1 / 18

Testing Procedures for DS4P

Testing Procedures for DS4P. Summary testing approach, addressing requirements traceability, and Scenario 4 update. What’s new?. An approach to testing that focuses DS4P -specific aspects Based on complex/composite privacy policies Identify those aspects that enables interoperability

zyta
Download Presentation

Testing Procedures for DS4P

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Testing Procedures for DS4P Summary testing approach, addressing requirements traceability, and Scenario 4 update

  2. What’s new? • An approach to testing that focuses DS4P-specific aspects • Based on complex/composite privacy policies • Identify those aspects that enables interoperability • Simple privacy metadata – NEW to DS4P • Reuse of existing transports • Reuse of existing best-practices for trigger, logs, provenance, etc. • Requirement Traceability • Organized to focus on the DS4P-specific criteria • Scenario 4 • Title 38 • Pull Scenarios 2, 3, 5,6 • Due next Monday

  3. Privacy Policies and Interoperability Privacy Policies are typically composites of simple, basic policies • Composite privacy policies (e.g. 42CFR Part)comprise of several basic, computable data sharing policies • Privacy metadata used to represent simple data sharing policies: • Confidentiality level • Purpose of use/disclosure • Information source is a covered substance abuse treatment • Consent required for disclosure/re-disclosure • Privacy metadata allows loosely-coupled systems and organization to exchange the most meaningful metadata related to the data shared among systems/organizations • Information exchanged may reference basic data sharing policies as privacy metadata • Confidentiality Code • Purpose of Use Code • Obligation Code • Refrain Policy Code Basic Data Sharing Policy Basic Data Sharing Policy Composite Privacy Policy

  4. Privacy Metadata used in Information Exchange to specify simple data exchange policies across organizations Transport Metadata No re-disclosure For treatment purpose Summary Document Restricted

  5. Senders determine what information is protected and marks it “restricted” in the document Summary Document Restricted document

  6. DS4P Specifics are the focus of our inspection testing We need to specify the OID

  7. Summary • Conformance Statements can be organized into • Data segmentation specific • Transport-specific • Generic best practice • E.g. use ATNA

  8. Conformance Criteria are used as traceability requirements Conformance statements related to confidentiality codes Conformance statements related to facility codes

  9. Errors are easy to spot: obligation code intended to use obligation or refrain policy? Repetitive reference the same value set could be avoided

  10. Confidentiality Code Sender/Receiver Functional Policy-based functionality Obligation/Refrain Purpose of use Data Segmentation Conformance Criteria Data Criteria Privacy Consent Provenance Extensions – entry-level

  11. Patient changes mind and…

  12. … the new preferences recorded…

  13. … applied to segmentation.

  14. Change mind... Sending System Test Procedure

  15. Procedure repeated after the patient changes her mind... Receiving System Process

  16. Receiving System Test Procedure Change mind...

More Related