610 likes | 739 Views
HITSP Service Collaborations for Privacy and Security Webinar #10 November 12, 2009 | 2:00 – 3:30 pm (Eastern). Presenters: Co-Chair & Facilitator - HITSP Security, Privacy and Infrastructure Technical Committee John Moehrke, GE Healthcare
E N D
HITSP Service Collaborations for Privacy and Security Webinar #10 November 12, 2009 | 2:00 – 3:30 pm (Eastern) Presenters: Co-Chair & Facilitator - HITSP Security, Privacyand Infrastructure Technical Committee John Moehrke, GE Healthcare Johnathan Coleman, Security Risk Solutions, Inc.
Overview Re-organization of HITSP’s Security, Privacy and Infrastructure constructs into a series of Service Collaborations Leverage and reuse existing HITSP constructs Align with the Health Information Technology (HIT) provisions of the American Recovery and Reinvestment Act of 2009 (ARRA). Provide a simplified framework for HITSP’s ongoing activities, making future work products easier to understand and simpler to implement.
Learning Objectives During this 90-minute webinar, participants will: Understand the core concepts and components involved in HITSP’s Privacy and Security Service Collaborations, including Access Control, Security Audit, and Patient Identification Management. Demonstrate how Privacy and Security Service Collaborations can support ARRA’s Meaningful Use, leveraging existing HITSP constructs and components. Learn how to find, navigate, and use HITSP Service Collaborations documentation.
Agenda What is ARRA and HITECH? HITSP Harmonization Framework - Introduction of new “building blocks” Capabilities, Service Collaborations, A new HITSP approach HITSP Service Collaborations In Action Helping meet ARRA Meaningful Use Requirements Conclusions Questions and Answers
What is ARRA? Also known as the “economic stimulus package” Signed into law by President Obama on February 17, 2009 What is HITECH? A portion of ARRA referred to as the Health Information Technology for Economic and Clinical Health (HITECH) Act TITLE XIII—Health Information Technology TITLE IV—Medicare and Medicaid Health Information Technology Contains numerous provisions related to Health Information Technology (HIT) and privacy with aggressive timelines for completion
To Address ARRA Requirements, Tiger Teams Were Created with Specific Focus Areas • A new EHR Centric Interoperability Specification to meet ARRA requirements • Security, Privacy & Infrastructure • Quality Measures • Data Architecture (Element, Template, and Value Set) • Exchange Architecture and Harmonization Framework • Clinical Research Tiger Team membership 232 technical experts
Putting the Pieces Together HITSP created IS’s to harmonize standards and make them implementable • Before HITSP, there was a “custom puzzle” to build for every organization to talk to another organization • HITSP used existing Interoperability Specification (IS) constructs to create reusable Capabilities and Service Collaborations
HITSP Glossary • Capability (CAP)– Specifies a business service that an EHR system addresses and specifies the contents and secure infrastructure needed for that business service • Service Collaboration (SC) – Defines a standards-based secure infrastructure needed for interoperable information exchanges and includes a secure transport mechanism with topology and other options regardless of content • Interoperability Specifications (IS) – Integration of all constructs used to meet business needs or the business needs specified in a Use Case • Components (C) – Logical grouping of base and composite standards that work together, such as messaging and terminology • Transactions (T) – Logical grouping of actions that use components and/or composite standards to realize the actions • Transaction Packages (TP) – Logical grouping of transactions
Standards “Real World” examples of Base and Composite Standards • XML (base) • IHE-XDS (composite) • HL7-CCD (base) • DICOM (base) • LOINC (base) • SNOMED-CT (base) • NCPDP-Script (composite) • etc. Base Standard • capable of fulfilling a discrete function Composite Standards • groupings of coordinated base standards Examples • Basic Specifications • Implementation Guides • Code Sets and Terminologies
Meeting Business Needs Capabilities and Collaborations could be used to build any new Interoperability Specification to meet a particular business need
Two New HITSP Puzzle Pieces this Year Capabilities Service Collaborations
HITSP Capabilities Enable systems to address a business need for interoperable information exchange Bridge between business, policy and implementation views: Define a set of information exchanges at a level relevant to policy and business decisions Support stakeholder requirements and business processes Define information content and secure infrastructure Specify use of HITSP constructs sufficiently for implementation Include constraints and identify specific network topologies Created To Simplify Design and Use of HITSP Specifications for ARRA Efforts and Beyond
Building aHITSP Capability HITSP Capabilities HITSP Service Collaborations HITSP Constructs Components, Transactions, Transaction Packages Base and Composite Standards
Capability Complete Set Constructs Components one base or composite standard Transaction Construct two or more base or composite standards 'packaged' together Transaction Packages Two or more Transaction constructs 'packaged' together Capability Pre-packaged combinations of Service Collaborations and/or Constructs (Components, Transactions, Transaction Packages) Working ALL together ALWAYS to achieve an exchange purpose Service Collaborations Pre-packaged groups of Component, Transaction and/or Transaction packages ALL working together to achieve an exchange purpose. Type 1: Base or Composite Standards Standards Underlying “DNA” of ALL HITSP Products
Service Collaborations and Capabilities in Action Base and Composite Standards Capabilities Service Collaborations Constructs Component, Transaction, or Transaction Packages
Multiple Capabilities = Interoperability Specification Interoperability Specification
Capabilities and Service Collaborations Allow Us to Develop New Technical Constructs As Needed
SPI Capabilities SPI Capabilities
Task 2: SPI Service Collaboration Suite IS documents/Workflows ????? ????? EHR Centric IS All other ISxxx Service Collaborations SC108:Access Control SC110:Patient Identification Management SC112: Healthcare DocumentManagement SC114: Administrative Transport to Health Plan SC116: EmergencyMessage Distribution TransactionPackages (e.g. TP30) SCxxx: Future SCs SC109:Security Audit SC111:Knowledge And Vocabulary SC113: Query forExisting Data SC115:HL7 Messaging Transactions (e.g. T29) Component(e.g. C26) Constructs Specified in Service Collaboration Constructs as needed by the SC e.g. TP20, T15, T16, T17 Constructs as needed by the SC e.g. TP20, T15, T16, T17 Constructs as needed by the SC e.g. TP20, T15, T16, T17
Putting it all together Privacy Security
What Is an Example of a Capability? Requirement: Hospital wants to exchange a discharge prescription with an patient’s physician’s office. This diagram shows how Capability (CAP) 117 was assembled to support this requirement using Transaction, Transaction Package and Service Collaboration T40 T42 TP43 TP46 SC114 • System Roles • Medication Order Prescriber • Medication Order Filler • Health Plan • Health Information Exchange Exchange a prescription with an Ambulatory or Long-Term Care Organization CAP117 – Communicate Ambulatory and Long Term Care Prescription
Example: Capability 117 • Requirement: Hospital wants to exchange a discharge prescription with an patient’s physician’s office. SC114– Administrative Transport to Health Plan P H A R M A C Y TP46– Medication Formulary and Benefits Information TP43– Medication Orders T42– Medication Dispensing Status T40– Patient Health Plan Eligibility Verification CAP117 – Communicate Ambulatory and Long Term Care Prescription
Service Collaborations (SC) Defines a standards-based secure infrastructure needed for interoperable information exchanges. Includes a secure transport mechanism with topology and other options. Uses HITSP Constructs to specify the secure infrastructure. Does not specify the content of the information exchange but may include information to support the exchange (e.g., authorization information) Additional Keys to Simpler Definition and Implementation of HITSP Specifications
Example: Service Collaboration 114 SC109 - Security Audit Collaboration T15 - Collect and Communicate Security Audit Trail T16 - Consistent Time SC108 - Access Control Service Collaboration C19 - Entity Identity Assertion (Optional) H E A L T H PLAN T17 - Secured Communication Channel TP20 - Access Control TP30 - Manage Consent Directives T85 - Administrative Transport to Health Plan T17 - Secured Communication Channel Provider SC114 – Administrative Transport to Health Plan
How It All Fits Together Binds content definition with secure infrastructure for a set of interoperable information exchanges
The Refined HITSP Harmonization Framework HITSP Capabilities Service Collaborations Transaction Constructs Service Collaboration Transaction Package Transaction Component SDOs = Standards Development Organizations
Exchange Architectures HITSP Specifications apply to information exchanges indicated by arrows in the figure
Review of Selected Service Collaborations SC108– Access Control SC109 – Security Audit SC110 – Patient Identification Management SC112 – Healthcare Document Management SC113 – Query for Existing Data
Review of Selected Service Collaborations SC108– Access Control SC109 – Security Audit SC110 – Patient Identification Management SC112 – Healthcare Document Management SC113 – Query for Existing Data
Review of Selected Service Collaborations SC108– Access Control SC109 – Security Audit SC110 – Patient Identification Management SC112 – Healthcare Document Management SC113 – Query for Existing Data
Review of Selected Service Collaborations SC108– Access Control SC109 – Security Audit SC110 – Patient Identification Management SC112 – Healthcare Document Management SC113 – Query for Existing Data
Review of Selected Service Collaborations SC108– Access Control SC109 – Security Audit SC110 – Patient Identification Management SC112 – Healthcare Document Management SC113 – Query for Existing Data