1 / 15

Purpose of Use (POU) Vocabulary

Purpose of Use (POU) Vocabulary. HL7 Security WG Presentation Kathleen Connor VA (ESC) January 2012. Problem with POU Code Systems. Current POU Code Systems a re not comprehensive , or consistent HL7 Vocabulary ActHealthInformationPrivacyReason Codes

wynter-barton
Download Presentation

Purpose of Use (POU) Vocabulary

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Purpose of Use (POU) Vocabulary HL7 Security WG Presentation Kathleen Connor VA (ESC) January 2012

  2. Problem with POU Code Systems Current POU Code Systems are not comprehensive, or consistent • HL7 Vocabulary ActHealthInformationPrivacyReason Codes • Contains most of the other concepts and fair definitions • HL7 DAM POU • Contains same concepts as XSPA and many from ISO, but not well defined • XSPA SAML and XACML Profile POU • No definitions • ISO 14265 • POU codes were not developed for purpose of categorizing security policies • NHIN Authorization • NHIN Authorization Framework Specification v 2.0 POU codes are very granular and some are about policy not POU • As a result, these POU codes are not interoperable • Yet POU is a critical concept in many privacy and security standards

  3. Difference in POU Code Systems • ISO: POU code system provides “a framework for classifying the various specific purposes that can be defined and used by individual policy domains”. • ASTM-1986-98 (2005) POU establishes the context and conditions of data use at a specific point in time, and within a specific setting. • RBAC Constraint: • Purpose of use in relation to permission constraints provides context to requests for information resources. • Purpose of use allows the service to consult its policies to determine if the user’s claims meet or exceed those needed for access control. • NwHIN: Coded value representing the user's purpose in issuing the request

  4. POU Harmonization Approach • Map all POU code system • Support mapping from all POU code system to the HL7 POU code system • Determine criteria for selection – e.g., NwHIN “Abuse” is covered by HL7 ActPrivacyPolicy, so not needed as a POU code • Determine Gaps • Create consistent definitions • Nest related detailed POUs under parents that are more universally applicable • Supports localized value sets without extension

  5. POU Harmonization ProposalTreatment / Payment

  6. Healthcare Business Operations

  7. Marketing, Public Health, Research, Patient Request

  8. Override

  9. Background: POU Code Systems

  10. Current Enumerations of POU Codes – Not Defined, Comprehensive, or Consistent DAM POU XSPA SAML Profile POU XSPA XACML Profile POU TREATMENT, PAYMENT, OPERATIONS, EMERGENCY, MARKETING, RESEARCH, REQUEST, PUBLICHEALTH

  11. HL7 POU Code System

  12. ISO/TS 14265 Purpose for POU • ISO/TS 14265:2011 Health Informatics - Classification of purposes for processing personal health information defines a set of high-level categories of purposes for which personal health information can be processed • This is in order to provide a framework for classifying the various specific purposes that can be defined and used by individual policy domains (e.g. healthcare organizations, regional health authorities, jurisdictions, countries) as an aid to the consistent management of information in the delivery of health care services and for the communication of electronic health records across organizational and jurisdictional boundaries • The scope of application of ISO/TS 14265:2011 is limited to Personal Health Information as defined in ISO 27799, information about an identifiable person that relates to the physical or mental health of the individual, or to provision of health services to the individual

  13. ISO/TS 14265 POU

  14. NHIN Authorization Framework Specification v 2.0 3.3.2.6 Purpose of Use Attribute This <Attribute> element shall have the Name attribute set to “urn:oasis:names:tc:xspa:1.0:subject:purposeofuse”7. The value of the <AttributeValue> element is a child element, “PurposeOfUse”, in the namespace “urn:hl7-org:v3”, whose content is defined by the “CE” (coded element) data type from the HL7 version 3 specification. The PurposeOfUse element shall contain the coded representation of the Purpose for Use that is in effect for the request. An example of the syntax of this element is as follows: <saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse"> <saml:AttributeValue> <PurposeForUse xmlns="urn:hl7-org:v3" xsi:type="CE" code="OPERATIONS" codeSystem="2.16.840.1.113883.3.18.7.1" codeSystemName="nhin-purpose" displayName="Healthcare Operations"/> </saml:AttributeValue> </saml:Attribute> Codes are assigned as below. The codeSystem is defined to be “2.16.840.1.113883.3.18.7.1”. The codeSystemName is defined to be “nhin-purpose”. The value of the Purpose of Use attribute shall be a urn:hl7-org:v3:CE element, specifying the coded value representing the user's purpose in issuing the request, choosing from the value set listed in this specification. The codeSystem attribute of this element must be present, and must specify the OID of the "Purpose of Use" code system created by the NHIN Cooperative, 2.16.840.1.113883.3.18.7.1 .

More Related