Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Patient as Steward of Healthcare Data Managing Consent Preferences John D. Halamka MD Louis Sullivan Lecture.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "The Patient as Steward of Healthcare Data Managing Consent Preferences John D. Halamka MD Louis Sullivan Lecture."— Presentation transcript:

1 The Patient as Steward of Healthcare Data Managing Consent Preferences John D. Halamka MD Louis Sullivan Lecture

2 Privacy is the Final Frontier  How do we record patient preferences about information sharing?  How do we transfer consent preferences among payers, providers, labs, pharmacies, personal health record vendors and other stakeholders?  How do we manage continually changing privacy preferences, situations and use cases?

3 1998 – Payer/Provider data exchange Health Insurance Portability and Accountability Act (HIPAA)‏

4 2004 – Provider/Provider data exchange Regional Health Information network Organizations (RHInOs)‏

5 2008 – The Patient as Data Steward  Consent Assertion Markup Language (CAML)‏

6 How it might work?  A Consent Wizard, available as an open source web application, codifies all the consent options inventoried by HISPC  The output of the Consent Wizard is a transportable XML representation of patient preferences that can be hosted by a payer, a PHR, or a RHIO and used to guide all information exchange

7 Flavors of Consent  Opt-Out = data is exchanged by default unless restricted by the patient  Opt-In = data is not exchanged by default until the patient consents  Quilted = a subset of data is exchanged with patient consent based on institution, data user, data producer, and situation

8 Scope of Consent  Institution –Opt Out = I do not wish the information at this institution to be shared –Opt In = I agree to share all information from this institution –Quilted = I agree to share my medications and labs but not my problem list and notes from this institution

9 Scope of Consent  Data User –Opt Out = I do not want to participate in this research study –Opt In = I want my data used by all stakeholders with audit protections, to optimize my health –Quilted = I want all my data shared with emergency providers, primary care physicians, payers and public health agencies, but not with pharmaceutical firms

10 Scope of Consent  Data Producer –Opt Out = I do not want my laboratory records shared –Opt In = I want my data from labs, pharmacies and payers shared with providers –Quilted = I want my pharmacy records shared except medications used for mental health, HIV, and substance abuse treatment

11 Scope of consent  Situation –Opt Out = I do not want my data shared for simple office visits with one-time providers i.e. out of town visit to an urgent care for a small laceration repair –Opt In = I want my data shared for all care situations –Quilted = I want my data shared for all emergency visits but not for routine care

12 How it might appear

13 How it might appear

14 What this means  I opt-in to share all my data from Beth Israel Deaconess Medical Center  I opt-out of participating in a clinical trial at Harvard Clinical Research Institute  I opt-in to sharing my Walgreens prescription data except mental health medications  I opt-in to sharing all data (including mental health medications) for emergency care

15 The devil is in the details  The Consent Wizard would need to enforce integrity of consent options to avoid conflicting preferences i.e. patients cannot both opt-out and opt-in for data sharing with the same data user and situation  A hierarchy must be created to ensure consistent interpretation of complex consent such as situation > institution > data user > data producer i.e. an opt-in for emergency department data sharing overrides data producer opt-outs

16 How could this be implemented?  A Payer implements a patient portal which hosts the Consent Wizard and authenticates the patient. When a provider does a 270/271 transaction, the CAML data is returned with the 271 response or is available as a 275 claims attachment

17 How could this be implemented?  A Personal Health Record vendor provides the Consent Wizard to patients but does not need to verifiably authenticate the patient. When the patient 'authenticates' with the provider during the care registration process, the patient provides the PHR vendor name and account information needed to access their CAML data

18 How could this be implemented?  A RHIO, on behalf of the community, hosts the Consent Wizard and provides access to the CAML records of the community

19 Next steps  Consideration by the AHIC Security and Privacy Working Group  If AHIC proposes a use case, then SDOs would need to work on CAML or adapt XACML (existing standard for access control) to support CAML principles  Pilot projects for Consent Wizard development

Download ppt "The Patient as Steward of Healthcare Data Managing Consent Preferences John D. Halamka MD Louis Sullivan Lecture."

Similar presentations

Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.

Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.
A Plan for a Sustainable Community Behavioral Health Information Network Western States Health-e Connection Summit & Trade Show September 10, 2013.

A Plan for a Sustainable Community Behavioral Health Information Network Western States Health-e Connection Summit & Trade Show September 10, 2013.
Chapter 11 by Dee McGonigle, Kathleen Mastrian, and Nedra Farcus

Chapter 11 by Dee McGonigle, Kathleen Mastrian, and Nedra Farcus
HEALTH HOMES HEALTH HOMES TECHNOLOGY SIMULATION WORKSHOP Ron HendlerNish Thakker.

HEALTH HOMES HEALTH HOMES TECHNOLOGY SIMULATION WORKSHOP Ron HendlerNish Thakker.
SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.

SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.
Enforceable Specification of Privacy Peter Mork Jean Stanford CEM IR&D.

Enforceable Specification of Privacy Peter Mork Jean Stanford CEM IR&D.
Massachusetts: Transforming the Healthcare Economy John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.

Massachusetts: Transforming the Healthcare Economy John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.
A Primer on Healthcare Information Exchange John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.

A Primer on Healthcare Information Exchange John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.
Inter-institutional Data Sharing, Standards and Legal Arthur Davidson, MD, MSPH Agency for Healthcare Research and Quality, Washington, DC June 9, 2005.

Inter-institutional Data Sharing, Standards and Legal Arthur Davidson, MD, MSPH Agency for Healthcare Research and Quality, Washington, DC June 9, 2005.
Consumer Privacy using HITSP TP30 John Moehrke – GE Healthcare Co-Chair HITSP Security/Privacy/Infrastructure Co-Chair HL7 Security Workgroup Member IHE.

Consumer Privacy using HITSP TP30 John Moehrke – GE Healthcare Co-Chair HITSP Security/Privacy/Infrastructure Co-Chair HL7 Security Workgroup Member IHE.
NewYork-Presbyterian System SelectHealth – an HIV Special Needs Plan (SNP) The Challenge.... 1400 people living with HIV and receiving care from a multitude.

NewYork-Presbyterian System SelectHealth – an HIV Special Needs Plan (SNP) The Challenge people living with HIV and receiving care from a multitude.
Working Session 4: Quality and Efficiency Expanding the Use of Healthcare IT: The United States Initiative and the Development of Healthcare IT in Japan.

Working Session 4: Quality and Efficiency Expanding the Use of Healthcare IT: The United States Initiative and the Development of Healthcare IT in Japan.
The Final Standards Rule John D. Halamka MD. Categories of Standards Content Vocabulary Privacy/Security.

The Final Standards Rule John D. Halamka MD. Categories of Standards Content Vocabulary Privacy/Security.
HIE Implementation in Michigan for Improved Health As approved by the Michigan Health Information Technology Commission on March 4, 2009.

HIE Implementation in Michigan for Improved Health As approved by the Michigan Health Information Technology Commission on March 4, 2009.
Clinician or proxy Public Health Patient or proxy Business Actors Sys Admin Outside Systems Clinical Results Source Systems Registration Systems Claims.

Clinician or proxy Public Health Patient or proxy Business Actors Sys Admin Outside Systems Clinical Results Source Systems Registration Systems Claims.
Florida HIE Overview Child Development Screening Task Force March 23, 2012.

Florida HIE Overview Child Development Screening Task Force March 23, 2012.
© 2010 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2010 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
1 Health Information Security and Privacy Collaboration (HISPC) National Conference HISPC Contributions to Massachusetts HIE Privacy and Security Progress:

1 Health Information Security and Privacy Collaboration (HISPC) National Conference HISPC Contributions to Massachusetts HIE Privacy and Security Progress:
HITSP’s Scope  The Panel’s mission is to assist in the development of a Nationwide Health Information Network (NHIN) by addressing the standards-related.

HITSP’s Scope  The Panel’s mission is to assist in the development of a Nationwide Health Information Network (NHIN) by addressing the standards-related.
Medical Law and Ethics Lesson 4: Medical Ethics

Medical Law and Ethics Lesson 4: Medical Ethics

Similar presentations

Ads by Google