1 / 27

DS4P Proposed Approach

Response to the HITSC Analysis and Recommendations on Patient Privacy, Provenance and Identity Metadata S&I Framework Data Segmentation for Privacy Initiative 6/29/2012. DS4P Proposed Approach.

tory
Download Presentation

DS4P Proposed Approach

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Response to the HITSC Analysis and Recommendations on Patient Privacy, Provenance and Identity MetadataS&I Framework Data Segmentation for Privacy Initiative 6/29/2012

  2. DS4P Proposed Approach Data Segmentation for Privacy aims to address standards needed to protect those parts of a medical record deemed especially sensitive or that may otherwise require additional privacy protection, while allowing other health information to flow more freely.

  3. Use Case Example

  4. Use Case Example

  5. DS4P Approach

  6. Requirements of Sending System • PROCESS STEP DS4P MECHANISM - LOINC Document Type/Datatype for CDA - ASC X12 4010/5010 for Healthcare Provider & facility types and Healthcare Coverage Type - SNOMED-CT for Protected diagnoses/problems • Query for consent directive location (optional) • Query for consent directive (optional) • Check HL7 CDA R2 PCD for HL7 PurposeofUse Vocabulary (aligns with NwHIN exchange) and obligations • - HL7 Confidentiality Code: for CDA (N,R,V) • HL7 Obligation Code: An obligation policy (e.g. prohibition on re-disclosure without consent) • HL7 Purpose of Use: The purpose for the information disclosure (e.g. support treatment, payment, operations, research, etc.) • URL or XACML for Policy Reference

  7. Receiving System • Requirements include: • The receiving system MUST ensure that the provenance of patient data is tracked. • The receiving system MUST enforce the annotations related to confidentiality, obligations, and purpose associated with health information received from other organizations in order to prevent unauthorized disclosures.

  8. Response to HITSC S&P WG HITSC Recommendations with Strong Alignment to DS4P Approach HITSC Recommendations with General Alignment to DS4P Approach HITSC Recommendations for which DS4P Proposes Alternatives HITSC Recommendations not addressed by DS4P

  9. Response to HITSC S&P WG General

  10. Response to HITSC S&P WG General

  11. Response to HITSC S&P WG Privacy Recommendations The specific focus of the Data Segmentation for Privacy Initiative was on privacy metadata and defining where that metadata should be placed to support the needs of the S&I Framework and its scope of data segmentation.

  12. Response to HITSC S&P WG Privacy *The Policy Pointer can be included in the IHE XD* metadata or in the Patient Consent Directive.

  13. Response to HITSC S&P WG Privacy * DS4P approach uses HL7 confidentiality codes as metadata to describe sensitivity. * Initial approaches recommended for piloting focus on using either the Patient Consent Directive as expressed using CDA or by specifying a confidentiality code within the IHE XDS/XDR/XDM metadata.

  14. Response to HITSC S&P WG Privacy

  15. Response to HITSC S&P WG Privacy

  16. Response to HITSC S&P WG Provenance Recommendations: The Data Segmentation for Privacy initiative community specifically looked at provenance in the context of ensuring that provenance metadata could persist when healthcare data is exchanged with other systems. Provenance was not analyzed to define specific guidelines or standards recommendations for ensuring the provenance of patient data. The initiative did not explicitly focus on defining the metadata used to define provenance but the implementation guidance does recommend specific standards for how to support provenance.

  17. Response to HITSC S&P WG Provenance

  18. Response to HITSC S&P WG Provenance

  19. Response to HITSC S&P WG Provenance

  20. Response to HITSC S&P WG Provenance

  21. Response to HITSC S&P WG Provenance

  22. Response to HITSC S&P WG Privacy Recommendations: The initiative did not look at patient identification attributes as specifically necessary to segment patient data. However, an analysis was done to look at the patient identification metadata that the HITSC identified and how it aligns to current work in the DS4P Initiative.

  23. Response to HITSC S&P WG Identity 23

  24. Response to HITSC S&P WG Identity 24

  25. Response to HITSC S&P WG Identity 25

  26. Additional Guidance • DS4P supports the goal of implementation of the Direct protocol as outlined in Meaningful Use language. Thus, it included specific guidance concerning use of Direct within implementation guidance. Specifically, because the current use of SMTP/SMIME as articulated within Direct implementation guidance cannot support the explicit definition of discrete metadata as articulated in this initiative, the use of IHE XDM is recommended as a specific path for implementation. The DS4P initiative members recommend alignment with the Direct XDR and XDM Specification to accomplish the implementation of data segmentation.

  27. References/Contact Information • The full whitepaper by Melissa M. Goldstein, entitled, “Data Segmentation in Electronic Health Information Exchange: Policy Considerations and Analysis” is available at: http://healthit.hhs.gov/portal/server.pt/community/healthit_hhs_gov__privacy_and_security/1147 Thank you! Johnathan Coleman, CISSP, CISM Initiative Coordinator, Data Segmentation for Privacy Principal, Security Risk Solutions Inc. 698 Fishermans Bend, Mount Pleasant, SC 29464 Email: jc@securityrs.comTel: (843) 647-1556 Scott Weinstein, J.D. Office of the Chief Privacy Officer Office of the National Coordinator for Health Information Technology Department of Health and Human Services Email: scott.weinstein@hhs.gov Erik Pupo DS4P Initiative Harmonization Team Lead Deloitte Consulting LLP erpupo@deloitte.com 27

More Related