1 / 25

“ Jericho / UT Austin Pilot”

“ Jericho / UT Austin Pilot”. Privacy with Dynamic Patient Review. Presented by: David Staggs JD, CISSP Jericho Systems Corporation. Agenda. Administrative issues Pilot scope Pilot data flow Implementation guidance document Previously discussed sections Additional sections

missy
Download Presentation

“ Jericho / UT Austin Pilot”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. “Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review Presented by: David Staggs JD, CISSP Jericho Systems Corporation

  2. Agenda • Administrative issues • Pilot scope • Pilot data flow • Implementation guidance document • Previously discussed sections • Additional sections • General discussion • Pilot timeline • Plan of action

  3. Pilot Administrivia • This pilot is a community led pilot • Limited support provided by the ONC • JohnathanColeman (Security Risk Solutions) • Zachary May (ESAC) • Penelope Hughes (ONC) • LibbieBuchele (ONC Sponsor) • In conjunction with DS4P bi-weekly return of an All Hands meeting • Access to DS4P Wiki, teleconference, and calendar • Meeting times: Tuesdays 11AM (ET) • Dial In: +1-650-479-3208Access code: 662 197 169URL:https://siframework1.webex.com/siframework1/onstage/g.php?t=a&d=662197169

  4. Scope of the Pilot • Define the exchange of HL7 CDA-compliant PCD between a data custodian and a PCD repository that includes a report on the outcome of the request to the healthcare consumer (subject). • Additional goal: use identifiers to identify the subject/ PCD repository for use in reporting the outcome of the “secondary user” request use case to subject by subsequent EHR custodians. • Stretch goal: mask and/or redact the clinical document based on data segmentation and PCD choices retrieved from the PCD repository.

  5. Pilot Data Flow , = Clinical data A,B = PCD data = audit record  1st Requestor And Subsequent Custodian of Data being Provided at  B Custodian of Data being Provided at   PCD Repository 2nd Requestor Patient

  6. J-UT Implementation Guidance • PCD returned to the document custodian should be specific to the document custodian and the requestor • PCD should be requested for each type of network exchange that could reveal PHI: ITI-55, ITI-38, and ITI-39 • Data labels should be passed in the PCD request if they exist in the document being requested • Document Custodian should return release decision as an ATNA audit message to the PCD repository • PCD repository should allow edit of PCD and review of release decisions through standard interfaces http://wiki.siframework.org/file/view/SIFramework_DS4P_UC_Jericho_4NOV2013.docx/466080974/SIFramework_DS4P_UC_Jericho_4NOV2013.docx

  7. Previously Discussed IG Sections • PCD should be dynamically filtered specifically for the document custodian and requestor (§2.2) • PCD should be requested for each type of data exchange that could reveal PHI (§3.0) • PCD request should include any data labels identified in the requested information (§2.3) • Release decision should be returned to the PCD repository using an ATNA audit message (§2.4) • PCD repository should be securely accessible to patients using standard interfaces • PCD alternative representation should be XACML and should be lightweight (§2.6) • PCD repository location and account information can be embedded in a CDA clinical document (§2.5)

  8. Additional Topics Added to the IG • Introduction: creation of the pilot (§1.0) • Use Case Scenario: implementation of user story 3 (§2.0) • Architecture: The J-UT data flow (§2.1) • IHE ITI-55 Transactions: diagram and data sets for patient discover request received at the gateway (§3.1) • IHE ITI-38 Transactions: diagram and data sets for document list request received at the gateway (§3.2) • IHE ITI-39 Transactions: diagram and data sets for document request received at the gateway(§3.3) • Test Participants: List of members who played roles in the test scenario (§4) • Summary of J-UT Implementation Guidance: Summary of the major guidance from the pilot (§5)

  9. General Discussion • Implementation guidance document • Do we need more time to review? • Does the content need additions / deletions? • Are there issues with the remaining artifacts? • Mapping / gap analysis of functionality to standards? • Test cases, test artifacts, and/or test video? • Additional activities • More demonstrations and/or J-UT meetings? • Approval of the implementation guidance document? • Bringing the IG to standards organizations (profiles)?

  10. Pilot Timeline • General Timeline, conditioned on agreement of stakeholders

  11. Plan of Action • Upon agreement of the participants the POA is: • Identify the elements available from previous DS4P pilots • Scope level of effort, decide on extended scenario • Determine first draft of functional requirements • Review standards available for returning information on requests • Determine any gaps or extensions required in standards • Stand up information holders and requestors • Create XDS.b repository holding PCD • Identify remaining pieces, create test procedures • Document and update IG with results of our experience

  12. Backup Slides

  13. DS4P Standards Material • Location of DS4P Standards Inventory: http://wiki.siframework.org/Data+Segmentation+-+Standards+Inventory • Location of DS4P Standards Mapping Issues: http://wiki.siframework.org/file/view/Copy%20of%20DataMappingsIssues%2005102012.xlsx/333681710/Copy%20of%20DataMappingsIssues%2005102012.xlsx • General Standards Source List: http://wiki.siframework.org/file/view/General%20SI%20Framework%20Standards%20Analysis.xlsx/297940330/General%20SI%20Framework%20Standards%20Analysis.xlsx • Standards Crosswalk Analysis http://wiki.siframework.org/Data+Segmentation+for+Privacy+Standards+and+Harmonization (at bottom of page, exportable) • Implementation Guidance http://wiki.siframework.org/file/view/Data%20Segmentation%20Implementation%20Guidance_consensus_v1_0_4.pdf/416474106/Data%20Segmentation%20Implementation%20Guidance_consensus_v1_0_4.pdf

  14. DS4P References • Use Case: http://wiki.siframework.org/Data+Segmentation+for+Privacy+Use+Cases • Implementation Guide: http://wiki.siframework.org/Data+Segmentation+for+Privacy+IG+Consensus • Pilots Wiki Page: http://wiki.siframework.org/Data+Segmentation+for+Privacy+RI+and+Pilots+Sub-Workgroup

  15. Test Cases • Consent To Patient Discovery : No Consent • Consent To Document Query : No Consent • Consent To Document Retrieve : No Consent • Consent To Patient Discovery : 1st Requestor (1st) • Consent To Document Query : 1st To PC - Allow • Consent To Document Query with POU 1st to PC – Deny • Consent To Document Retrieve : 1st to PC - Allow • Consent To Patient Discovery : 2nd Requestor(2nd) • Consent To Document Query : 2ndTo PC - Deny • Consent To Document Retrieve : 2nd To PC – Deny • Consent To Document Query : 2ndto SC - Deny • Consent To Document Retrieve : 2ndto SC - Deny • Consent To Document Retrieve : With Segmentation

  16. Test Cases (Visual Representation) PC = Primary Custodian SC = Secondary Custodian Test Document available for review (since 9/16/2013) at: http://wiki.siframework.org/DS4P+Jericho-UT+Austin+Draft+Test+Document Video of the test will be available shortly.

  17. Test Participants Participants in the September 20, 2013 DS4P Pilot Execution Script:

  18. Pilot Data Flow , = Clinical data A,B = PCD data = audit record  1st Requestor And Subsequent Custodian of Data being Provided at  B Custodian of Data being Provided at   PCD Repository 2nd Requestor Patient

  19. Pilot Data Flow Clinical exchange # , = Clinical data A,B = PCD data = audit record 1st Requestor And Subsequent Custodian of Data being Provided at  B Fetch PCD Fetch PCD Custodian of Data being Provided at  Clinical exchange #  Send audit Send audit PCD Repository 2nd Requestor Patient

  20. Pilot Data Flow (1) , = Clinical data A,B = PCD data = audit record  1st Requestor Custodian of Data being Provided at  PCD Repository 2nd Requestor Patient

  21. Pilot Data Flow (2) , = Clinical data A,B = PCD data = audit record  1st Requestor Custodian of Data being Provided at  PCD Repository 2nd Requestor Patient

  22. Pilot Data Flow (3) , = Clinical data A,B = PCD data = audit record 1st Requestor And Subsequent Custodian of Data being Provided at  B Custodian of Data being Provided at   PCD Repository 2nd Requestor Patient

  23. Pilot Data Flow (4) , = Clinical data A,B = PCD data = audit record 1st Requestor And Subsequent Custodian of Data being Provided at  Custodian of Data being Provided at   PCD Repository 2nd Requestor Patient

  24. Pilot Data Flow (5) , = Clinical data A,B = PCD data = audit record 1st Requestor And Subsequent Custodian of Data being Provided at  Custodian of Data being Provided at  PCD Repository 2nd Requestor Patient

  25. Pilot Data Flow (updated) , = Clinical data A,B = PCD data = audit record  1st Requestor And Subsequent Custodian of Data being Provided at  B Custodian of Data being Provided at   PCD Repository 2nd Requestor Patient

More Related