Presentation is loading. Please wait.

Presentation is loading. Please wait.

September, 2005What IHE Delivers 1 Basic Patient Privacy Consents IHE Educational Workshop 2007 John Moehrke Lori Forquet.

Published byMae Lyons Modified over 8 years ago

Similar presentations

Presentation on theme: "September, 2005What IHE Delivers 1 Basic Patient Privacy Consents IHE Educational Workshop 2007 John Moehrke Lori Forquet."— Presentation transcript:

1 September, 2005What IHE Delivers 1 Basic Patient Privacy Consents IHE Educational Workshop 2007 John Moehrke Lori Forquet

2 2 Basic Patient Privacy Consents XDS-MS Medical Documents Medical Summaries Referral Discharge Summary BCCP Consent EDR Emergency Department Referral PPHP Preprocedure History and Physical History and Physical XPHR PHR Update XDS-LAB Lab Report PHR Extract BCCP Consent

3 3 What do Standards Define? Policy  Driven by business goals  Informed by Risk Assessments  Defines rights and responsibilities  Defines punishment Process  Enforces policy  How people or organizations act  who / what / where / when / how Technology  Enforces policy  How equipment should act  Algorithms and data formats Policy Process Technology

4 4 Before One Policy for the Affinity Domain Patient doesn’t agree  Don’t publish VIP Patient  Don’t publish Sensitive Data  Don’t publish Research Use  No Access

5 5 Basic Patient Privacy Consents Small number of pre-coordinated Affinity Domain Privacy Consent  Patient can choose which ones to agree to Data is classified and published under the authority of a specific Privacy Consent Data is used in conformance with original Privacy Consent Applicable for XD* mechanism

6 6 Abstract The Basic Patient Privacy Consents (BPPC) profile provide mechanisms to:  Record the patient privacy consent(s),  Mark documents published to XDS/XDR/XDM with the patient privacy consent(s) that was used to authorize the publication,  Enforce the privacy consent(s) appropriate to the use.

7 7 XD* OPTIONS XDS Document Source XDS Document Consumer XDR Document Source XDR Document Recipient XDM Document Sources XDM Document Receivers Nothing new for XDS Registry and Repository

8 8 Key Technical Properties Human Readable Machine Processable Supports standards-based Access Controls Multiple Consent Types and Documents (e.g., HIPAA)  Opt-in or Opt-out  Implicit or Explicit  Time Limited Wet Signature Capture (i.e. XDS-SD) Digital Signature Capture Possible (i.e. DSG)  Provider, Witness, Patient or Legal Representative Extensible

9 9 Value Proposition An Affinity Domain (RHIO, HIE)  develop a set of privacy policies,  and implement them with role-based or other access control mechanisms supported by EHR systems. A patient can  Be made aware of the privacy policies.  Have an opportunity to selectively control access to their healthcare information.

10 10 Standards and Profiles Used CDA Release 2.0 XDS Scanned Documents Document Digital Signature Cross Enterprise Document Sharing Cross Enterprise Sharing on Media Cross Enterprise Sharing with Reliable Messaging

11 September, 2005What IHE Delivers 11 Deeper Dive

12 12 Value Proposition An Affinity Domain (RHIO, HIE)  develop a set of privacy policies. For Example: No HIE use allowed (e.g. Opt-Out) No HIE use allowed (e.g. Opt-Out) All clinical use (e.g. Opt-In) All clinical use (e.g. Opt-In) Restricted to Assigned Clinician + Emergency Mode Restricted to Assigned Clinician + Emergency Mode Emergency Data Set Emergency Data Set De-Identified document De-Identified document  Each policy is given a number (OID)  implement them with role-based or other access control mechanisms supported by EHR systems.

13 13 Capturing the Patient Consent act One of the Affinity Domain Consent policies CDA document captures the act of signing  Effective time (Start and Sunset)  XDS-SD – Capture of wet signature from paper  DSIG – Digital Signature (Patient, Guardian, Clerk, System) XDS Metadata  templateId – BPPC document  eventCodeList – the list of the identifiers of the AF policies  confidentialityCode – could mark this document as sensitive

14 14 Scanned Document details Privacy Consent details Policy 9.8.7.6.5.4.3.2.1 S S t t r r u u c c t t u u r r e e d d C C o o n n t t e e n n t t w w i i t t h h c c o o d d e e d d s s e e c c t t i i o o n n s s : : Structured and Coded CDA Header Time of Service, etc. Base64 encoded XDS-MS + XDS-BPPC + XDS-SD Patient, Author, Authenticator, Institution, XDS Metadata: Consent Document Digital Signature IHE-DSG – Digital Signature Signature value Pointer to Consent document Consent document

15 15 Marking all XDS Documents Use Affinity Domain well formed vocabulary Indicated in XDS Metadata – confidentialityCode  List of appropriate-use consents  OR logic Registry rejects non-conformant confidentialityCodes Affinity Domain Policy must indicate rules for publishing documents with codes for which the patient has not specifically consented to.

16 16 Using documents XDS Registry Stored Query Transaction  Consumer may requests documents with specific policies  Filtered response XDS Consumer Actor  Informed about confidentialityCodes -- Metadata  Knows the user, patient, setting, intention, urgency, etc.  Enforces Access Controls (RBAC) according to confidentiality codes  No access given to documents marked with unknown confidentiality codes

17 17 XDR & XDM XDR & XDM Same responsibilities Should include copy of relevant Consents Importer needs to coerce the confidentiality codes Need to recognize that in transit the document set may have been used in ways inconsistent (e.g. Physical Access Controls)

18 September, 2005What IHE Delivers 18 Examples

19 19 Basic Patient Privacy Consents Example Encounter 1 (Patient Requires A) Encounter 2 (Patient OK with B) Log-in= local role R1 R1=Consent B Register Log-in= local role R3 R3=Consent A&B QueryRetrieve Consent A Consent B Register RHIO XDS Doc Registry/Repositories

20 20 Entries restricted to health service Private entries shared with GP Private entries shared with several named parties Entries restricted to sexual health team Entries accessible to administrative staff Entries accessible to clinical in emergency Entries accessible to direct care teams Sensitive Document Accessibility Source: Dipak Kalra & prEN 13606-4

21 21 Sample Consent Matrix

22 22 Sample Consent Policies HIV StatusInformation published under the HIV Status policy may be released to: The healthcare providers providing treatment to the patient for HIV or related illness at the institution where the consent was provided. The patient and/or their legal representative. Any payer responsible for payment of that treatment. Sexual Health Information Information published under the Sexual Health Information policy may be released to: The healthcare providers providing treatment to the patient for the Sexual Health at the institution where the consent was provided. The patient and/or their legal representative. Any payer responsible for payment of that treatment. Mental Health Information Information published under the Mental Health Information policy may be released to: The healthcare providers providing treatment to the patient for the Mental Health at the institution where the consent was provided. The patient and/or their legal representative. Any payer responsible for payment of that treatment. Developmental Disability Information Information published under the Developmental Disability Information policy may be released to: The healthcare providers providing treatment to the patient for the Developmental Disability at the institution where the consent was provided. The patient and/or their legal representative. Any payer responsible for payment of that treatment Alcohol/Drug Abuse Information Information published under the Alcohol/Drug Abuse Information policy may be released to: The healthcare providers providing treatment to the patient for Alcohol/Drug Abuse at the institution where the consent was provided. The patient and/or their legal representative. Any payer responsible for payment of that treatment. TreatmentInformation published under the Treatment policy may be released to: Any healthcare provider providing treatment to the patient. The patient and/or their legal representative. Any payer responsible for payment of that treatment. ResearchInformation published under the research policy may be accessed by researchers.

23 September, 2005What IHE Delivers 23 Questions?

Download ppt "September, 2005What IHE Delivers 1 Basic Patient Privacy Consents IHE Educational Workshop 2007 John Moehrke Lori Forquet."

Similar presentations

September, 2005What IHE Delivers 1 Key Image Notes Evidence Documents Simple Image & Numeric Report Access to Radiology Information IHE Vendors Workshop.

September, 2005What IHE Delivers 1 Key Image Notes Evidence Documents Simple Image & Numeric Report Access to Radiology Information IHE Vendors Workshop.
IHE IT Infrastructure Domain Update

IHE IT Infrastructure Domain Update
What IHE Delivers Basic Patient Privacy Consents HIT-Standards – Privacy & Security Workgroup John Moehrke GE Healthcare.

What IHE Delivers Basic Patient Privacy Consents HIT-Standards – Privacy & Security Workgroup John Moehrke GE Healthcare.
September, 2005What IHE Delivers 1 Implementing IHE in Regional Health Information Networks IHE Europe 2006 - Changing the Way Healthcare Connects IHE.

September, 2005What IHE Delivers 1 Implementing IHE in Regional Health Information Networks IHE Europe Changing the Way Healthcare Connects IHE.
IHE IT Infrastructure Outreach to Patient Care Coordination Domain Michael Nusbaum IT Infrastructure Planning Committee December 13 th, 2010.

IHE IT Infrastructure Outreach to Patient Care Coordination Domain Michael Nusbaum IT Infrastructure Planning Committee December 13 th, 2010.
September, 2005What IHE Delivers 1 Basic Patient Privacy Consents (BPPC) IHE Vendors Workshop 2006 IHE Patient Care Coordination Education

September, 2005What IHE Delivers 1 Basic Patient Privacy Consents (BPPC) IHE Vendors Workshop 2006 IHE Patient Care Coordination Education
XDS Security ITI Technical Committee May 27, 2006.

XDS Security ITI Technical Committee May 27, 2006.
June 28-29, 2005IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Cross-enterprise Document Sharing for Imaging (XDS-I) Rita Noumeir.

June 28-29, 2005IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Cross-enterprise Document Sharing for Imaging (XDS-I) Rita Noumeir.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.

Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.
Slide 1 Sharing Images without CDs, The Next Imaging Sea Change GE Healthcare Chris Lindop GE Healthcare Interoperability & Standards.

Slide 1 Sharing Images without CDs, The Next Imaging Sea Change GE Healthcare Chris Lindop GE Healthcare Interoperability & Standards.
Distributing Images: Cross-enterprise Document Sharing for Imaging (XDS-I) Access to Radiology Information (ARI) Retrieve Information for Display (RID)

Distributing Images: Cross-enterprise Document Sharing for Imaging (XDS-I) Access to Radiology Information (ARI) Retrieve Information for Display (RID)
Consumer Privacy using HITSP TP30 John Moehrke – GE Healthcare Co-Chair HITSP Security/Privacy/Infrastructure Co-Chair HL7 Security Workgroup Member IHE.

Consumer Privacy using HITSP TP30 John Moehrke – GE Healthcare Co-Chair HITSP Security/Privacy/Infrastructure Co-Chair HL7 Security Workgroup Member IHE.
Cross Domain Patient Identity Management Eric Heflin Dir of Standards and Interoperability/Medicity.

Cross Domain Patient Identity Management Eric Heflin Dir of Standards and Interoperability/Medicity.
1 Charles Parisot, GE Healthcare IHE IT Infrastructure Planning Committee Co-chair IHE Update to DICOM.

1 Charles Parisot, GE Healthcare IHE IT Infrastructure Planning Committee Co-chair IHE Update to DICOM.
Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.

Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.
IHE Radiology –2007What IHE Delivers 1 Christoph Dickmann IHE Technical Committee March 2007 Cross Domain Review PCC.

IHE Radiology –2007What IHE Delivers 1 Christoph Dickmann IHE Technical Committee March 2007 Cross Domain Review PCC.
IHE Security XDS as a case study

IHE Security XDS as a case study
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.

September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.
IHE QRPH Maternal and Child Health IHE Webinar Series Lori Fourquet e-HealthSign LLC.

IHE QRPH Maternal and Child Health IHE Webinar Series Lori Fourquet e-HealthSign LLC.

Similar presentations

Ads by Google