1 / 9

Basic Patient Privacy Consents

Basic Patient Privacy Consents. IHE Vendors Workshop 2006 IHE IT Infrastructure Education John Moehrke. Today. One Policy for the Affinity Domain Patient doesn’t agree  Don’t publish VIP Patient  Don’t publish Sensitive Data  Don’t publish Research Use  No Access.

sema
Download Presentation

Basic Patient Privacy Consents

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Basic Patient Privacy Consents IHE Vendors Workshop 2006 IHE IT Infrastructure Education John Moehrke

  2. Today • One Policy for the Affinity Domain • Patient doesn’t agree  Don’t publish • VIP Patient  Don’t publish • Sensitive Data  Don’t publish • Research Use  No Access

  3. Sensitive Document Accessibility Entries restricted tosexual health team Private entriesshared with GP Entries accessible toadministrative staff Entries accessible toclinical in emergency ü Entries accessible todirect care teams Private entriesshared with severalnamed parties Entries restricted tohealth service Source: Dipak Kalra & prEN 13606-4

  4. Basic Patient Privacy Consents • Small number of pre-coordinated Affinity Domain Privacy Consent • Patient can choose which ones to agree to • Data is classified as published under the authority of a specific Privacy Consent • Data is used in conformance with original Privacy Consent

  5. Capturing the Patient Consent act • One of the Affinity Domain Consent policies are used • CDA document captures the act of signing • Effective time (Start and Sunset) • XDS-SD – Capture of wet signature from paper • DSIG – Digital Signature (Patient, Guardian, Clerk, System) • XDS Metadata • templateId – BPPC document • eventCodeList – the list of the identifiers of the AF policies • confidentialityCode – could mark this document as sensitive

  6. Marking all XDS Documents • Consents enumerated at Affinity Domain (OID) • Rules are programmed into each system participating in Affinity Domain XDS • Use XDS Metadata – confidentialityCode • List of appropriate consents • Registry rejects non-conformant confidentialityCodes Now have a well formed vocabulary

  7. Using documents • XDS Query • *** Consumer requests specific values • Result includes confidentiality codes • XDS Consumer • Knows the user, patient, setting, intention, urgency, etc. • Enforces Access Controls according to confidentiality codes • No access given to documents marked with unknown confidentiality codes

  8. XDP • XDP Same responsibilities • Media should include copy of relevant Consents • Importer needs to coerce the confidentiality codes • Need to recognize that in transit the document set may have been used in ways inconsistent  Physical Access Controls

  9. Questions?

More Related