1 / 37

VA-SAMHSA DS4P Pilot Demonstrations

Veterans Health Administration Healthcare Information Governance. Emerging Health Technologies Advancement Center (EHTAC) HIMSS 2013 Interoperability Showcase Demonstration Playbook Duane DeCouteau Senior Software Engineer (Edmond Scientific). Data Segmentation for Privacy Initiative.

callia
Télécharger la présentation

VA-SAMHSA DS4P Pilot Demonstrations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Veterans Health AdministrationHealthcare Information Governance Emerging Health Technologies Advancement Center (EHTAC) HIMSS 2013 Interoperability Showcase Demonstration Playbook Duane DeCouteauSenior Software Engineer (Edmond Scientific) Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot Demonstrations

  2. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Table of Contents Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  3. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Platforms Primary Presentation Station Mobility • Tablets #1-3 (Primary) • SAMHSA – VA Exchange • VA Prototypic Portal • Mitre Patient Consent • FEIsystems REM • Jericho PDP • Emergency Use Case • VA Direct – Third Party • VA Prototypic Portal • Mitre Patient Consent • FEIsystems REM • Jericho PDP • VA Repository • No Redisclosure • Tablet #4 • VA Direct – Third Party • VA Prototypic Portal • Jericho Patient Consent • VA Repository • Jericho PDP • Tablet #5 • VA Direct – Third Party • VA Prototypic Portal • HIPAAT Patient Consent • VA Repository • HIPAAT Policy Engine • Kiosk 11-1 • FEISystems REM (EHR) • Clinical Rules Manager • Privacy Rules Manager • Security and Privacy Administration • Security Labeling Service (SLS) • Document Orchestration • Detailed Access Control Information [ Bull Pen ] Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  4. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Supporting Patient Consent Management Systems Mitre Corporation DS4P GUI Jericho Systems Patient Portal MyConsentMinder Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  5. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Clinical and Use Configuration(s) Patients PUI100010060001     AsamplePatientone, 42 Male Active Problems Type 2 Diabetes Asthma CononaryAtery Atheroma Hyperlipidemia Hypertension Acute HIV Substance Abuse Active Medications Bupropion Hydrochloride Zidovudine PUI100010060007 AsamplePatienttwo,  32  Male Active Problems Psychotic Disorder Persistent Alcohol Abuse Diabetes mellitus type 2 Sickle Cell Anemia Active Medications Thorazine Metformin  Hydroxyurea PUI100015060013             AsamplePatienthree,   27           Female                 Active Problems Anorexia nervosa (disorder) Obsessive compulsive personality disorder (disorder)  Active Medications Sertraline 20 MG/ML Oral Solution [Zoloft] [861066] PUI100015060014             AsamplePatienfour,      42           Male      Active Problems Acute stress disorder (disorder) Major depressive disorder (disorder)    Active Medications Sertraline 20 MG/ML Oral Solution [Zoloft] [861066] User/Use Case Assignments Additional Patients JERICHO TEST – Patient Consent Only HIPAAT TEST – Patient Consent Only DrDuane/DrBurak/DrMike/DrMichael/DrDavid/DrKel– AsamplePatientone Use Cases Share Partial Emergency Treatment DrMike/DrDuane - AsamplePatienttwo Use Cases Share All DrDavid/DrMichael - AsamplePatientthree Use Cases Patient Changes Mind DrKel/DrBurak - AsamplePatientfour Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  6. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Basics Login Screen (Username and Password Provided by VA Development Team) Logout Option (System will automatically logout User after 30 minutes of inactivity) Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  7. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Basics Tablet Navigation Bar Test Patient Selection eHealth Exchange VA – SAMHSA Document Query and Document Retrieve User Profile/Credentials/Workflow (For Demonstration only Purpose of Use (POU) is allowed to be modified) Not Implemented eHealth Direct VA – SAMHSA – Third Party Providers Inbox of Processed Documents (Note: XDM Packages must be processed via Reference Model) Logout (End User Session) Access Control Decisioning View: Policy Decision, Obligations, Generated Annotated Rules, Executed Rules Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  8. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Basics Patient Selection Select and set context To Veteran patient Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  9. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Basics Document Search Execute Document Query View Meta data View Request SAML Assertion Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  10. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Basics Document Retrieve Select Document to retrieve View Document Retrieve SAML Assertion View Transformed CDA Document Decrypt Masked Entries Decrypt Document Payload Retrieve Selected Document View Document Meta data (For Demonstration Purposes Only) (For Demonstration Purposes Only) Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  11. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Basics Access Control Decisioning Log View Annotation Rules derived from Clinical Facts and Organizational Policy View Obligation(s) from Patient Consent USPrivacyLaw Organizational Policy View Rules executed based on contents of document being retrieved Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  12. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Basics Setting Purpose of Use (POU) Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  13. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Basics Providers eHealth Direct Inbox Note: Due to time limitations this capability was not implemented please utilize Reference Model test harness to load and process XDM packages. Decrypt DOCUMENT.xml file if necessary (SAMHSA patients only) View contents of METADATA.xml View HTML version of DOCUMENT.xml CDA file. Test/Validate No redisclosure without consent. Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  14. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Emergency Treatment (Break-the-glass) Use Case Scenario: The “test” Patient, a Veteran, is being seen at a VAMC Emergency Room for non-specific abdominal pain. The “test” Patient is also receiving un-related treatment at a 42CFRPart2 constrained organization. That patient has chosen to participate in eHealth Exchange and has created a Consent Directive authorizing participation as well are constraining specific components of their clinical record. Specifically the “test” patient wishes to REDACT Substance Abuse, Mental Health related observations, and MASK (for intended recipient eyes only) all findings related to HIV. The Emergency Room attending performs an eHealth Exchange document query and retrieve. Expected Outcome: Annotation of Document will occur with Document, Section, and Entry security labels being applied, NO actions of REDACTION or MASKING will be performed when Purpose of Use (POU) is Emergency Treatment (ETREAT). Authorization for disclosure is determined by POU, Organizational policy, and trust relationship between exchanging organizations (exchange of certificates). Document, in its entirety, is delivered for viewing to Emergency Room attending (requestor) with 42CFRPart2 WARNING and heightened auditing. Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  15. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Emergency Treatment (Break-the-glass) Step #1: From your tablet login to DS4PMobilePortal Step #2: Touch your profile button, “DrName” and change your POU to Emergency(this is normally a workflow event). Step #3: Touch “Patient List” and then select “AsamplePatientone” from drop-down list. Step #4: Touch “eHealth Exchange” then touch “Search” button to perform cross-enterprise document query (VA-SAMHSA). Available documents are returned and visible for selection in table. Note: that no document annotation has occurred at this point only an authorization to release to recipient and 2) available documents and meta data are returned. Step #5: Touch row of interest “Consult Notes” and then touch the “Retrieve Document” button. Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  16. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Emergency Treatment (Break-the-glass) Step #6: Note that the document has been delivered to the requestor in the Emergency Room in its Encrypted form per sending organizations DS4P policy. Step #7: Touch “X” button or anywhere to close “Document Retrieve Response” window. Step #8: Touch “Decrypt Document” to decrypt document payload. This step is for demonstration purposes only. Step #9: Note that contents of document are now revealed (in XML form) to requestor. Again this is a step is for demonstration purposes only. Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  17. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Emergency Treatment (Break-the-glass) Step #10: Touch the “View Clinical Document” button the 42CFRPart warning is displayed as well as the document. Note the document and section level tagging of “R” for restricted. And the entry level tag related to applicable policies. Substance Abuse (ETH), Mental Health Related (PSY), and HIV information is visible. Step #11: Touch the “Access Control Decisioning” button. In table touch most recent event related to your “Provider Id” and “Document Retrieve” service request. Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  18. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Emergency Treatment (Break-the-glass) Step #12: Touch the “Obligations” button, in the XACML Response window we see patient consent directives to REDACT ETH and PSY, and too MASK HIV. Additionally the organization is constrained by US Privacy Laws 42CFRPart2, Title32Section7332, and requires document handling of encryption. Step #13: Touch the Security Labeling Service “SLS Rules Generated” button. A list of all applicable/ available rules is shown, DRL is Drools Rule Language. The rules and the decomposed C32 are sent to the Drools Rule Engine for processing. Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  19. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Emergency Treatment (Break-the-glass) Step #14: Touch the Security Labeling Service “SLS Rules Executed” button. A list of all the rules that executed and results in a label being applied to a specific observation. Note: all disregard patient directives to REDACT and/or MASK. Step #15: RESET you session by setting your Purpose of Use (POU) in your user profile to “Treatment” see step #2 for further instructions. Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  20. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Share Partial Use Case Scenario: The “test” Patient, a Veteran, has been referred for a Monday morning follow up appointment with “DrName”. Over the weekend our “test” patient updates their consent directive to include “DrName” as an authorized recipient. Remember our patient’s consent directive constrains specific components of their clinical record. Specifically the “test” patient wishes to REDACT Substance Abuse, Mental Health related observations, and MASK (for intended recipient eyes only) all findings related to HIV. Prior to seeing our test patient “DrName” performs a eHealth Exchange document query. Expected Outcome: Annotation of Document will occur with Document, Section, and Entry security labels being applied, Actions of REDACTION or MASKINGwill be performed. Authorization for disclosure is determined by, provider ID, POU, Credentials, Sensitivity Permissions, Organizational policy, and trust relationship between exchanging organizations (exchange of certificates). Document, fully annotated (REDACT/LABEL/MASK/ENCRYPT) is delivered to “DrName”. Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  21. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Share Partial Step #1: From your tablet login to DS4PMobilePortal Step #2: Touch your profile button, “DrName” and change your POU to Treatment(this is normally a workflow event). Step #3: Touch “Patient List” and then select “AsamplePatientone” from drop-down list. Step #4: Touch “eHealth Exchange” then touch “Search” button to perform cross-enterprise document query (VA-SAMHSA). Available documents are returned and visible for selection in table. Note: that no document annotation has occurred at this point only an authorization to release to recipient and 2) available documents and meta data are returned. Step #5: Touch row of interest “Consult Notes” and then touch the “Retrieve Document” button. Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  22. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Share Partial Step #6: Note that the document has been delivered to the requestor in its Encrypted form per sending organizations DS4P policy. Step #7: Touch “X” button or anywhere to close “Document Retrieve Response” window. Step #8: Touch “Decrypt Document” to decrypt document payload. This step is for demonstration purposes only. Step #9: Note that contents of document are now revealed (in XML form) to requestor. Again this is a step is for demonstration purposes only. Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  23. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Share Partial Step #10: Touch the “View Clinical Document” button. The 42CFRPart warning is displayed as well as the document. Note the document and section level tagging of “R” for restricted. And that one problem list item, and one medication have been MASKED. Substance Abuse (ETH) and Mental Health Related (PSY) findings have been REDACTED. Step #11: Touch the “Decrypt Doc and Entries” button. Assuming your user has necessary permissions you will receive the key and be able to decrypt the MASKED entries. This step is for demonstration purposes only. Close the XML display. Step #12: Touch the “View Clinical Document” button. The two (2) MASKED entries are revealed to the user. In this case Acute HIV, and the AZT equivalent medication were previously hidden from users view. Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  24. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Share Partial Step #12: Touch the “Access Control Decisioning” button. Step #13: Touch to select most recent “DocumentRetrieve” service request associated with your provider ID in the log table. Step #14: Touch the Security Labeling Service “SLS – Rules Generated” button. Note that rules now take into account the patients wishes to REDACT or MASK aspects of their clinical record. Patient Constraint SNOMED-CT code US Privacy Law Action Sensitivity Label Confidentiality Label Document Handling Refrain Policy Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  25. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Share All Use Case Scenario: The “test” Patient, a Veteran, has been referred to an orthopedic surgeon “DrName” at the VAMC in Helena, MT. The “test” Patient is also receiving un-related treatment at a 42CFRPart2 constrained organization. That patient has chosen to participate in eHealth Exchange and has created a Consent Directive authorizing participation and disclosure to “DrName”. The patient has no concerns in regards to sharing his/her clinical information fully with DrName. Expected Outcome: Annotation of Document will occur with Document, Section, and Entry security labels being applied, Actions of REDACTION or MASKINGwill be performed IF REQUIRED. Authorization for disclosure is determined by, provider ID, POU, Credentials, Sensitivity Permissions, Organizational policy, and trust relationship between exchanging organizations (exchange of certificates). Document, fully annotated (REDACT/LABEL/MASK/ENCRYPT) is delivered to “DrName”. Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  26. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Share All Step #1: From your tablet login to DS4PMobilePortal Step #2: Touch your profile button, “DrName” and make sure your POU is set to Treatment(this is normally a workflow event). Step #3: Touch “Patient List” and then select “AsamplePatienttwo” from drop-down list. Repeat Step #4 thru #10 from Share Partial Use Case Note when viewing clinical document. No masking is present and PSY, ETH, SICKLE Cell Anemia, disorders and medications are visible. Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  27. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Share All Step #11: Touch the “Access Control Decisioning” button. Step #12: Touch to select most recent “DocumentRetrieve” service request associated with your provider ID in the log table. Step #13: Touch “Obligations” button. Note that there are no patient constraints present. Step #14: Touch the Security Labeling Service “SLS – Rules Generated” button. Note that rules now take into account that no patient constraints are present and are entirely based on organizational policy. Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  28. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Patient Changes Mind (Modifying Patient Consent) Use Case Scenario: The “test” Patient, a Veteran, is currently receiving treatment for PTSD from “DrDavid” at the VAMC in Helena, MT. The “test” Patient is also receiving un-related treatment at a 42CFRPart2 constrained organization. That patient has chosen to participate in eHealth Exchange and has created a Consent Directive authorizing participation and disclosure to “DrDavid” with no constraints. The patient initially has no concerns in regards to sharing his/her clinical information fully with “DrDavid” . At some point in the future our “test” patient fells uncomfortable seeing “DrDavid” and is switched to another Mental Health Provider at the VAMC. After some consideration our “test” patient decides to alter their VA consent directive to disallow access “DrDavid” both locally and across the eHealth Exchange. Expected Outcome: Annotation of Document will occur with Document, Section, and Entry security labels being applied, Actions of REDACTION or MASKINGwill be performed IF REQUIRED. Authorization for disclosure is determined by, provider ID, POU, Credentials, Sensitivity Permissions, Organizational policy, and trust relationship between exchanging organizations (exchange of certificates). Initially the Document, fully annotated (REDACT/LABEL/MASK/ENCRYPT) is delivered to “DrDavid”. After the “test” patient changes their consent directive to disallow “DrDavid” access, “DrDavid” Is no longer able to receive necessary authorizations to request or view the patients record. Note: This use case example of patient changes mind has had its scope minimized. Only Jericho was able to provide a patient effacing Consent Tool, services, XDS.b repository, and integrate prior to HIMSS. And Consent Directives stored in SAMHSA XDS.b repository were actually generated by VA services without benefit of a patient tool. There are still some issues to be worked out between VA/SAMHSA and Jericho in regards to this portion of the demonstration. Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  29. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Patient Changes Mind (Modifying Patient Consent) Step #1: From your tablet login to DS4PMobilePortal as “DrDavid” Step #2: Touch your profile button, “DrDavid” and make sure your POU is set to Treatment(this is normally a workflow event). Step #3: Touch “Patient List” and then select “AsamplePatientthree” from drop-down list. Repeat Step #4 thru #10 from Share Partial Use Case Note when viewing clinical document, that masked entries exists in both Problem List and Medications. Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  30. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Patient Changes Mind (Modifying Patient Consent) Step #11: Touch the “Decrypt Doc and Entries”. Masked entries are decrypted and XML document is displayed. This step is for demonstration purposes only. Close window. Step #12: Touch “View Clinical Document” button. Note that EHT and PSY findings are now visible to “DrDavid”. Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  31. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Patient Changes Mind Step #11: Touch the “Access Control Decisioning” button. Note that authorization decisions occurred for DocumentQuery, DocumentRetrieve, DocumentEntryUnMask, and DocumentView. Change AsamplePatientthree’s VA Consent Directive Step #12: Login into Jericho Systems Patient Portal as “AsamplePatientthree”. Note that Dr. David has been authorized to view our test patients records with no constraints. Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  32. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Patient Changes Mind (Modifying Patient Consent) Step #13: Click on the “Update” button next to “Dr. David” Step #14: Click on “Block all personal health information.” Then click on “Continue” button. Step #15: Click on “Authorize & Sign” button. Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  33. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Patient Changes Mind (Modifying Patient Consent) Step #16: Sign the draft consent directive making it authoritative by entering in username and password and selecting an end date. Step #17: Click on “Sign Draft” button. Step #18: Note the access for Dr. David is now blocked. Logout of Jericho Systems “Patient Portal”. Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  34. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Demonstration Use Case: Patient Changes Mind (Modifying Patient Consent) Step #19: From the DS4PMobilePortal Touch the “eHealth Exchange” button then Touch “Search” button. DrDavid receives a “You do not have the necessary authorization privileges to perform this operation”. Step #20: Touch “Access Control Decisioning” button. Note the DrDavid’sDocumentQueryOut request have been denied. Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  35. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 An Unexpected Interop: VA-SAMHSA and NetSmart During the HIMSS Interoperability Showcase the VA-SAMHSA team was asked to perform an impromptu Interop with the NetSmart DS4P Pilot. VA-SAMHSA team provided NetSmart their Direct HealthVault (development sandbox) email address, requirements for an XDM attachment, and a example of the METADATA being produced by SAMHSA (FEISystems). The first attempt to process the XDM package failed due to the structure of the zip file. NetSmart delivered a new direct message the following day. The direct xdm package was able to be received by the VA developed XDMProcessingService (web service) but failed the Collection phase as it was unable to identify intended recipient to determine permissions for persisting the data. This implied there was a disconnect in METADATA being asserted. The interop was set aside until after the conference. Upon my return home I disabled the permission check during collection phase and manually persisted the intended recipient info after the fact. Allowing the document and its METADATA to be stored. To the right is the CCD received from NetSmart. Should we be concerned? Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

  36. Data Segmentation Using Healthcare Privacy and Security Labels HIMSS 2013 Things to Consider…. Need to revisit METADATA being exchange between organizations. Cart before the horse problem, should HCS be engaged during DocQuery? This is only an issue when an organization annotates the document in real-time. XACML is good for enforcing obligations and refrain policies. But not for determining them. Key exchange between organizations. The OASIS XSPA standards and IHE XUA++ need to be updated to reflect outcomes of pilot. When embedding an XACML policySet in the CDA R2 Consent Directive, which the VA-SAMHSA pilot relied heavily on, a minimum set of policies and resources needs to be recommended. Data Segmentation for Privacy Initiative VA-SAMHSA DS4P Pilot HIMSS 2013 Demonstration

More Related