260 likes | 459 Vues
Report to the HITPC Security and Privacy Tiger Team S&I Framework Data Segmentation for Privacy Initiative Pilots 3/10/2014. User Story Example (1).
E N D
Report to the HITPC Security and Privacy Tiger TeamS&I Framework Data Segmentation for Privacy Initiative Pilots 3/10/2014
User Story Example (1) The Patient receives care at their local hospital for a variety of conditions, including substance abuse as part of an Alcohol/Drug Abuse Treatment Program (ADATP). Data requiring additional protection and consent directive are captured and recorded. The patient is advised that the protected information will not be shared without their consent.
User Story Example (2) A clinical workflow event triggers additional data to be sent to Provider/Organization 2. This disclosure has been authorized by the patient, so the data requiring heightened protection is sent along with a prohibition on redisclosure. Provider/ Organization 2 electronically receives and incorporates patient additionally protected data, data annotations, and prohibition on redisclosure.
HL7 Implementation Guide: Data Segmentation for Privacy (DS4P), Release 1 DS4P Standard • Completed Normative Ballot in Jan 2014 and was successfully reconciled in Feb 2014. HL7 approved the final standard for publication and are processing with ANSI. • The standard uses document level tagging to convey confidentiality levels and obligations. • The standard uses vocabularies to convey specific meanings, such as “Do not re-disclose without consent” or “This document is restricted”.
HL7 Implementation Guide: Data Segmentation for Privacy (DS4P), Release 1 DS4P Standard • Contains three volumes: • Content Specification • DS4P with Direct • DS4P with Exchange
Volume 1: CDA R2 and Privacy Metadata Reusable Content Profile DS4P Standard • Contains templates and reusable building blocks for the transport specifications. • The reusable building blocks may be applied to other information exchange standards • Enables the association of information object (e.g. document) with security labels, which can be linked to privacy policies. • Supports the requirement to specify the provenance of clinical data contained in the structured content of a clinical document.
Volume 2 : NwHIN Direct Transport Profile, andVolume 3: NwHIN Exchange Transport Profile DS4P Standard • Transport Profiles containing transport specific constraints based on the reusable building blocks. • The constraints are applied to the transport-specific metadata (e.g. Document Sharing /XDS Metadata used by Exchange, and XDM Metadata used by Direct). • The generic transport-specific metadata were added to the underlying technical framework (i.e. IHE ITI Vol. 3)
Selected Standards Selected Standards
Selected Standards Other Standards Referenced by the HL7 DS4P Standard:
Data Segmentation for Privacy Initiative DS4P Pilot accomplishments
VA/SAMHSA Pilot: Pilot Accomplishments • The pilot was successfully tested and demonstrated in multiple venues, including the Interoperability showcase at HIMSS 2013 and the HL7 Plenary meeting in Baltimore, September 2013. • VA have extended the DS4P capabilities to demonstrate utilization of FHIR for DS4P (demonstrated at HL7 in Jan 14, in real time, using resources from Australia, Canada and USA).
NETSMART Pilot: Pilot Accomplishments • The pilot was successfully tested and demonstrated in multiple venues, including the Interoperability showcase at HIMSS2013. • The Netsmart DS4P Part 2 solution has been implemented with the community services referral network in Tampa Bay (2-1-1 system), helping them manage restricted data associated with programs regulated by 42 CFR part 2.
Jericho Systems / University of Texas/Conemaugh Pilot: Pilot Accomplishments • Utilized an external patient consent repository to provide machine readable consent directives that can be processed according to various privacy policies as part of any automated release of PHI on the eHealth Exchange. • The pilot used standards based message formats, consistent with current healthcare standards to support patient consent over released PHI, including segmented data.
CERNER BH (Formerly SATVA Pilot):Included Cerner Anasazi, Valley Hope Association, Defran Systems, Inc. and HEALTHeLINK Pilot Accomplishments • Cerner recently reported their Behavioral Health solution will have DS4P (using Direct) incorporated into full production for release in April of this year. • At HIMSS 2014 Cerner demonstrated marked-up CCDs being sent from the Cerner BH solution to the Cerner Millennium (large scale, general medical) solution. • Demonstrated ability to send notice of prohibition on re-disclosure (as required by 42 CFR part 2) • The Cerner Millennium solution design teams have begun work to recognize and process the DS4P marked-up data received from the Cerner BH solution. Their expectation is to include this functionality in a production release later this year.
Data Segmentation for Privacy Initiative CONCLUSION
Conclusion: • Data segmentation standards are readily available, normative standards. They utilize widely adopted vocabularies to allow BH systems to better control how the information is handled. • Pilots have demonstrated ability to mark data and to accompany data with requisite notice at the document level. • One major vendor expects to include sending, receiving and processing BH information, using DS4P functionality, in a production release later this year (BH to general EHR)
Contact Information Thank you! Johnathan Coleman, CISSP, CISM Initiative Coordinator, Data Segmentation for Privacy Principal, Security Risk Solutions Inc. 698 Fishermans Bend, Mount Pleasant, SC 29464 Email: jc@securityrs.comTel: (843) 647-1556 Ioana Singureanu, MS Standards SME, Data Segmentation for Privacy Principal, Eversolve LLC 8 Woodvue Road, Windham, NH 03087 Email: ioana.singureanu@gmail.com Tel: (603) 548 5640 Julie Chua, PMP, CAP, CISSP Office of the Chief Privacy Officer Office of the National Coordinator for Health Information Technology Department of Health and Human Services Email: julie.chua@hhs.govTel: (202) 690-3911 17
Data Segmentation for Privacy Initiative BACKUP SLIDES
Layered Approach for Privacy Metadata Technical Approach • “Russian doll” concept of applying metadata with decreasing specificity as layers are added to the clinical data. • Privacy metadata uses standards to convey: • Confidentiality of data in clinical payload • Obligations of receiving system • Allowed purpose of use
Types of Privacy Metadata used by DS4P Technical Approach • Purpose of Use: • Defines the allowed purposes for the disclosure (e.g. Treatment, Emergency Treatment etc). • Obligations: • Refrain Codes: Specific obligations being placed on the receiving system (e.g. do not re-disclose without consent) • Confidentiality Codes: • Used by systems to help convey or enforce rules regarding access to data requiring enhanced protection. Uses “highest watermark” approach.
System Behavior Technical Approach Process privacy metadata associated with health information received from other organizations Identify Information that is further restricted Identify third-party protected information before re-disclosure Verify the patient’s privacy consent allows the disclosure of protected information Verify patient’s consent before re-disclosure of protected health information Add privacy metadata to health information to be disclosed to other organization RECEIVING SYSTEM: Provider/Healthcare Organization B SENDING SYSTEM: Provider/Healthcare Organization A
Requirements of Sending System Technical Approach - LOINC Document Type/Datatype for CDA - ASC X12 4010/5010 for Healthcare Provider & facility types and Healthcare Coverage Type - SNOMED-CT for Protected diagnoses/problems Identify Information that is further restricted Verify the patient’s privacy consent allows the disclosure of protected information • Query for consent directive location (optional) • Query for consent directive (optional) • Check HL7 CDA R2 PCD • - HL7 Confidentiality Code: for CDA (N,R,V) • HL7 Refrain Code: (e.g. prohibition on re-disclosure without consent) • HL7 Purpose of Use: The purpose for the information disclosure (e.g. support treatment, payment, operations, research, etc.) • URL or XACML Pointer for Policy Reference if needed Add privacy metadata to health information to be disclosed to other organization SENDING SYSTEM: Provider/Healthcare Organization A
Data Segmentation for Privacy Initiative ALIGNMENT WITH PREVIOUS HITSC RECOMMENDATIONS
Response to HITSC S&P WG Excerpt from 6/29/2012 Report *The Policy Pointer can be included in the IHE XD* metadata or in the Patient Consent Directive.
Response to HITSC S&P WG Excerpt from 6/29/2012 Report * DS4P approach uses HL7 confidentiality codes as metadata to describe sensitivity. * Initial approaches recommended for piloting focus on using either the Patient Consent Directive as expressed using CDA or by specifying a confidentiality code within the IHE XDS/XDR/XDM metadata.
Response to HITSC S&P WG Excerpt from 6/29/2012 Report