Embed Size (px)
DESCRIPTION
Citation preview
Enforceable Specification of Privacy
Peter MorkJean Stanford
CEM IR&D
© 2011 The MITRE Corporation. All rights reserved
Problem
Growing need for Health Information Exchange
– Continuity of care
– Decreased costs
– Public health reporting
– Facilitate clinical research
Health Information Exchange requires patient consent:
– Paper-based
– One form per transaction
– Non-transferrable
– Signed with limited time to think
© 2011 The MITRE Corporation. All rights reserved
Background
Paper consent forms prevent seamless health information exchange
VA
DoD
© 2011 The MITRE Corporation. All rights reserved
Objective
Support Meaningful & Granular Patient Consent
Globally Accessible by:
– Patients and
– Record Holders
Platform Adaptable
Modular Design adapts to:
– Technology Changes
– Legal Changes
© 2011 The MITRE Corporation. All rights reserved
Activities
Developed rules language for consent:
– Basic constructs = purpose, topics, datatypes, time, etc.
– Two forms of negation
– Terminological hierarchies
– Reusable knowledge components
Policy reasoner:
– Input = Patient preferences + request
– Output = Minimized rule tree
Policy enforcement:
– Conversion to XACML
– Prototype of EHR with XACML engine
© 2011 The MITRE Corporation. All rights reserved
Highlight
Request Server (e.g., hData)
Record Holder Server
EHR
Browser
Consent Server
Consent DB
Policy Reasoner
Policy Enforcer
© 2011 The MITRE Corporation. All rights reserved
Demonstration
Allow
Direct Care Providers
X = Primary Care Provider
Referral fromX to
RecipientPurpose =Treatment
Allowed Categories
Medications
Allergies¬ Mental Health
Purpose =Treatment
Dr. Blass
Research
Purpose =Research
Anonymized
¬ Imagery
¬ Mental Health
Purpose =Emergency
¬ Mental Health
Dr. Walsh:Purpose = Treatment
(Medications or Allergies) and not Mental Health
© 2011 The MITRE Corporation. All rights reserved
Impacts
Sponsor Engagements:
– Office of the National Coordinator
– Substance Abuse and Mental Health Services Administration
– Department of Veteran’s Affairs
Other Engagements:
– Healthcare Information and Management Systems Society
– GE Healthcare
– United Health
Open Source:
– https://sourceforge.net/projects/kaironconsents/
© 2011 The MITRE Corporation. All rights reserved
Future Plans
Policy MaturityAccepted Practices Inchoate
Tech
nica
l Co
mpl
exi
tyLo
wH
igh
Preemptory Access
Patient Review & Approve
Integrate with State Mandates
Intelligent Redaction
Credential Matching
Eliciting Patient Preferences
Automated Enforcement
Implemented
Grand Challenges
Under Development
Integrate Care Relationships
Audit
