Upgrade to Pro — share decks privately, control downloads, hide ads and more …

HL7, Data Segmentation 4 Privacy

saracubillas
November 13, 2015

HL7, Data Segmentation 4 Privacy

First presentation of the series:
Health Level Seven®
Privacy and Security Standards

saracubillas

November 13, 2015
Tweet

More Decks by saracubillas

Other Decks in Research

Transcript

  1. • • • What is Data Segmentation for Privacy? Think

    about some of the key features to access Personal Health Information
  2. Potential System Components of a Data Segmentation for Privacy Solution

    locally in a provider system - privacy consents - organizational policies - jurisdictional policies stored in a centralized database As jurisdictional and organizational policies are always subject to change: What it would be preferable for organizational/jurisdictional policies to be expressed in a centralized or a locally way?
  3. Potential Data Components a standardized way for EHRs to tag

    where the data was created change would only have to be made at the policy decision point rules engine
  4. Potential Data Components Privacy Consent: are patient preferences about sharing

    information.These consents overcome default organizational/jurisdictional sharing policies (share/don’t share) • Using the policy decision point/rules engine to segment data based on privacy consents • Using “privacy metadata” to help the policy decision point/rules engine adjudicate privacy consents
  5. Review final, consented Use Case Document: http://wiki.siframework.org/Data+Segmentation+for+Privacy+Use+Cases Review the latest

    version of the Data Segmentation for Privacy Implementation Guidance (IG): http://wiki.siframework.org/Data+Segmentation+for+Privacy+Standards+and+Harmonization View the paper written by Scott Weinstein & Ioana Singureanu: http://wiki.siframework.org/Data+Segmentation+for+Privacy+Paper References
  6. What it would be preferable for organizational/jurisdictional policies to be

    expressed in a centralized or a locally way? It may be preferable for organizational/jurisdictional policies to be expressed in a centralized way (either on a website or in a database), so that when policies change the local systems do not have to correct every policy for every patient in their system.
  7. DS4P which brought together stakeholders, from providers to health IT

    standards experts, health IT vendors… to discuss technological solutions that would allow for this behavioural health information to be sent with metadata or data that explain the protections that must be afford and particularly the importance of not redisclosing this information beyond that sharing that take place in accordance with the patient wishes. How Does DSP4S it protect against redisclosure of confidential patient information?
  8. • • • • • • • • EHR Key

    Clinical & Business Req