What IHE Delivers Basic Patient Privacy Consents HIT-Standards – Privacy & Security Workgroup John Moehrke GE Healthcare.

Slides:



Advertisements
Similar presentations
September, 2011What IHE Delivers Cross-enterprise Workflow Management (XDW profile) IT Infrastructure Planning Committee Luca Zalunardo, Arianna Cocchiglia.
Advertisements

IHE IT Infrastructure Domain Update
What IHE Delivers Basic Patient Privacy Consents HIT-Standards – Privacy & Security Workgroup John Moehrke GE Healthcare.
IHE IT Infrastructure Outreach to Patient Care Coordination Domain Michael Nusbaum IT Infrastructure Planning Committee December 13 th, 2010.
September, 2005What IHE Delivers 1 Basic Patient Privacy Consents (BPPC) IHE Vendors Workshop 2006 IHE Patient Care Coordination Education
September, 2005What IHE Delivers 1 Presenters: Keith W. Boone, John Donnelly, Larry McKnight, Dan Russler IHE Patient Care Coordination.
XDS Security ITI Technical Committee May 27, 2006.
IHE IT Infrastructure Domain Update
September, 2005What IHE Delivers 1 Karen Witting IBM Cross-Community: Peer- to-Peer sharing of healthcare information.
Texas Consent Management: A Case Study in the Use of IHE Profiles Eric Heflin Chief Technology Officer Texas Health Services Authority.
Extending XDW in Cross-Community Editor: Charles Parisot Notes for the March 19 th, 2013 – ITI Tech Committee.
Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.
Slide 1 Sharing Images without CDs, The Next Imaging Sea Change GE Healthcare Chris Lindop GE Healthcare Interoperability & Standards.
Distributing Images: Cross-enterprise Document Sharing for Imaging (XDS-I) Access to Radiology Information (ARI) Retrieve Information for Display (RID)
Consumer Privacy using HITSP TP30 John Moehrke – GE Healthcare Co-Chair HITSP Security/Privacy/Infrastructure Co-Chair HL7 Security Workgroup Member IHE.
1 Charles Parisot, GE Healthcare IHE IT Infrastructure Planning Committee Co-chair IHE Update to DICOM.
Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.
IHE Radiology –2007What IHE Delivers 1 Christoph Dickmann IHE Technical Committee March 2007 Cross Domain Review PCC.
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.
IHE QRPH Maternal and Child Health IHE Webinar Series Lori Fourquet e-HealthSign LLC.
Patient Care Coordination Tone Southerland Greenway Medical Technologies Co-chair, IHE PCC Marcia Veenstra Senior Health Inc. Co-chair, IHE PCC Nursing.
September, 2005What IHE Delivers 1 Presenters: Keith W. Boone, John Donnelly, Larry McKnight, Dan Russler IHE Patient Care Coordination.
What IHE Delivers Security and Privacy Overview & BPPC September 23, Chris Lindop – IHE Australia July 2011.
Publication and Discovery XDS IHE IT Infrastructure Webinar Series.
XDS Security ITI Technical Committee May 26, 2006.
Cross-Enterprise User Assertion IHE Educational Workshop 2007 Cross-Enterprise User Assertion IHE Educational Workshop 2007 John F. Moehrke GE Healthcare.
September, 2005What IHE Delivers 1 Key Image Notes Evidence Documents Simple Image & Numeric Report Access to Radiology Information IHE Vendors Workshop.
December, 2012Cross-Organizations eHealth Workflows XDW (Cross-Enterprise Document Workflow) & XBeR-WD (Cross-Enterprise Basic eReferral Workflow Definition)
September, 2005What IHE Delivers 1 Patient Care Coordination IHE Europe Workshop 2007 IHE Patient Care Coordination Charles Parisot, GE Healthcare.
IHE Radiology –2007What IHE Delivers 1 Ellie Avraham IHE Technical Committee May 23, 2007 Cross Domain Review Laboratory.
IHE CDA Templates HL7 UK 2007 Keith W. Boone Interoperability Architect, GE Healthcare Co-chair, IHE Patient Care Coordination TC Co-chair, HL7 Structured.
IHE IT Infrastructure Domain Update Karen Witting – IBM IT Infrastructure Technical Committee co-chair.
November, 2012What IHE Delivers XDW (Cross-Enterprise Document Workflow) & XBeR-WD (Cross-Enterprise Basic eReferral Workflow Definition) Workflow Management.
Sharing Value Sets (SVS Profile) Ana Estelrich GIP-DMP.
Data Segmentation for Privacy Agenda All-hands Workgroup Meeting May 9, 2012.
HIT Standards Committee Privacy and Security Workgroup: Privacy and Security Workgroup: Update Dixie Baker, SAIC Steve Findlay, Consumers Union March 24,
Bill Majurski National Institute of Standards and Technology (NIST)‏ IT Infrastructure: Profiles for Health Information Exchange.
Dynamic Document Sharing Detailed Profile Proposal for 2010 presented to the IT Infrastructure Technical Committee Karen Witting November 10, 2009.
Key Issues of Interoperability in eHealth Asuman Dogac, Marco Eichelberg, Tuncay Namli, Ozgur Kilic, Gokce B. Laleci IST RIDE Project.
Pathfinding Session: IT Infrastructure and Patient Care Coordination IHE North America Webinar Series 2008 John DonnellyMichael Nusbaum Patient Care CoordinationIT.
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Education Workshop 2007 IHE IT Infrastructure Education John Moehrke GE Healthcare.
IHE IT Infrastructure Domain Update Karen Witting – IBM IT Infrastructure Planning Committee co- chair.
Pathfinding Session: IT Infrastructure and Patient Care Coordination IHE North America Webinar Series 2008 John DonnellyMichael Nusbaum Patient Care CoordinationIT.
1 Healthcare Information Technology Standards Panel Care Delivery - IS01 Electronic Health Record (EHR) Laboratory Results Reporting July 6, 2007.
Cross-Enterprise User Authentication John F. Moehrke GE Healthcare IT Infrastructure Technical Committee.
Dynamic Data Brief Profile Proposal for 2009/10 presented to the IT Infrastructure Planning Committee Karen Witting September 30, 2009.
Publication and Discovery XDS and DSUB IT Infrastructure Planning Committee Ilia Fortunov - Microsoft.
XDS Security ITI Technical Committee May 27, 2006.
1 IHE ITI White Paper on Authorization Rough Cut Implementation Opportunities for BPPC Dr. Jörg Caumanns, Raik Kuhlisch, Olaf Rode Berlin,
September, 2005What IHE Delivers 1 Basic Patient Privacy Consents IHE Educational Workshop 2007 John Moehrke GE Healthcare Lori Fourquet e-HealthSign LLC.
September, 2005What IHE Delivers 1 IHE Changing the Way Healthcare Connects in COMMUNITIES HIMSS Interoperability Showcase February 2007 Keith Boone (GE),
September, 2005What IHE Delivers 1 Presenters Scanned Documents.
IHE IT Infrastructure Domain Update Karen Witting – IBM IT Infrastructure Technical Committee co-chair.
© Gottfried Heider 1 The Austrian Use Case: eCard The eCard Project: giving an electronic card to everyone for accessing personal health record From patients.
Dynamic/Deferred Document Sharing (D3S) Profile for 2010 presented to the IT Infrastructure Technical Committee Karen Witting February 1, 2010.
Cross-enterprise Basic eReferral Workflow Definition (XBeR-WD) Brief Profile Proposal for 2011/12 presented to the PCC Technical Committee Luca Zalunardo,
Cross-Enterprise User Authentication Year 2 March 16, 2006 Cross-Enterprise User Authentication Year 2 March 16, 2006 John F. Moehrke GE Healthcare IT.
September, 2005What IHE Delivers 1 Basic Patient Privacy Consents IHE Educational Workshop 2007 John Moehrke Lori Forquet.
September, 2005What IHE Delivers 1 Basic Patient Privacy Consents IHE Educational Workshop 2007 John Moehrke GE Healthcare Lori Fourquet e-HealthSign LLC.
Cross-Enterprise Document Sharing (XDS) Bill Majurski IT Infrastructure National Institute of Standards and Technology.
September, 2005What IHE Delivers 1 Sarah Knoop XDS-SD Scanned Documents.
XDS Security ITI Technical Committee May, XDS Security Use Cases Prevent Indiscriminate attacks (worms, DOS) Normal Patient that accepts XDS participation.
The Patient Choice Technical Project Dataset Considerations Candidate Standards Mapping Companion Document April 12 th, 2016.
Dynamic/Deferred Document Sharing (D3S) Profile for 2010 presented to the IT Infrastructure Technical Committee Karen Witting February 1, 2010.
Eclipse Foundation, Inc. Eclipse Open Healthcare Framework v1.0 Interoperability Terminology HL7 v2 / v3 DICOM Archetypes Health Records Capture Storage.
IT Infrastructure Plans
IHE Security XDS as a case study
Patient Care Coordination
IHE: Integrating the Healthcare Enterprise
Presentation transcript:

What IHE Delivers Basic Patient Privacy Consents HIT-Standards – Privacy & Security Workgroup John Moehrke GE Healthcare

2 What do Standards Define? Policy  Driven by business goals  Informed by Risk Assessments  Defines rights and responsibilities  Defines punishment Process  Enforces policy  How people or organizations act  who / what / where / when / how Technology  Enforces policy  How equipment should act  Algorithms and data formats Policy Process Technology

3 Before (2006) One Policy for the XDS Affinity Domain (HIE) Patient doesn’t agree  Don’t publish VIP Patient  Don’t publish Sensitive Data  Don’t publish Research Use  No Access

4 Basic Patient Privacy Consents Human Readable Machine Processable Characteristics of a CDA “Document” Multiple Consent Types and Documents (e.g., HIPAA) Wet Signature Capture (i.e. XDS-SD) Digital Signature Capture Possible (i.e. DSG)  Provider, Witness, Patient or Legal Representative Extensible

5 Document Content & Modes of Exchange Document Exchange Integration Profiles Document Sharing XDS Media Interchange XDM Reliable Interchange XDR Document Content Profiles Consent BPPC Emergency EDR Pre Surgery PPH P Scanned Doc XDS-SD Laboratory XD*-Lab PHR Exchange XPHR Discharge & Referrals XDS-MS Imaging XDS-I Cross-Community Access XCA

6 Value Proposition An XDS Affinity Domain (RHIO, HIE)  Develop a set of privacy policies,  Each policy is given a number (OID)  Implement them with role-based or other access control mechanisms supported by EHR systems. A patient can  Be made aware of the privacy policies.  Have an opportunity to selectively acknowledge the from the policies presented  Have control over access to their healthcare information.

7 Written Policy Example The patient agrees to share their healthcare data to be accessed only by doctors wearing a chicken costume.

8 BPPC supportable Consents Explicit Opt-In is required which enables HIE allowed document use Explicit Opt-Out that would prevent all use of their documents Implicit Opt-In allows for document use Explicit Opt-Out of any document publication Explicit Opt-Out of sharing outside of local event use, but does allowing emergency override Explicit Opt-Out of sharing outside of local event use, and without emergency override Explicit authorization that would allow specific research project Change the consent policy (change from opt-in to opt-out) Allow direct use of the document, but not re-publishing Enable use of document retrieval across communities using XCA Explicit individual policy for opt-in at each clinic Explicit individual policy for opt-in for a PHR choice Explicit Opt-In for a period of time (episodic consent)

9 HHS Whitepaper on Consent (March 2010) No consent. Health information of patients is automatically included—patients cannot opt out; Opt-out. Default is for health information of patients to be included automatically, but the patient can opt out completely; Opt-out with exceptions. Default is for health information of patients to be included, but the patient can opt out completely or allow only select data to be included; Opt-in. Default is that no patient health information is included; patients must actively express consent to be included, but if they do so then their information must be all in or all out; and Opt-in with restrictions. Default is that no patient health information is made available, but the patient may allow a subset of select data to be included.

10 Characteristic of a CDA document PersistenceStewardship Potential for authentication ContextWholeness Human readability A CDA document is a defined and complete information object that can include text, images, sounds, and other multimedia content.

11 Capturing the Patient Consent act One of the Affinity Domain Consent policies CDA document captures the act of signing  Effective time (Start and Sunset)  templateID – BPPC document  XDS-SD – Capture of wet signature from paper  DSIG – Digital Signature (Patient, Guardian, Clerk,System) XDS Metadata  classCode – BPPC document  eventCodeList – the list of the identifiers of the AF policies  confidentialityCode – could mark this document as sensitive

12 Scanned Document details Privacy Consent details Policy S S t t r r u u c c t t u u r r e e d d C C o o n n t t e e n n t t w w i i t t h h c c o o d d e e d d s s e e c c t t i i o o n n s s : : Structured and Coded CDA Header Time of Service, etc. Base64 encoded XDS-MS + XDS-BPPC + XDS-SD Patient, Author, Authenticator, Institution, XDS Metadata: Consent Document Digital Signature IHE-DSG – Digital Signature Signature value Pointer to Consent document Consent document

13 Standards and Profiles Used HL7 CDA Release 2.0 IHE - XDS Scanned Documents  PDF/A - ISO b IHE - Document Digital Signature  XML-Digital Signature, XadES IHE - Cross Enterprise Document Sharing IHE - Cross Enterprise Sharing on Media IHE - Cross Enterprise Reliable Interchange IHE - Cross Community Access

14 Using documents XDS Registry Stored Query Transaction  Consumer may request documents with specific policies  Filtered response XDS Consumer Actor  Informed about confidentialityCodes -- Metadata  Knows the user, patient, setting, intention, urgency, etc.  Enforces Access Controls (RBAC) according to confidentiality codes  No access given to documents marked with unknown confidentiality codes

15 XDR & XDM XDR & XDM Same responsibilities Should include copy of relevant Consents Importer needs to coerce the confidentiality codes Need to recognize that in transit the document set may have been used in ways inconsistent (e.g. Physical Access Controls)

16 Informed by Privacy Policy Standards ISO IS22857 Trans-border Flow of Health Information ISO TS Privilege Management and Access Control (Parts 1, 2, draft 3) ASTM E1986 Standard Guide for Information Access Privileges to Health Information

17 Active Standards Work OASIS  Profile for how to express attributes in cross-organization (SAML, XACML, WS-Trust, WS-Federation, WS-Policy) HL7  Standard for Consent Directive Document  Ontology for Security and Privacy (Permissions, Sensitivity, Healthcare User Roles, etc)  Identified Privacy Policy Reference Catalog (opt-in, opt-out, ++)  SOA model for Privacy/Security Access Control as a Service IHE  White Paper on overall Access Control Model for healthcare  Updates to XUA profile to recognize user attributes such as role, intended- use, authentication level of assurance. ISO  ISO14265: Classification of purposes for processing personal health information

What IHE Delivers Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.