“ jericho / ut austin pilot” privacy with dynamic patient review august 27, 2013 presented by:...
TRANSCRIPT
![Page 1: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/1.jpg)
“Jericho / UT Austin Pilot”
Privacy with Dynamic Patient Review
August 27, 2013
Presented by:David Staggs, JD, CISSP
Jericho Systems Corporation
![Page 2: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/2.jpg)
208/27/2013
Agenda• Administrative issues • Pilot scope• Pilot data flow • Review of previous demonstration• Report on current progress• Discussion• Pilot Timeline• Plan of Action• Announcement of “all hands meeting”
![Page 3: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/3.jpg)
308/27/2013
Pilot Administrivia
• This pilot is a community led pilot– Limited support provided by the ONC
• Zachary May (ESAC)• Jeanne Burton (Security Risk Solutions)• Melissa Springer (HHS)
• In conjunction with DS4P bi-weekly return of an All Hands meeting• Access to DS4P Wiki, teleconference, and calendar • Meeting times: Tuesdays 11AM (ET)
– Dial In: +1-650-479-3208Access code: 662 197 169URL:https://siframework1.webex.com/siframework1/onstage/g.php?t=a&d=662197169
![Page 4: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/4.jpg)
408/27/2013
Scope of the Pilot
1. Define the exchange of HL7 CDA-compliant PCD between a data custodian and a PCD repository that includes a report on the outcome of the request back to the healthcare consumer.
2. Additional goal: use of identifiers that can uniquely identify the healthcare consumer and PCD repository used to report the outcome of the request back to the healthcare consumer by healthcare consumer’s provider and subsequent EHR custodians.
3. Stretch goal: mask and/or redact the clinical document based on PCD choices retrieved from the PCD repository.
4. Stretch goal: use of the PCD repository as a proxy allowing direct authentication by the healthcare consumer to the provider, subsequently reducing correlation errors.
![Page 5: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/5.jpg)
508/27/2013
Pilot Data Flow
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
B
, = Clinical data
A,B =PCD data
= audit record
And Subsequent Custodian of Data being Provided at
![Page 6: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/6.jpg)
608/27/2013
Previous Demonstration
1. Use Universal Client to send NwHIN messages– Patient Discovery (ITI-55), Query for Documents (ITI-38), and
Request Document (ITI-39)
2. Demonstrate consent based on recipient and patient consent directive (retrieved from a PCD repository)– Show result of different policies: 1st requestor v. 2nd requestor
3. Demonstrate PCD applied by 1st requestor– 1st requestor retrieves document; 2nd requestor requests from 1st
requestor
4. Demonstrate consent based on purpose of use– change policy from “allow treatment” to “allow research,” request
using “research” attribute both times
![Page 7: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/7.jpg)
708/27/2013
Current Progress1. Edmonds Scientific development of data segmentation
functionality for identifying segments in clinical documents and redaction– Redaction demonstrated using Request Document (ITI-39).
2. UT Austin demonstrate consent based on recipient and patient consent directive (retrieved from a PCD repository)– Patient Discovery (ITI-55), Query for Documents (ITI-38), and
Request Document
3. Conemaugh Health System demonstrate consent based on recipient and patient consent directive – Patient Discovery (ITI-55), Query for Documents (ITI-38), and
Request Document
![Page 8: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/8.jpg)
07/30/2013 8
![Page 9: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/9.jpg)
Healthcare Classification System(HCS)
08/27/2013 9
Document “Facts”
Doc
umen
t Orc
hest
ratio
nRules Engine
Document Transformer
Rule Generation
Packaging
Simplified View
PCD Constraints
Document
Clinical/Organizational Policies
Fact Administration
Rul
es
DocumentActions
Document, PCD (decomposed), and Org OID (FHIR ResourcesSupported)
Redacted/Annotated/Masked Document
Event Logging
![Page 10: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/10.jpg)
HL7 FHIR ConnectathonFast Healthcare Interoperability Resources (FHIR) Resources:
– represent flexible granular clinical concepts– managed in isolation, or aggregated into complex
documents– a coherent solution for a range of interoperability problems– based on thorough requirements gathering, formal
analysis and extensive cross-mapping to other relevant standards
– based on simple XML, with an http-based RESTful protocol where each resource has predictable URL
A workflow management layer provides support for designing, procuring, and integrating solutions.
08/27/2013 10
![Page 11: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/11.jpg)
1108/27/2013
FHIR Demonstration
Health Level Seven (HL7)
27TH Annual Plenary & Working Group Meetings
September 21-22, 2013 Hyatt Regency Cambridge (Boston)
HCS – Security Labeling Services
DS4P Use Cases – Share All, Share Partial, Breakglass
VA/DoD iEHR Use Cases
![Page 12: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/12.jpg)
1208/27/2013
Discussion
• Open forum for discussing questions:o Problems with the Universal Client?o Problems with communicating use of the PCD repositoryo Problems with use of OpenATNA Audit Message Viewero Problems with how PCD is changed and the affects o Unexpected benefits/problems
![Page 13: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/13.jpg)
1308/27/2013
Pilot Timeline
• General Timeline, conditioned on agreement of stakeholders
![Page 14: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/14.jpg)
14
Plan of Action
• Upon agreement of the participants the POA is: • Identify the elements available from previous DS4P pilots• Scope level of effort, decide on extended scenario• Determine first draft of functional requirements• Review standards available for returning information on requests• Determine any gaps or extensions required in standards• Stand up information holders and requestors• Create XDS.b repository holding PCD• Identify remaining pieces, create test procedures • Document and update IG with results of our experience
08/27/2013
![Page 15: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/15.jpg)
15
Announcement
• DS4P “All Hands Meeting:”
When: Wed, August 28, 11:00am – 12:30pm (ET)
Where: Dial-in 1-650-479-3208
Access code: 661 315 448
WebEx URL
(https://siframe work1.webex.com /siframework1/o nstage/g.php?t= a&d=661315448)
08/27/2013
![Page 16: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/16.jpg)
1608/27/2013
Backup Slides
![Page 17: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/17.jpg)
DS4P Standards Material• Location of DS4P Standards Inventory:
http://wiki.siframework.org/Data+Segmentation+-+Standards+Inventory
• Location of DS4P Standards Mapping Issues:http://wiki.siframework.org/file/view/Copy%20of%20DataMappingsIssues%2005102012.xlsx/333681710/Copy%20of%20DataMappingsIssues%2005102012.xlsx
• General Standards Source List:http://wiki.siframework.org/file/view/General%20SI%20Framework%20Standards%20Analysis.xlsx/297940330/General%20SI%20Framework%20Standards%20Analysis.xlsx
• Standards Crosswalk Analysis http://wiki.siframework.org/Data+Segmentation+for+Privacy+Standards+and+Harmonization (at bottom of page, exportable)
• Implementation Guidancehttp://wiki.siframework.org/file/view/Data%20Segmentation%20Implementation%20Guidance_consensus_v1_0_4.pdf/416474106/Data%20Segmentation%20Implementation%20Guidance_consensus_v1_0_4.pdf
08/27/2013 17
![Page 18: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/18.jpg)
1808/27/2013
DS4P References
• Use Case: http://wiki.siframework.org/Data+Segmentation+for+Privacy+Use+Cases
• Implementation Guide: http://wiki.siframework.org/Data+Segmentation+for+Privacy+IG+Consensus
• Pilots Wiki Page: http://wiki.siframework.org/Data+Segmentation+for+Privacy+RI+and+Pilots+Sub-Workgroup
![Page 19: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/19.jpg)
1908/27/2013
Pilot Data Flow
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
B
, = Clinical data
A,B =PCD data
= audit record
And Subsequent Custodian of Data being Provided at
![Page 20: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/20.jpg)
2008/27/2013
Pilot Data Flow
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
Clinical exchange #
Clinical exchange #
B
, = Clinical data
A,B =PCD data
= audit record
And Subsequent Custodian of Data being Provided at Fetch PCD Fetch
PCD
Send auditSend audit
![Page 21: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/21.jpg)
2108/27/2013
Pilot Data Flow (1)
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
, = Clinical data
A,B =PCD data
= audit record
![Page 22: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/22.jpg)
2208/27/2013
Pilot Data Flow (2)
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
, = Clinical data
A,B =PCD data
= audit record
![Page 23: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/23.jpg)
2308/27/2013
Pilot Data Flow (3)
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
B
, = Clinical data
A,B =PCD data
= audit record
And Subsequent Custodian of Data being Provided at
![Page 24: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/24.jpg)
2408/27/2013
Pilot Data Flow (4)
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
, = Clinical data
A,B =PCD data
= audit record
And Subsequent Custodian of Data being Provided at
![Page 25: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/25.jpg)
2508/27/2013
Pilot Data Flow (5)
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
, = Clinical data
A,B =PCD data
= audit record
And Subsequent Custodian of Data being Provided at
![Page 26: “ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review August 27, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation](https://reader030.vdocument.in/reader030/viewer/2022032805/56649efa5503460f94c0cdc2/html5/thumbnails/26.jpg)
2608/27/2013
Pilot Data Flow (updated)
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
B
, = Clinical data
A,B =PCD data
= audit record
And Subsequent Custodian of Data being Provided at