190 likes | 267 Views
The Patient as Steward of Healthcare Data Managing Consent Preferences John D. Halamka MD Louis Sullivan Lecture. Privacy is the Final Frontier. How do we record patient preferences about information sharing?
E N D
The Patient as Steward of Healthcare Data Managing Consent Preferences John D. Halamka MD Louis Sullivan Lecture
Privacy is the Final Frontier How do we record patient preferences about information sharing? How do we transfer consent preferences among payers, providers, labs, pharmacies, personal health record vendors and other stakeholders? How do we manage continually changing privacy preferences, situations and use cases?
1998 – Payer/Provider data exchange Health Insurance Portability and Accountability Act (HIPAA)
2004 – Provider/Provider data exchange Regional Health Information network Organizations (RHInOs)
2008 – The Patient as Data Steward Consent Assertion Markup Language (CAML)
How it might work? A Consent Wizard, available as an open source web application, codifies all the consent options inventoried by HISPC The output of the Consent Wizard is a transportable XML representation of patient preferences that can be hosted by a payer, a PHR, or a RHIO and used to guide all information exchange
Flavors of Consent Opt-Out = data is exchanged by default unless restricted by the patient Opt-In = data is not exchanged by default until the patient consents Quilted = a subset of data is exchanged with patient consent based on institution, data user, data producer, and situation
Scope of Consent Institution Opt Out = I do not wish the information at this institution to be shared Opt In = I agree to share all information from this institution Quilted = I agree to share my medications and labs but not my problem list and notes from this institution
Scope of Consent Data User Opt Out = I do not want to participate in this research study Opt In = I want my data used by all stakeholders with audit protections, to optimize my health Quilted = I want all my data shared with emergency providers, primary care physicians, payers and public health agencies, but not with pharmaceutical firms
Scope of Consent Data Producer Opt Out = I do not want my laboratory records shared Opt In = I want my data from labs, pharmacies and payers shared with providers Quilted = I want my pharmacy records shared except medications used for mental health, HIV, and substance abuse treatment
Scope of consent Situation Opt Out = I do not want my data shared for simple office visits with one-time providers i.e. out of town visit to an urgent care for a small laceration repair Opt In = I want my data shared for all care situations Quilted = I want my data shared for all emergency visits but not for routine care
How it might appear <consent> <scope="Institution"> <code code="311570" displayName="Beth Israel Deaconess Medical Center"/> <statusCode code="opt-in"/> <time value=’20041001132534-0500’/> </scope> <scope="DataUser"> <code code =“12345678" displayName="Harvard Clinical Research Institute" /> <statusCode code="opt-out"/> <time value=’20060923153527-0500’/> </scope> </consent>
How it might appear <consent> <scope="DataProducer"> <code code="987654321" displayName="Walgreens Pharmacy"/> <statusCode code="quilted"/> <time value=’20051103161524-0500’/> <exclusion code="34343434" displayName="Mental Health"/> </scope> <scope="Situation"> <code code =“111111" displayName="Emergency Department Care" /> <statusCode code="opt-in"/> <time value=’20060201113715-0500’/> </scope> </consent>
What this means I opt-in to share all my data from Beth Israel Deaconess Medical Center I opt-out of participating in a clinical trial at Harvard Clinical Research Institute I opt-in to sharing my Walgreens prescription data except mental health medications I opt-in to sharing all data (including mental health medications) for emergency care
The devil is in the details The Consent Wizard would need to enforce integrity of consent options to avoid conflicting preferences i.e. patients cannot both opt-out and opt-in for data sharing with the same data user and situation A hierarchy must be created to ensure consistent interpretation of complex consent such as situation > institution > data user > data producer i.e. an opt-in for emergency department data sharing overrides data producer opt-outs
How could this be implemented? A Payer implements a patient portal which hosts the Consent Wizard and authenticates the patient. When a provider does a 270/271 transaction, the CAML data is returned with the 271 response or is available as a 275 claims attachment
How could this be implemented? A Personal Health Record vendor provides the Consent Wizard to patients but does not need to verifiably authenticate the patient. When the patient 'authenticates' with the provider during the care registration process, the patient provides the PHR vendor name and account information needed to access their CAML data
How could this be implemented? A RHIO, on behalf of the community, hosts the Consent Wizard and provides access to the CAML records of the community
Next steps Consideration by the AHIC Security and Privacy Working Group If AHIC proposes a use case, then SDOs would need to work on CAML or adapt XACML (existing standard for access control) to support CAML principles Pilot projects for Consent Wizard development