“ jericho / ut austin pilot” privacy with dynamic patient review august 27, 2013 presented by:...
TRANSCRIPT
“Jericho / UT Austin Pilot”
Privacy with Dynamic Patient Review
August 27, 2013
Presented by:David Staggs, JD, CISSP
Jericho Systems Corporation
208/27/2013
Agenda• Administrative issues • Pilot scope• Pilot data flow • Review of previous demonstration• Report on current progress• Discussion• Pilot Timeline• Plan of Action• Announcement of “all hands meeting”
308/27/2013
Pilot Administrivia
• This pilot is a community led pilot– Limited support provided by the ONC
• Zachary May (ESAC)• Jeanne Burton (Security Risk Solutions)• Melissa Springer (HHS)
• In conjunction with DS4P bi-weekly return of an All Hands meeting• Access to DS4P Wiki, teleconference, and calendar • Meeting times: Tuesdays 11AM (ET)
– Dial In: +1-650-479-3208Access code: 662 197 169URL:https://siframework1.webex.com/siframework1/onstage/g.php?t=a&d=662197169
408/27/2013
Scope of the Pilot
1. Define the exchange of HL7 CDA-compliant PCD between a data custodian and a PCD repository that includes a report on the outcome of the request back to the healthcare consumer.
2. Additional goal: use of identifiers that can uniquely identify the healthcare consumer and PCD repository used to report the outcome of the request back to the healthcare consumer by healthcare consumer’s provider and subsequent EHR custodians.
3. Stretch goal: mask and/or redact the clinical document based on PCD choices retrieved from the PCD repository.
4. Stretch goal: use of the PCD repository as a proxy allowing direct authentication by the healthcare consumer to the provider, subsequently reducing correlation errors.
508/27/2013
Pilot Data Flow
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
B
, = Clinical data
A,B =PCD data
= audit record
And Subsequent Custodian of Data being Provided at
608/27/2013
Previous Demonstration
1. Use Universal Client to send NwHIN messages– Patient Discovery (ITI-55), Query for Documents (ITI-38), and
Request Document (ITI-39)
2. Demonstrate consent based on recipient and patient consent directive (retrieved from a PCD repository)– Show result of different policies: 1st requestor v. 2nd requestor
3. Demonstrate PCD applied by 1st requestor– 1st requestor retrieves document; 2nd requestor requests from 1st
requestor
4. Demonstrate consent based on purpose of use– change policy from “allow treatment” to “allow research,” request
using “research” attribute both times
708/27/2013
Current Progress1. Edmonds Scientific development of data segmentation
functionality for identifying segments in clinical documents and redaction– Redaction demonstrated using Request Document (ITI-39).
2. UT Austin demonstrate consent based on recipient and patient consent directive (retrieved from a PCD repository)– Patient Discovery (ITI-55), Query for Documents (ITI-38), and
Request Document
3. Conemaugh Health System demonstrate consent based on recipient and patient consent directive – Patient Discovery (ITI-55), Query for Documents (ITI-38), and
Request Document
07/30/2013 8
Healthcare Classification System(HCS)
08/27/2013 9
Document “Facts”
Doc
umen
t Orc
hest
ratio
nRules Engine
Document Transformer
Rule Generation
Packaging
Simplified View
PCD Constraints
Document
Clinical/Organizational Policies
Fact Administration
Rul
es
DocumentActions
Document, PCD (decomposed), and Org OID (FHIR ResourcesSupported)
Redacted/Annotated/Masked Document
Event Logging
HL7 FHIR ConnectathonFast Healthcare Interoperability Resources (FHIR) Resources:
– represent flexible granular clinical concepts– managed in isolation, or aggregated into complex
documents– a coherent solution for a range of interoperability problems– based on thorough requirements gathering, formal
analysis and extensive cross-mapping to other relevant standards
– based on simple XML, with an http-based RESTful protocol where each resource has predictable URL
A workflow management layer provides support for designing, procuring, and integrating solutions.
08/27/2013 10
1108/27/2013
FHIR Demonstration
Health Level Seven (HL7)
27TH Annual Plenary & Working Group Meetings
September 21-22, 2013 Hyatt Regency Cambridge (Boston)
HCS – Security Labeling Services
DS4P Use Cases – Share All, Share Partial, Breakglass
VA/DoD iEHR Use Cases
1208/27/2013
Discussion
• Open forum for discussing questions:o Problems with the Universal Client?o Problems with communicating use of the PCD repositoryo Problems with use of OpenATNA Audit Message Viewero Problems with how PCD is changed and the affects o Unexpected benefits/problems
1308/27/2013
Pilot Timeline
• General Timeline, conditioned on agreement of stakeholders
14
Plan of Action
• Upon agreement of the participants the POA is: • Identify the elements available from previous DS4P pilots• Scope level of effort, decide on extended scenario• Determine first draft of functional requirements• Review standards available for returning information on requests• Determine any gaps or extensions required in standards• Stand up information holders and requestors• Create XDS.b repository holding PCD• Identify remaining pieces, create test procedures • Document and update IG with results of our experience
08/27/2013
15
Announcement
• DS4P “All Hands Meeting:”
When: Wed, August 28, 11:00am – 12:30pm (ET)
Where: Dial-in 1-650-479-3208
Access code: 661 315 448
WebEx URL
(https://siframe work1.webex.com /siframework1/o nstage/g.php?t= a&d=661315448)
08/27/2013
1608/27/2013
Backup Slides
DS4P Standards Material• Location of DS4P Standards Inventory:
http://wiki.siframework.org/Data+Segmentation+-+Standards+Inventory
• Location of DS4P Standards Mapping Issues:http://wiki.siframework.org/file/view/Copy%20of%20DataMappingsIssues%2005102012.xlsx/333681710/Copy%20of%20DataMappingsIssues%2005102012.xlsx
• General Standards Source List:http://wiki.siframework.org/file/view/General%20SI%20Framework%20Standards%20Analysis.xlsx/297940330/General%20SI%20Framework%20Standards%20Analysis.xlsx
• Standards Crosswalk Analysis http://wiki.siframework.org/Data+Segmentation+for+Privacy+Standards+and+Harmonization (at bottom of page, exportable)
• Implementation Guidancehttp://wiki.siframework.org/file/view/Data%20Segmentation%20Implementation%20Guidance_consensus_v1_0_4.pdf/416474106/Data%20Segmentation%20Implementation%20Guidance_consensus_v1_0_4.pdf
08/27/2013 17
1808/27/2013
DS4P References
• Use Case: http://wiki.siframework.org/Data+Segmentation+for+Privacy+Use+Cases
• Implementation Guide: http://wiki.siframework.org/Data+Segmentation+for+Privacy+IG+Consensus
• Pilots Wiki Page: http://wiki.siframework.org/Data+Segmentation+for+Privacy+RI+and+Pilots+Sub-Workgroup
1908/27/2013
Pilot Data Flow
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
B
, = Clinical data
A,B =PCD data
= audit record
And Subsequent Custodian of Data being Provided at
2008/27/2013
Pilot Data Flow
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
Clinical exchange #
Clinical exchange #
B
, = Clinical data
A,B =PCD data
= audit record
And Subsequent Custodian of Data being Provided at Fetch PCD Fetch
PCD
Send auditSend audit
2108/27/2013
Pilot Data Flow (1)
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
, = Clinical data
A,B =PCD data
= audit record
2208/27/2013
Pilot Data Flow (2)
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
, = Clinical data
A,B =PCD data
= audit record
2308/27/2013
Pilot Data Flow (3)
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
B
, = Clinical data
A,B =PCD data
= audit record
And Subsequent Custodian of Data being Provided at
2408/27/2013
Pilot Data Flow (4)
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
, = Clinical data
A,B =PCD data
= audit record
And Subsequent Custodian of Data being Provided at
2508/27/2013
Pilot Data Flow (5)
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
, = Clinical data
A,B =PCD data
= audit record
And Subsequent Custodian of Data being Provided at
2608/27/2013
Pilot Data Flow (updated)
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
B
, = Clinical data
A,B =PCD data
= audit record
And Subsequent Custodian of Data being Provided at