1 / 10

Privacy Architecture Considerations

Privacy Architecture Considerations. Part 1: Opt-In / Opt-Out. Kathleen Connor Fox Systems Inc. Presentation Focus. Policy, Standards, and Technical Support for Patient consent to collect, use, and disclose PHI Opt-out Total Conditional Opt-in Total Conditional

armand
Download Presentation

Privacy Architecture Considerations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Architecture Considerations Part 1: Opt-In / Opt-Out Kathleen Connor Fox Systems Inc

  2. Presentation Focus • Policy, Standards, and Technical Support for Patient consent to collect, use, and disclose PHI • Opt-out • Total • Conditional • Opt-in • Total • Conditional • Within Nodes (Df.=Regional Hubs, Sub-networks) • Share generally agreed upon privacy policies • Among Nodes = National Information Network (e.g., UK Spine, CA EHRi, NL LSP, US NHIN) • Role Based Access • Standards for electronic consents, shared secrets, privacy policies

  3. Opt-out • Actively refusing to authorize an entity to collect, use, or disclose PHI • Actively refusing to authorize a requesting entity to access, use or re-disclose PHI • May opt-out at the record or data element level • Opt-out may be • Total • Conditional

  4. Opt-out • Total Opt-out • Off Node • Locked/Masked on Node • Conditional Opt-out • PHI is Masked / Locked • Some collection, use, disclosure permitted • Pre-determined: By User, Role, Context Based Access • Ad-Hoc: By Shared Secret • Implied Consent = not Opting out • Deemed Consent • Public health or legal requirements may override Opt-out

  5. Opt-out Conditional Dissent by Data Element Non-action = implied consent Requires active dissent by record or data element May not have a choice where there is a public health issue

  6. Opt-in • Actively authorizing an entity to collect, use, or disclose PHI • Actively authorizing a requesting entity to access, use, or re-disclose PHI • May Opt-in at the record or data element level • Opt-in may be • Total • Conditional

  7. Opt-in Conditional Opt-in • PHI is Masked / Locked • Some collection, use, disclosure permitted • Pre-determined: By User, Role, Context Based Access • Ad-Hoc: By Shared Secret • Implied Dissent = not Opting in • Deemed Consent • Public health or legal requirements may override Dissent

  8. Opt-in Requires active assent by record / data element Non-action = dissent Conditional Assent by Data Element May not have a choice where there is a public health issue

  9. HL7 Consent Directive

  10. Opt-in / Opt-out Infrastructure

More Related