250 likes | 409 Vues
EHR Systems and Policy Management. James Williams – Ontario Telemedicine Network. Objectives:. Review policy constraints for EHR systems. Traditional approaches to policies in EHRs. CHI consent management architecture. Current research. Focus:.
 
                
                E N D
EHR Systems and Policy Management James Williams – Ontario Telemedicine Network
Objectives: • Review policy constraints for EHR systems. • Traditional approaches to policies in EHRs. • CHI consent management architecture. • Current research.
Focus: • Policies pertaining to personal healthinformation. • Policies may touch upon: • Consent directives. • Acceptable uses. • Permissible disclosure. • Appropriate safeguards. • Emergency overrides. • Retention.
Sources of Policy: • Statutes and regulations • Case law • Codes of conduct • Corporate bylaws • Professional guidelines / best practices • First Nations Sovereignty
Statutes: Privacy • The most important legislative instruments are the various privacy and healthinformation statutes. • Privacy legislation in Canada is based on a set of fair information practices:
Statutes: • Establish a basic rule, and then add exceptions. • For example, expressconsent is generally required in order to disclose information to a third party. But: • Emergency situations. • Law enforcement. • Public health. • Eligibility for benefits. • Risk to third party.
Statutes: additional laws • Federal: • Statistics Act. • Quarantine Act. • Provincial: • Child Protection Act. • Communicable Disease Act. • Health Act. • Worker’s Compensation Act. • Mental Health Act.
Other sources • Case Law: • Eg: Patient has right of access to their own health record. (McInerney v MacDonald). • Codes of Conduct: • Eg: Canadian Medical Association, Health Information Privacy Code (1998). • Corporate bylaws: • Hospital policies and procedures. • Municipal Information Acts. • Best Practices • COACH Guidelines for the Protection of Health Information.
Sources: OCAP • Ownership: • information is owned collectively by the Nation. • Control: • the Nation retains control over all aspects of information management. • Access: • the Nation has a right to manage and make decisions regarding access to their collective information. • Possession: • a mechanism to assert ownership.
Some Issues: • Custodians disclosing PHI are generally under a duty to ensure that the receiving jurisdiction has ‘comparablesafeguards’. • Patients may issue consentdirectives. Ontario imposes a ‘duty to notify’ receiving custodians about these. • Patients should be able to avail themselves of additionalprotections in the new jurisdiction. • Who now has control of the information? • Consent directives are also sensitive.
More issues: • Even if we have a way to solve these issues, one of the major problems is that laws (etc) are dynamic.
Challenge: • How do we manage policies in a multi-EHR setting? • Traditional route has been to either purchase COTS products, or to develop systems for a particular jurisdiction. (Hard coded business rules).
CHI’s Consent Directives Management System • Applies constraints prior to providing access or transmitting PHI. • Allows consentdirectives at various levels of granularity. • Relies on commonprivacyvocabulary to apply consent requirements. • Can store with EHRi data, or in consolidated form.
Processing Consent Directives in a Jurisdiction • Transfer consent directives from clinical applications to the EHR. • Let either the EHR or (sending clinical application) process consent directives prior to disclosing a patient’s PHI. • Transfer consent directives from EHR to clinical applications whenever PHI is disclosed from the EHR. Want to avoid having too many consent directives management systems.
Interjurisdictional Transfer • Consent directives will be processed whether an access request is received from a POS system, or clinical portal, or from an EHR in another jurisdiction. • Jurisdictions need to agree upon and set policies as to how consent directives made in one jurisdiction will be managed following disclosure to another. • A nationally adopted messaging schema is required for conveying consent directives between jurisdictions.
Interjurisdictional Transfer (2) Several goals must be achieved before policy enforcement can be automated by a policy management service: • Jurisdictional policies must be harmonized. • Rules must be captured and codified. • Special support for changes to rules. • Common vocabultary. Data containing consent directives may flow from one jurisdiction to another, but policy related data does not.
Can we do better? • The inter-jurisdictional data transfer problem is complex. • Can we bring some technical tools to bear on the problem? • Representing policy rules. • Operationalizing the representations. • Storing and securing the representations. • Managing the representations through their lifecycle. • Verification and validation.
Current work: • There has been quite a bit of work on representing policies and regulations. • L.Cranor, M. Langehreich, M. Marchiori, J. Reagle, The Platform for Privacy Preferences (P3P 1.0) Specification. • R. Agrawal, J. Kiernan, R. Srikant, Y. Xu, An Xpath based preference language for P3P. • N. Li, T. Yu, A.I. Anton, A semantics based approach to privacy languages. (2006)
Current Work • P. Ashley, S. Hada, G. Karjoth, C. Powers, M. Schunter, Enterprise Privacy Authorization Language (EPAL 1.1). • A. Barth, J.C. Mitchell, J. Rosenstein, Conflict and combination in privacy policy languages (2004). (DPAL) • eXtensible Access Control Markup Language. (XACML)
Current Work • The above frameworks provide a formalism to specify data protection policy. They provide methods for evaluating and enforcing policies. • Drawback: they are built to manage policies within single organizations. (Guarda, Zannone, Toward the Development of Privacy Aware Systems, 2008)
Current Work • Recent efforts: • Extend XACML with algorithms addressing issue of policy similarities and integration across organizations. (Mazzoleni et al, XACML policy integration algorithms, 2008). • Distributed temporal logic. (Hilty et al, On obligations, 2005). • Privacy in Peer to Peer Networks. Automated policy enforcement. (Weber, Obry).