioning View: Policy Decision, Obligations, Generated Annotated Rules, Executed Rules User Profile/Credentials/Workflow (For Demonstration only Purpose of Use (POU) is allowed to be modified) Not Implemented Logout (End User Session)

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Basics VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Select and set context To Veteran patient Patient Selection

Execute Document Query Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Basics VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative View Request SAML Assertion View Meta data Document Search

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Basics VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Document Retrieve Retrieve Selected Document Decrypt Document Payload Decrypt Masked Entries View Transformed CDA Document View Document Retrieve SAML Assertion View Document Meta data (For Demonstration Purposes Only) Select Document to retrieve

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Basics VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Access Control Decisioning Log View Obligation(s) from Patient Consent USPrivacyLaw Organizational Policy View Rules executed based on contents of document being retrieved View Annotation Rules derived from Clinical Facts and Organizational Policy

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Basics VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Setting Purpose of Use (POU)

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Basics VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Providers eHealth Direct Inbox Note: Due to time limitations this capability was not implemented please utilize Reference Model test harness to load and process XDM packages. View contents of METADATA.xml Decrypt DOCUMENT.xml file if necessary (SAMHSA patients only) View HTML version of DOCUMENT.xml CDA file. Test/Validate No redisclosure without consent.

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Emergency Treatment (Break-the-glass) VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Use Case Scenario: The “test” Patient, a Veteran, is being seen at a VAMC Emergency Room for non-specific abdominal pain. The “test” Patient is also receiving un-related treatment at a 42CFRPart2 constrained organization. That patient has chosen to participate in eHealth Exchange and has created a Consent Directive authorizing participation as well are constraining specific components of their clinical record. Specifically the “test” patient wishes to REDACT Substance Abuse, Mental Health related observations, and MASK (for intended recipient eyes only) all findings related to HIV. The Emergency Room attending performs an eHealth Exchange document query and retrieve. Expected Outcome: Annotation of Document will occur with Document, Section, and Entry security labels being applied, NO actions of REDACTION or MASKING will be performed when Purpose of Use (POU) is Emergency Treatment (ETREAT). Authorization for disclosure is determined by POU, Organizational policy, and trust relationship between exchanging organizations (exchange of certificates). Document, in its entirety, is delivered for viewing to Emergency Room attending (requestor) with 42CFRPart2 WARNING and heightened auditing.

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Emergency Treatment (Break-the-glass) VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Step #1: From your tablet login to DS4PMobilePortal Step #2: Touch your profile button, “DrName” and change your POU to Emergency(this is normally a workflow event). Step #3: Touch “Patient List” and then select “Asample Patientone” from drop-down list. Step #4: Touch “eHealth Exchange” then touch “Search” button to perform cross-enterprise document query (VA-SAMHSA). Available documents are returned and visible for selection in table. Note: that no document annotation has occurred at this point only 1)an authorization to release to recipient and 2) available documents and meta data are returned. Step #5: Touch row of interest “Consult Notes” and then touch the “Retrieve Document” button.

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Emergency Treatment (Break-the-glass) VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Step #6: Note that the document has been delivered to the requestor in the Emergency Room in its Encrypted form per sending organizations DS4P policy. Step #7: Touch “X” button or anywhere to close “Document Retrieve Response” window. Step #8: Touch “Decrypt Document” to decrypt document payload. This step is for demonstration purposes only. Step #9: Note that contents of document are now revealed (in XML form) to requestor. Again this is a step is for demonstration purposes only.

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Emergency Treatment (Break-the-glass) VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Step #10: Touch the “View Clinical Document” button the 42CFRPart warning is displayed as well as the document. Note the document and section level tagging of “R” for restricted. And the entry level tag related to applicable policies. Substance Abuse (ETH), Mental Health Related (PSY), and HIV information is visible. Step #11: Touch the “Access Control Decisioning” button. In table touch most recent event related to your “Provider Id” and “Document Retrieve” service request.

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Emergency Treatment (Break-the-glass) VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Step #12: Touch the “Obligations” button, in the XACML Response window we see patient consent directives to REDACT ETH and PSY, and too MASK HIV. Additionally the organization is constrained by US Privacy Laws 42CFRPart2, Title32Section7332, and requires document handling of encryption. Step #13: Touch the Security Labeling Service “SLS Rules Generated” button. A list of all applicable/ available rules is shown, DRL is Drools Rule Language. The rules and the decomposed C32 are sent to the Drools Rule Engine for processing.

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Emergency Treatment (Break-the-glass) VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Step #14: Touch the Security Labeling Service “SLS Rules Executed” button. A list of all the rules that executed and results in a label being applied to a specific observation. Note: all disregard patient directives to REDACT and/or MASK. Step #15: RESET you session by setting your Purpose of Use (POU) in your user profile to “Treatment” see step #2 for further instructions.

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Share Partial VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Use Case Scenario: The “test” Patient, a Veteran, has been referred for a Monday morning follow up appointment with “DrName”. Over the weekend our “test” patient updates their consent directive to include “DrName” as an authorized recipient. Remember our patient’s consent directive constrains specific components of their clinical record. Specifically the “test” patient wishes to REDACT Substance Abuse, Mental Health related observations, and MASK (for intended recipient eyes only) all findings related to HIV. Prior to seeing our test patient “DrName” performs a eHealth Exchange document query. Expected Outcome: Annotation of Document will occur with Document, Section, and Entry security labels being applied, Actions of REDACTION or MASKING will be performed. Authorization for disclosure is determined by, provider ID, POU, Credentials, Sensitivity Permissions, Organizational policy, and trust relationship between exchanging organizations (exchange of certificates). Document, fully annotated (REDACT/LABEL/MASK/ENCRYPT) is delivered to “DrName”.

Step #1: From your tablet login to DS4PMobilePortal Step #2: Touch your profile button, “DrName” and change your POU to Treatment(this is normally a workflow event). Step #3: Touch “Patient List” and then select “Asample Patientone” from drop-down list. Step #4: Touch “eHealth Exchange” then touch “Search” button to perform cross-enterprise document query (VA-SAMHSA). Available documents are returned and visible for selection in table. Note: that no document annotation has occurred at this point only 1)an authorization to release to recipient and 2) available documents and meta data are returned. Step #5: Touch row of interest “Consult Notes” and then touch the “Retrieve Document” button. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Share Partial VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Share Partial VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Step #6: Note that the document has been delivered to the requestor in its Encrypted form per sending organizations DS4P policy. Step #7: Touch “X” button or anywhere to close “Document Retrieve Response” window. Step #8: Touch “Decrypt Document” to decrypt document payload. This step is for demonstration purposes only. Step #9: Note that contents of document are now revealed (in XML form) to requestor. Again this is a step is for demonstration purposes only.

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Share Partial VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Step #10: Touch the “View Clinical Document” button. The 42CFRPart warning is displayed as well as the document. Note the document and section level tagging of “R” for restricted. And that one problem list item, and one medication have been MASKED. Substance Abuse (ETH) and Mental Health Related (PSY) findings have been REDACTED. Step #11: Touch the “Decrypt Doc and Entries” button. Assuming your user has necessary permissions you will receive the key and be able to decrypt the MASKED entries. This step is for demonstration purposes only. Close the XML display. Step #12: Touch the “View Clinical Document” button. The two (2) MASKED entries are revealed to the user. In this case Acute HIV, and the AZT equivalent medication were previously hidden from users view.

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Share Partial VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Step #12: Touch the “Access Control Decisioning” button. Step #13: Touch to select most recent “DocumentRetrieve” service request associated with your provider ID in the log table. Step #14: Touch the Security Labeling Service “SLS – Rules Generated” button. Note that rules now take into account the patients wishes to REDACT or MASK aspects of their clinical record. Patient Constraint SNOMED-CT code Sensitivity LabelConfidentiality Label Action US Privacy Law Refrain Policy Document Handling

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Share All VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Use Case Scenario: The “test” Patient, a Veteran, has been referred to an orthopedic surgeon “DrName” at the VAMC in Helena, MT. The “test” Patient is also receiving un-related treatment at a 42CFRPart2 constrained organization. That patient has chosen to participate in eHealth Exchange and has created a Consent Directive authorizing participation and disclosure to “DrName”. The patient has no concerns in regards to sharing his/her clinical information fully with DrName. Expected Outcome: Annotation of Document will occur with Document, Section, and Entry security labels being applied, Actions of REDACTION or MASKING will be performed IF REQUIRED. Authorization for disclosure is determined by, provider ID, POU, Credentials, Sensitivity Permissions, Organizational policy, and trust relationship between exchanging organizations (exchange of certificates). Document, fully annotated (REDACT/LABEL/MASK/ENCRYPT) is delivered to “DrName”.

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Share All VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Step #1: From your tablet login to DS4PMobilePortal Step #2: Touch your profile button, “DrName” and make sure your POU is set to Treatment(this is normally a workflow event). Step #3: Touch “Patient List” and then select “Asample Patienttwo” from drop-down list. Repeat Step #4 thru #10 from Share Partial Use Case Note when viewing clinical document. No masking is present and PSY, ETH, SICKLE Cell Anemia, disorders and medications are visible.

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Share All VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Step #11: Touch the “Access Control Decisioning” button. Step #12: Touch to select most recent “DocumentRetrieve” service request associated with your provider ID in the log table. Step #13: Touch “Obligations” button. Note that there are no patient constraints present. Step #14: Touch the Security Labeling Service “SLS – Rules Generated” button. Note that rules now take into account that no patient constraints are present and are entirely based on organizational policy.

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Patient Changes Mind (Modifying Patient Consent) VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Use Case Scenario: The “test” Patient, a Veteran, is currently receiving treatment for PTSD from “DrDavid” at the VAMC in Helena, MT. The “test” Patient is also receiving un-related treatment at a 42CFRPart2 constrained organization. That patient has chosen to participate in eHealth Exchange and has created a Consent Directive authorizing participation and disclosure to “DrDavid” with no constraints. The patient initially has no concerns in regards to sharing his/her clinical information fully with “DrDavid”. At some point in the future our “test” patient fells uncomfortable seeing “DrDavid” and is switched to another Mental Health Provider at the VAMC. After some consideration our “test” patient decides to alter their VA consent directive to disallow access “DrDavid” both locally and across the eHealth Exchange. Expected Outcome: Annotation of Document will occur with Document, Section, and Entry security labels being applied, Actions of REDACTION or MASKING will be performed IF REQUIRED. Authorization for disclosure is determined by, provider ID, POU, Credentials, Sensitivity Permissions, Organizational policy, and trust relationship between exchanging organizations (exchange of certificates). Initially the Document, fully annotated (REDACT/LABEL/MASK/ENCRYPT) is delivered to “DrDavid”. After the “test” patient changes their consent directive to disallow “DrDavid” access, “DrDavid” Is no longer able to receive necessary authorizations to request or view the patients record. Note: This use case example of patient changes mind has had its scope minimized. Only Jericho was able to provide a patient effacing Consent Tool, services, XDS.b repository, and integrate prior to HIMSS. And Consent Directives stored in SAMHSA XDS.b repository were actually generated by VA services without benefit of a patient tool. There are still some issues to be worked out between VA/SAMHSA and Jericho in regards to this portion of the demonstration.

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Patient Changes Mind (Modifying Patient Consent) VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Step #1: From your tablet login to DS4PMobilePortal as “DrDavid” Step #2: Touch your profile button, “DrDavid” and make sure your POU is set to Treatment(this is normally a workflow event). Step #3: Touch “Patient List” and then select “Asample Patientthree” from drop-down list. Repeat Step #4 thru #10 from Share Partial Use Case Note when viewing clinical document, that masked entries exists in both Problem List and Medications.

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Patient Changes Mind (Modifying Patient Consent) VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Step #11: Touch the “Decrypt Doc and Entries”. Masked entries are decrypted and XML document is displayed. This step is for demonstration purposes only. Close window. Step #12: Touch “View Clinical Document” button. Note that EHT and PSY findings are now visible to “DrDavid”.

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Patient Changes Mind VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Step #11: Touch the “Access Control Decisioning” button. Note that authorization decisions occurred for DocumentQuery, DocumentRetrieve, DocumentEntryUnMask, and DocumentView. Change Asample Patientthree’s VA Consent Directive Step #12: Login into Jericho Systems Patient Portal as “Asample Patientthree”. Note that Dr. David has been authorized to view our test patients records with no constraints.

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Patient Changes Mind (Modifying Patient Consent) VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Step #13: Click on the “Update” button next to “Dr. David” Step #14: Click on “Block all personal health information.” Then click on “Continue” button. Step #15: Click on “Authorize & Sign” button.

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Patient Changes Mind (Modifying Patient Consent) VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Step #16: Sign the draft consent directive making it authoritative by entering in username and password and selecting an end date. Step #17: Click on “Sign Draft” button. Step #18: Note the access for Dr. David is now blocked. Logout of Jericho Systems “Patient Portal”.

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Patient Changes Mind (Modifying Patient Consent) VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Step #19: From the DS4PMobilePortal Touch the “eHealth Exchange” button then Touch “Search” button. DrDavid receives a “You do not have the necessary authorization privileges to perform this operation”. Step #20: Touch “Access Control Decisioning” button. Note the DrDavid’s DocumentQueryOut request have been denied.

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 An Unexpected Interop: VA-SAMHSA and NetSmart VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Should we be concerned? During the HIMSS Interoperability Showcase the VA-SAMHSA team was asked to perform an impromptu Interop with the NetSmart DS4P Pilot. VA-SAMHSA team provided NetSmart their Direct HealthVault (development sandbox) address, requirements for an XDM attachment, and a example of the METADATA being produced by SAMHSA (FEISystems). The first attempt to process the XDM package failed due to the structure of the zip file. NetSmart delivered a new direct message the following day. The direct xdm package was able to be received by the VA developed XDMProcessingService (web service) but failed the Collection phase as it was unable to identify intended recipient to determine permissions for persisting the data. This implied there was a disconnect in METADATA being asserted. The interop was set aside until after the conference. Upon my return home I disabled the permission check during collection phase and manually persisted the intended recipient info after the fact. Allowing the document and its METADATA to be stored. To the right is the CCD received from NetSmart.

Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Things to Consider…. VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration Data Segmentation for Privacy Initiative Need to revisit METADATA being exchange between organizations. Cart before the horse problem, should HCS be engaged during DocQuery? This is only an issue when an organization annotates the document in real-time. XACML is good for enforcing obligations and refrain policies. But not for determining them. Key exchange between organizations. The OASIS XSPA standards and IHE XUA++ need to be updated to reflect outcomes of pilot. When embedding an XACML policySet in the CDA R2 Consent Directive, which the VA-SAMHSA pilot relied heavily on, a minimum set of policies and resources needs to be recommended.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.