HL7, Data Segmentation 4 Privacy

Transcript

1. Health Level Seven® Privacy and Security Standards

2. • • • • • • Outline

3. Introduction

4. • • • EHR Definition

5. EHR,Patient Receives Care Across Care Providers & Settings

6. EHR,Clinician systems “put” relevant data for sharing into interoperable EHR

7. EHR,Clinician systems “list” and “get” desired data from interoperable EHR

   for display and use

8. EHR,Patient Receives Care Across Care Providers & Settings

9. Data Segmentation for Privacy (DS4P)

10. • • • What is Data Segmentation for Privacy?

11. • • • What is Data Segmentation for Privacy? Think

    about some of the key features to access Personal Health Information

12. Potential System Components of a Data Segmentation for Privacy Solution

    locally in a provider system - privacy consents - organizational policies - jurisdictional policies stored in a centralized database As jurisdictional and organizational policies are always subject to change: What it would be preferable for organizational/jurisdictional policies to be expressed in a centralized or a locally way?

13. Potential System Components of a Data Segmentation for Privacy Solution

    rules engine

14. Potential Data Components Jurisdictional Privacy Policies: • •

15. Potential Data Components a standardized way for EHRs to tag

    where the data was created change would only have to be made at the policy decision point rules engine

16. Potential Data Components Privacy Consent: are patient preferences about sharing

    information.These consents overcome default organizational/jurisdictional sharing policies (share/don’t share) • Using the policy decision point/rules engine to segment data based on privacy consents • Using “privacy metadata” to help the policy decision point/rules engine adjudicate privacy consents

17. Potential Data Components • • •

18. Review final, consented Use Case Document: http://wiki.siframework.org/Data+Segmentation+for+Privacy+Use+Cases Review the latest

    version of the Data Segmentation for Privacy Implementation Guidance (IG): http://wiki.siframework.org/Data+Segmentation+for+Privacy+Standards+and+Harmonization View the paper written by Scott Weinstein & Ioana Singureanu: http://wiki.siframework.org/Data+Segmentation+for+Privacy+Paper References

19. • • • Items for discussion

20. What it would be preferable for organizational/jurisdictional policies to be

    expressed in a centralized or a locally way? It may be preferable for organizational/jurisdictional policies to be expressed in a centralized way (either on a website or in a database), so that when policies change the local systems do not have to correct every policy for every patient in their system.

21. … … … … Key Features, To access Personal Health

    Information

22. DS4P which brought together stakeholders, from providers to health IT

    standards experts, health IT vendors… to discuss technological solutions that would allow for this behavioural health information to be sent with metadata or data that explain the protections that must be afford and particularly the importance of not redisclosing this information beyond that sharing that take place in accordance with the patient wishes. How Does DSP4S it protect against redisclosure of confidential patient information?

23. • • • • • • • • EHR Key

    Clinical & Business Req