140 likes | 151 Views
Learn about federal laws, privacy regulations, and challenges in establishing trust in care coordination. Explore data segmentation, meaningful consent, and tools for privacy and security.
E N D
Care Coordination and Interoperable Health IT Systems Unit 10: Ensuring the Security and Privacy of Information Shared Lecture d – Data Privacy and Meaningful Consent This material (Comp 22 Unit 10) was developed by The University of Texas Health Science Center at Houston, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number 90WT0006. This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/4.0/.
Ensuring the Security and Privacy of Information SharedLecture d – Learning Objectives • Objective 1: Identify applicable federal laws and regulations related to protected health information shared during care coordination (Lecture a) • Objective 2: Assess processes and systems to ensure compliance with applicable privacy and security regulations during care coordination (Lecture b) • Objective 3: Explain the challenges of establishing, preserving, and restoring trust from multiple stakeholder perspectives (Lecture b) • Objective 4: Review interoperable systems for weaknesses in structure or processes, which may result in a loss of trust (Lecture c) • Objective 5: Discuss the need for data provenance (Lecture c) • Objective 6: Analyze the system specifications and functionality to establish data provenance (Lecture c)
Ensuring the Security and Privacy of Information SharedLecture d – Learning Objectives (Cont’d – 1) • Objective 7: Categorize privacy concerns appropriately (Lecture d) • Objective 8: Modify privacy and security policies and procedures for sensitive protected health information and other special considerations (Lecture d) • Objective 9: Employ appropriate tools and methods to ensure privacy and security during care coordination processes (Lecture d)
Types of Interoperability Consents • Opt-in – The default is that PHI cannot be shared. The patient must actively express their consent for information to be shared • Opt-out – The default is for PHI to automatically be shared. Patients must actively express their desire to not have information shared if they wish to prevent sharing • Levels of access: • Full • Limited • None
Classifying Data for Privacy • Data Segmentation – electronic labeling or tagging of a patient’s health information to allow consumers or providers to electronically share parts, but not all, of a patient record • It can • Alert providers if the information they want to share is subject to restrictions • Give patients a more detailed choice for determining which parts of their health information are shared by their providers
Data Segmentation for Privacy (DS4P) • Community of experts, including software developers, health care providers, patient advocates, and health informaticists • HL 7 Implementation Guide: DS4P, Release 1 – January 2014 • Security Labels for data attributes: • Confidentiality • Sensitivity • Integrity • Compartment • Handling Caveat
Values for Data Segmentation Tags • Confidentiality • Very restricted • Restricted • Normal • Moderate • Low • Unrestricted • Sensitivity • HIV • Sickle Cell Disease • VIP • Substance Abuse • Mental Health • Genetic • Privacy Law • Title 38, Section 7332 • 42 CFR Part 2 • HITECH Self-Pay • HIPAA • GINA • SSA Disability • Compartment • Agent Orange • Post-Traumatic Stress Research • Adverse Event Reporting • Records Management • Pharmacy
Values for Data Segmentation Tags (Cont’d – 1) • Integrity • Title 38, Section 7332 • 42 CFR Part 2 • HITECH Self-Pay • HIPAA • GINA • SSA Disability • Refrain • Do Not Disclose without Consent • Prohibit Disclosure without MOU • Prohibit Unauthorized Use • Prohibit Relinking • Prohibit Integration • Obligation • Encrypt • Minimum Necessary • Mask • Redact • Comply with Consent Directive • De-identify • Purpose • Treatment • Emergency Treatment • Payment • Operations • Public Health • Research
Meaningful Consent for Persons • Full transparency and education • Patient had enough time to review any educational materials • Consistent with why the information is exchanged • Not used as a condition for treatment or for discriminating against a person • Consistent with patient expectations • Can be revoked at any time
Tools for Privacy and Security and Care Coordination • ONC-provided eConsent Toolkit • Videos related to the eConsent Trial Project with Sample Experiences • Model Notices of Privacy Practices – paper and digital
Unit 10: Ensuring the Security and Privacy of Information Shared Summary – Lecture d – Data Privacy and Meaningful Consent • Different types of data, i.e., substance abuse, mental health, and so on are subject to different laws and regulations • In order to ensure compliance and patient trust in the process, data should be classified and segmented • Standards for healthcare data segmentation have been developed and are being implemented • Tools for ensuring the privacy and security of protected health information during care coordination are available on the ONC website
Unit 10 Summary: Ensuring the Security and Privacy of Information Shared • While privacy is an important social value, the effective coordination of care requires the sharing of protected health information. • Consumer trust regarding their protected health information is vital and use of encryption and other technologies can build trust. • Data provenance will contribute to increased trust, but developments are ongoing. • All data is not equal. Systems and tools to segment data by type or use are available.
Unit 10: Ensuring the Security and Privacy of Information SharedReferences – Lecture d References Department of Health Policy,. (2010). CONSUMER CONSENT OPTIONS FOR ELECTRONIC HEALTH INFORMATION EXCHANGE: POLICY CONSIDERATIONS AND ANALYSIS. Retrieved from https://www.healthit.gov/sites/default/files/choicemodelfinal032610.pdf HealthIT.gov. (n.d.). Retrieved April 21, 2016, from https://www.healthit.gov/providers-professionals/patient-consent-electronic-health-information-exchange HealthIT.gov. (n.d.). Retrieved April 21, 2016, from https://www.healthit.gov/providers-professionals/econsent-toolkit HealthIT.gov. (n.d.). Retrieved April 21, 2016, from https://www.healthit.gov/providers-professionals/meaningful-consent-video-gallery HealthIT.gov. (n.d.). Retrieved April 21, 2016, from https://www.healthit.gov/providers-professionals/model-notices-privacy-practices
Unit 10: Ensuring the Security and Privacy of Information SharedLecture d – Data Privacy and Meaningful Consent This material was developed by The University of Texas Health Science Center at Houston, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number 90WT0006.