Upload
maya-maher
View
223
Download
3
Tags:
Embed Size (px)
Citation preview
What IHE Delivers
Basic Patient Privacy Basic Patient Privacy Consents Consents
HIT-Standards – Privacy & Security WorkgroupHIT-Standards – Privacy & Security WorkgroupJohn Moehrke GE HealthcareJohn Moehrke GE Healthcare
2
What do Standards Define?What do Standards Define?PolicyPolicy Driven by business goalsDriven by business goals Informed by Risk AssessmentsInformed by Risk Assessments Defines Defines rightsrights and and responsibilitiesresponsibilities Defines punishmentDefines punishment
ProcessProcess Enforces policy Enforces policy How people or organizations actHow people or organizations act who / what / where / when / howwho / what / where / when / how
TechnologyTechnology Enforces policy Enforces policy How equipment should actHow equipment should act Algorithms and data formatsAlgorithms and data formats
Policy Process
Technology
3
Before (2006)Before (2006)
One Policy for the XDS Affinity Domain (HIE)One Policy for the XDS Affinity Domain (HIE)
Patient doesn’t agree Patient doesn’t agree Don’t publish Don’t publish
VIP Patient VIP Patient Don’t publish Don’t publish
Sensitive Data Sensitive Data Don’t publish Don’t publish
Research Use Research Use No Access No Access
4
Basic Patient Privacy ConsentsBasic Patient Privacy ConsentsHuman ReadableHuman Readable
Machine ProcessableMachine Processable
Characteristics of a CDA “Document”Characteristics of a CDA “Document”
Multiple Consent Types and Documents (e.g., Multiple Consent Types and Documents (e.g., HIPAA)HIPAA)
Wet Signature Capture (i.e. XDS-SD)Wet Signature Capture (i.e. XDS-SD)
Digital Signature Capture Possible (i.e. DSG)Digital Signature Capture Possible (i.e. DSG) Provider, Witness, Patient or Legal RepresentativeProvider, Witness, Patient or Legal Representative
ExtensibleExtensible
5
Document Content & Modes of ExchangeDocument Content & Modes of Exchange
Document Exchange Integration Profiles
Document Sharing
XDS
MediaInterchange
XDM
ReliableInterchange
XDR
Document Content ProfilesConsent
BPPCEmergency
EDRPre
Surgery
PPH P
Scanned Doc
XDS-SD
Laboratory
XD*-LabPHR
Exchange
XPHR
Discharge &Referrals
XDS-MS
Imaging
XDS-I
Cross-CommunityAccess
XCA
6
Value PropositionValue PropositionAn XDS Affinity Domain (RHIO, HIE) An XDS Affinity Domain (RHIO, HIE) Develop a set of privacy policies, Develop a set of privacy policies, Each policy is given a number (OID)Each policy is given a number (OID) Implement them with role-based or other access Implement them with role-based or other access
control mechanisms supported by EHR systems.control mechanisms supported by EHR systems.
A patient canA patient canBe made aware of the privacy policies. Be made aware of the privacy policies. Have an opportunity to selectively acknowledge Have an opportunity to selectively acknowledge
the from the policies presented the from the policies presented Have control over access to their healthcare Have control over access to their healthcare
information.information.
7
Written Policy ExampleWritten Policy Example
The patient agrees to share their healthcare data to be accessed only by doctors wearing a chicken costume.
8
BPPC supportable ConsentsBPPC supportable Consents
Explicit Opt-In is required which enables HIE allowed document useExplicit Opt-In is required which enables HIE allowed document useExplicit Opt-Out that would prevent all use of their documentsExplicit Opt-Out that would prevent all use of their documentsImplicit Opt-In allows for document useImplicit Opt-In allows for document useExplicit Opt-Out of any document publicationExplicit Opt-Out of any document publicationExplicit Opt-Out of sharing outside of local event use, but does Explicit Opt-Out of sharing outside of local event use, but does allowing emergency overrideallowing emergency overrideExplicit Opt-Out of sharing outside of local event use, and without Explicit Opt-Out of sharing outside of local event use, and without emergency override emergency override Explicit authorization that would allow specific research project Explicit authorization that would allow specific research project Change the consent policy (change from opt-in to opt-out) Change the consent policy (change from opt-in to opt-out) Allow direct use of the document, but not re-publishingAllow direct use of the document, but not re-publishingEnable use of document retrieval across communities using XCA Enable use of document retrieval across communities using XCA Explicit individual policy for opt-in at each clinic Explicit individual policy for opt-in at each clinic Explicit individual policy for opt-in for a PHR choiceExplicit individual policy for opt-in for a PHR choiceExplicit Opt-In for a period of time (episodic consent)Explicit Opt-In for a period of time (episodic consent)
9
HHS Whitepaper on Consent HHS Whitepaper on Consent (March 2010)(March 2010)
No consent. Health information of patients is automatically included—patients cannot opt out;
Opt-out. Default is for health information of patients to be included automatically, but the patient can opt out completely;
Opt-out with exceptions. Default is for health information of patients to be included, but the patient can opt out completely or allow only select data to be included;
Opt-in. Default is that no patient health information is included; patients must actively express consent to be included, but if they do so then their information must be all in or all out; and
Opt-in with restrictions. Default is that no patient health information is made available, but the patient may allow a subset of select data to be included.
10
Characteristic of a CDA documentCharacteristic of a CDA document
PersistencePersistence
StewardshipStewardship
Potential for authenticationPotential for authentication
ContextContext
WholenessWholeness
Human readabilityHuman readability
A CDA document is a defined and complete A CDA document is a defined and complete information object that can include text, images, information object that can include text, images, sounds, and other multimedia content.sounds, and other multimedia content.
11
Capturing the Patient Consent actCapturing the Patient Consent act
One of the Affinity Domain Consent policies One of the Affinity Domain Consent policies
CDA document captures the act of signingCDA document captures the act of signing Effective time (Start and Sunset)Effective time (Start and Sunset) templateID – BPPC documenttemplateID – BPPC document XDS-SD – Capture of wet signature from paperXDS-SD – Capture of wet signature from paper DSIG – Digital Signature (Patient, Guardian, Clerk,System)DSIG – Digital Signature (Patient, Guardian, Clerk,System)
XDS MetadataXDS Metadata classCode – BPPC documentclassCode – BPPC document eventCodeList – the list of the identifiers of the AF policieseventCodeList – the list of the identifiers of the AF policies confidentialityCode – could mark this document as confidentialityCode – could mark this document as
sensitivesensitive
12
•Scanned Document details•Privacy Consent details
•Policy 9.8.7.6.5.4.3.2.1
SSttrruuccttuurreedd CCoonntteenntt wwii tthh ccooddeedd sseecctt iioonnss::
Structured and Coded CDA Header
Time of Service, etc.
Base64 encoded
XDS-MS + XDS-BPPC + XDS-SD
Patient, Author, Authenticator, Institution,
XDS Metadata:
Consent DocumentDigital Signature
IHE-DSG – Digital SignatureSignature valuePointer to Consent document
Consent documentConsent document
13
Standards and Profiles UsedStandards and Profiles UsedHL7 CDA Release 2.0HL7 CDA Release 2.0
IHE - XDS Scanned DocumentsIHE - XDS Scanned Documents PDF/A - ISO 19005-1b PDF/A - ISO 19005-1b
IHE - Document Digital SignatureIHE - Document Digital Signature XML-Digital Signature, XadESXML-Digital Signature, XadES
IHE - Cross Enterprise Document SharingIHE - Cross Enterprise Document Sharing
IHE - Cross Enterprise Sharing on MediaIHE - Cross Enterprise Sharing on Media
IHE - Cross Enterprise Reliable InterchangeIHE - Cross Enterprise Reliable Interchange
IHE - Cross Community AccessIHE - Cross Community Access
14
Using documentsUsing documentsXDS Registry Stored Query TransactionXDS Registry Stored Query TransactionConsumer may request documents with specific Consumer may request documents with specific
policies policies Filtered response Filtered response
XDS Consumer ActorXDS Consumer Actor Informed about confidentialityCodes -- MetadataInformed about confidentialityCodes -- MetadataKnows the user, patient, setting, intention, urgency, Knows the user, patient, setting, intention, urgency,
etc.etc.Enforces Access Controls (RBAC) according to Enforces Access Controls (RBAC) according to
confidentiality codesconfidentiality codesNo access given to documents marked with No access given to documents marked with
unknown confidentiality codesunknown confidentiality codes
15
XDR & XDMXDR & XDMXDR & XDM Same responsibilitiesXDR & XDM Same responsibilities
Should include copy of relevant ConsentsShould include copy of relevant Consents
Importer needs to coerce the Importer needs to coerce the confidentiality codesconfidentiality codes
Need to recognize that in transit the Need to recognize that in transit the document set may have been used in document set may have been used in ways inconsistent (e.g. Physical Access ways inconsistent (e.g. Physical Access Controls)Controls)
16
Informed by Privacy Policy Standards Informed by Privacy Policy Standards
ISO IS22857 Trans-border Flow of Health ISO IS22857 Trans-border Flow of Health Information Information
ISO TS 26000 Privilege Management and ISO TS 26000 Privilege Management and Access Control (Parts 1, 2, draft 3)Access Control (Parts 1, 2, draft 3)
ASTM E1986 Standard Guide for ASTM E1986 Standard Guide for Information Access Privileges to Health Information Access Privileges to Health InformationInformation
17
Active Standards WorkActive Standards WorkOASISOASIS Profile for how to express attributes in cross-organization (SAML, XACML, Profile for how to express attributes in cross-organization (SAML, XACML,
WS-Trust, WS-Federation, WS-Policy)WS-Trust, WS-Federation, WS-Policy)HL7HL7 Standard for Consent Directive DocumentStandard for Consent Directive Document Ontology for Security and Privacy (Permissions, Sensitivity, Healthcare Ontology for Security and Privacy (Permissions, Sensitivity, Healthcare
User Roles, etc)User Roles, etc) Identified Privacy Policy Reference Catalog (opt-in, opt-out, ++) Identified Privacy Policy Reference Catalog (opt-in, opt-out, ++) SOA model for Privacy/Security Access Control as a ServiceSOA model for Privacy/Security Access Control as a Service
IHEIHE White Paper on overall Access Control Model for healthcareWhite Paper on overall Access Control Model for healthcare Updates to XUA profile to recognize user attributes such as role, intended-Updates to XUA profile to recognize user attributes such as role, intended-
use, authentication level of assurance.use, authentication level of assurance.ISOISO ISO14265: Classification of purposes for processing personal health ISO14265: Classification of purposes for processing personal health
information information
What IHE Delivers
Questions?Questions?