1 / 34

Electronic Data Consent and Electronic Privacy Policy Domain Analysis

Electronic Data Consent and Electronic Privacy Policy Domain Analysis. Ioana Singureanu Eversolve, LLC. Overview. Giving privacy protection options is a requirement for the adoption of secure Electronic Health Record systems SAMHSA is a leader in promoting privacy protection

lundy
Download Presentation

Electronic Data Consent and Electronic Privacy Policy Domain Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Electronic Data Consent and Electronic Privacy Policy Domain Analysis Ioana Singureanu Eversolve, LLC

  2. Overview • Giving privacy protection options is a requirement for the adoption of secure Electronic Health Record systems • SAMHSA is a leader in promoting privacy protection • Long-term experience to inform future direction • HL7 standards enable communication/exchange over the web for • Privacy policy • Consumer preferences • Provider override

  3. Consumer-driven Privacy Personal Health Records (including IIHI) Direct Care Research Request (based on consumer’s criteria) Data filtered (based on rules) Override Diagnosis Administrator Maintain Consumer Privacy Consent Directives+Privacy Policy

  4. Terms and Concepts • Privacy Policy • A set of rules intended to protect specific aspects of PHR from abuse • Personal Health Records – identified personal health records that include: • PHI- Protected Health Information • IIHI • Privacy Consent Directives • Agreement/disagreement with policies • Directives • Identity (unique identifiers) • Consumer Identity • Used to protect privacy, in place of identifying traits • Information Identity • Object Identifier (OID

  5. eConsent Management over time

  6. Explicit Privacy Consent or Privacy Policy Enterprise-specific

  7. ePolicy-based Privacy (implied consent) Personal Health Records (including IIHI) Direct Care Research Request (based on consumer’s criteria) Data filtered (based on rules) Diagnosis Administrator • The consumer cannot opt-in or opt-out. • Default policies are applied without consumer’s explicit involvement (e.g. HIPAA) Privacy Policy

  8. Terms • Implied Consent Directives • Also referred as “deemed” privacy consent directives • Local privacy policies apply by default without explicit consumer sign-off

  9. Manage Privacy Policy over time

  10. Using Implied Consent for privacy protection

  11. ePolicy-based Privacy (consumer signs-off) Personal Health Records (including IIHI) Request (based on criteria) Direct Care Research Data filtered (rules) Diagnosis Administrator The consumer signs-off on the consent policy as available. Agrees Consumer Privacy Policy

  12. Consumer sign-off

  13. The Role of ePolicy for eConsent Consumer Maintain Use/lookup Privacy Consent Directives National, Local, Organizational Policy

  14. Policies and rules - Analysis • National • State • Organization • Consumer adds privacy consent directive • Collect • Access • Use • Disclose

  15. 1 2 4 3 Sample Consumer Preferences Web Portal Policy Rule Sets (Venn Diagram) 3 1 1 2 4 2 3 4

  16. I disallowrestricted info to be accessed by administrators for any purpose I allowrestricted info to be accessed by direct care providers for treatment

  17. Policy and Consent Directives Common Terminology Consent Directives HL7 Standard Runtime Rules Engines Platform-specific Rules Privacy Policies Platform-independent, standard-based, interoperable, harmonized

  18. Policy and Consent Directives HL7 Standard eConsent <XML> instance eConsent <XML> instance eConsent <XML> instance eConsent <XML> instance eConsent <XML> instance XACML Policy rules ODRL Policy rules XrML policies  rules ePolicy <XML> instance ePolicy <XML> instance XSDePolicy eConsent (XML Schemas) ePolicy <XML> instance ePolicy <XML> instance ePolicy <XML> instance Runtime Rules Engines Platform-independent,standard-based, interoperable, harmonized

  19. Interoperable, standard-based, automated privacy protection National Jurisdiction State/Province/Local Jurisdiction Consumer’s Consent Directives eConsent <XML> instance ePolicy <XML> instance ePolicy <XML> instance

  20. ePolicy synchronization • Automatic notification/publication of new privacy rules between jurisdictions State/Province Jurisdiction National Jurisdiction ePolicy <XML> instance

  21. Manage Electronic Privacy Policy (ePolicy)

  22. Actors (stakeholders) Consenterresponsible for maintaining privacy policies Responsible for maintaining privacy policies A patient is a consumer who receives medical services

  23. Evaluation Engine

  24. Sensitive = Policy Rule Elements = Constraint Catalog

  25. ePolicy used in Personal Health Records • Information references the privacy policy or category type Discharge Summary Like confidentialityCode confidentialityCode RESTRICTED HIV-RELATED

  26. eConsent Structure

  27. eConsent Override

  28. ISO 13606 Part 4: Functional roles Additional coversheets/proposals CompletedProposal Vocabulary proposals NewProposal

  29. Terminology - 1 Condition may be redundant re: purpose CBCC WG CBCC WG Security WG CBCC WG CBCC WG CBCC WG CBCC WG CBCC WG

  30. Obligation, Condition, and Purpose • Obligation Code • Action that is required to receive the permission specified in the privacy rule • Condition Code • Prerequisite for a permission to collect, access, use, or disclose personal health records (e.g. trusted computing environment). • Purpose Code • It specifies the purpose of a allowing or denying a permission.

  31. Terminology – 2 Security WG CBCC WG Security WG Security WG Security WG Security WG Security WG

More Related