electronic data consent and electronic privacy policy domain analysis

Electronic Data Consent and Electronic Privacy Policy Domain Analysis

Ioana Singureanu

Eversolve, LLC

Overview

Giving privacy protection options is a requirement for the adoption of secure Electronic Health Record systems

SAMHSA is a leader in promoting privacy protection Long-term experience to inform future direction

HL7 standards enable communication/exchange over the web for Privacy policy Consumer preferences Provider override

Consumer-driven Privacy

Privacy Consent Directives+Privacy Policy

Personal Health Records(including IIHI)

Direct Care Research

Diagnosis

Consumer

Maintain

Request (based on consumer’s criteria)

Data filtered (based on rules)

Override

Administrator

Terms and Concepts

Privacy Policy A set of rules intended to protect specific aspects of PHR from abuse

Personal Health Records – identified personal health records that include: PHI- Protected Health Information IIHI

Privacy Consent Directives Agreement/disagreement with policies Directives

Identity (unique identifiers) Consumer Identity

Used to protect privacy, in place of identifying traits Information Identity

Object Identifier (OID

eConsent Management over time

Explicit Privacy Consent or Privacy Policy

En

terp

rise

-sp

ecif

ic

ePolicy-based Privacy (implied consent)

Privacy Policy

Personal Health Records(including IIHI)

• The consumer cannot opt-in or opt-out. • Default policies are applied without consumer’s explicit involvement (e.g. HIPAA)

Direct Care Research

Diagnosis Administrator

Request (based on consumer’s criteria)

Data filtered (based on rules)

Terms

Implied Consent DirectivesAlso referred as “deemed” privacy consent

directivesLocal privacy policies apply by default without

explicit consumer sign-off

Manage Privacy Policy over time

Using Implied Consent for privacy protection

ePolicy-based Privacy (consumer signs-off)

Privacy Policy

Personal Health Records(including IIHI)Request (based on criteria)

Data filtered (rules)

The consumer signs-off on the consent policy as available.

Direct Care Research

Diagnosis Administrator

Consumer

Agrees

Consumer sign-off

The Role of ePolicy for eConsent

Privacy Consent Directives

Consumer

Maintain

National, Local, Organizational Policy

Use/lookup

Policies and rules - Analysis

National State

Organization

Consumer adds privacy consent directive Collect Access Use Disclose

1234

1

2

3

4

Sample Consumer Preferences Web Portal

Policy Rule Sets(Venn Diagram)

1

2

3

4

I disallow restricted info to be accessed by administrators for any purpose

I allow restricted info to be accessed by direct care providers for treatment

Policy and Consent Directives

Runtime Rules

EnginesPlatform-specific

Rules

Platform-independent, standard-based, interoperable, harmonized

Consent Directives

Privacy Policies

HL7 Standard

Common Terminology

Policy and Consent Directives

Runtime Rules Engines

HL7 Standard eConsent<XML>instance

eConsent<XML>instance

eConsent<XML>instance

ePolicy<XML>instance

ePolicy<XML>instance

ePolicy<XML>instance

ePolicy<XML>instance

ePolicy<XML>instance

eConsent<XML>instance

eConsent<XML>instance

XSD ePolicy eConsent

(XMLSchemas)

XACML

Policy rules

ODRL

Policy rules

XrML

policies rules

Platform-independent,standard-based, interoperable, harmonized

Interoperable, standard-based, automated privacy protection

ePolicy<XML>instance

National Jurisdiction

ePolicy<XML>instance

State/Province/Local JurisdictionConsumer’s

Consent Directives

eConsent<XML>instance

ePolicy synchronization

Automatic notification/publication of new privacy rules between jurisdictions

National Jurisdiction

ePolicy<XML>instance

State/Province Jurisdiction

Man

age

Ele

ctro

nic

Pri

vacy

Po

licy

(eP

oli

cy)

Actors (stakeholders)

Consenterresponsible for

maintaining privacy policies

A patient is a consumer who receives medical services

Responsible for maintaining

privacy policies

Evaluation Engine

= Policy Rule Elements = Constraint Catalog

Sensitive

ePolicy used in Personal Health Records

Information references the privacy policy or category type

Like confidentialityCode confidentialityCode

RESTRICTED

HIV-RELATED

Discharge Summary

eConsent Structure

eConsent Override

Vocabulary proposals

Additional coversheets/proposals

CompletedProposal

ISO 13606 Part 4: Functional roles

NewProposal

Terminology - 1

CBCC WGCBCC WG CBCC WG

CBCC WG

CBCC WG

CBCC WG

CBCC WG

Condition may be redundant re: purpose

Security W

G

Obligation, Condition, and Purpose

Obligation Code Action that is required to receive the permission

specified in the privacy rule Condition Code

Prerequisite for a permission to collect, access, use, or disclose personal health records (e.g. trusted computing environment).

Purpose Code It specifies the purpose of a allowing or denying

a permission.

Terminology – 2

CBCC WG

Security W

G

Security WG

Secur

ity W

G

Security WG

Security W

G

Security W

G