Health Level Seven® Privacy and Security Standards

● ● ● ● ● ● Outline

Introduction

● ● ● EHR Definition

EHR,Patient Receives Care Across Care Providers & Settings

EHR,Clinician systems “put” relevant data for sharing into interoperable EHR

EHR,Clinician systems “list” and “get” desired data from interoperable EHR for display and use

EHR,Patient Receives Care Across Care Providers & Settings

Data Segmentation for Privacy (DS4P)

● ● ● What is Data Segmentation for Privacy?

● ● ● What is Data Segmentation for Privacy? Think about some of the key features to access Personal Health Information

Potential System Components of a Data Segmentation for Privacy Solution locally in a provider system - privacy consents - organizational policies - jurisdictional policies stored in a centralized database As jurisdictional and organizational policies are always subject to change: What it would be preferable for organizational/jurisdictional policies to be expressed in a centralized or a locally way?

Potential System Components of a Data Segmentation for Privacy Solution rules engine

Potential Data Components Jurisdictional Privacy Policies: ● ●

Potential Data Components a standardized way for EHRs to tag where the data was created change would only have to be made at the policy decision point rules engine

Potential Data Components Privacy Consent: are patient preferences about sharing information.These consents overcome default organizational/jurisdictional sharing policies (share/don’t share) ● Using the policy decision point/rules engine to segment data based on privacy consents ● Using “privacy metadata” to help the policy decision point/rules engine adjudicate privacy consents

Potential Data Components ● ● ●

Review final, consented Use Case Document: http://wiki.siframework.org/Data+Segmentation+for+Privacy+Use+Cases Review the latest version of the Data Segmentation for Privacy Implementation Guidance (IG): http://wiki.siframework.org/Data+Segmentation+for+Privacy+Standards+and+Harmonization View the paper written by Scott Weinstein & Ioana Singureanu: http://wiki.siframework.org/Data+Segmentation+for+Privacy+Paper References

● ● ● Items for discussion

What it would be preferable for organizational/jurisdictional policies to be expressed in a centralized or a locally way? It may be preferable for organizational/jurisdictional policies to be expressed in a centralized way (either on a website or in a database), so that when policies change the local systems do not have to correct every policy for every patient in their system.

… … … … Key Features, To access Personal Health Information

DS4P which brought together stakeholders, from providers to health IT standards experts, health IT vendors… to discuss technological solutions that would allow for this behavioural health information to be sent with metadata or data that explain the protections that must be afford and particularly the importance of not redisclosing this information beyond that sharing that take place in accordance with the patient wishes. How Does DSP4S it protect against redisclosure of confidential patient information?

● ● ● ● ● ● ● ● EHR Key Clinical & Business Req