I met with the Data Segmentation for Privacy (DS4P) workgroup. These are my notes from the meeting.
ONC S&I Framework face to face
Wednesday Q4 3-6
Introductions.
IG….what will this look like?
Reference Implementations are planned for this summer. Need
to make a case back at the office for us to participate. Which projects might
be a good fit?
Tiger Team Report=out
Consent management
transactions
CDA Consent Directive DSTU (selected)
Information
Interchange
Metadata in context
Use the cda r2 privacy and security vocabularies
How do we explain this so that the user understands it? Is
this a requirement? How would we do this? No.. Focus on the technology…..let
someone else educate patients.
42 CFR Part 2 requires hiding information and not letting
the user know that something is being masked. This is policy. The technology
will support other policies.
System Requirements
Alignment of data segmentation with the ehr functional
model.
How to identify and annotate protected clinical information.
Expectations
Don’t be perfect. This is a draft.
The IG will reference the Use Case document. It will not include the UC doc.
See the presentation for more details.
Thursday Q1
Interesting dynamic between the technical folks and the
policy wonks.
Reviewing the IG.
“Push” is an unsolicited transaction.
DSUB – Document Subscription
0915
Walter Suarez presented on HITSC and Privacy Metadata
(Pcast)
Tagged data elements (atoms)
HIT Standards Committee Meta data tiger team
Focused on
- ·
Patient Identification
- ·
Provenance
- ·
Privacy
PCAST called for metadata on every element. HITSC narrowed
the focus.
Recommendations:
·
- Policy Pointer (url to privacy policy that
governs the tde)
- ·
Content medadata
- o
Datatype (category from a clinical perspective)
- o
Sensitivity (special handling instructions)
Three components necessary to enforce privacy:
·
Policy
·
Metadata about the content
·
Metadata about the requestor.
External Policy Registry, but no implementation specifics
“Policy” is both regulatory (42cfr) and specific (patient
does not want data shared with dr. smith)
EU regulation contains “a right to be forgotten” in it. Did
HITSC consider this? Issues with lawsuits (how do I defend a decision based on
data that no longer exists). Record retention requirements (term of employment
plus 30 years).
Proposing to add sensitivity codes
- ·
Substance abuse (eth)
- ·
Reproductive health
- ·
Sexually transmitted disease (HIV)
- ·
Mental Health (PSY)
- ·
Genetic Information
- ·
Violence (SDV)
- ·
Other
ANPRM comments.
Thursday Q2 -- 1055
Disclosed metadata is recursive? No. Create as much metadata as possible.
Use a rules engine to apply the rules on the clinical data
prior to sending the document out.
Thursday Q3 – 1330
Focus on the push transaction and the metadata.
How do you convey multiple policies….repeating structure? There
may be more than one policy applied to this document. This metadata will have
to be added to XD*
Then we go through the xs* transactions…..very similar.
Thursday Q4 1600
Bundle XDS and XUA to retrieve the document and authenticate
who the request is from.
Need to
understand the consent directive ig. Go back and read this on the plane.
Where does segmentation happen?
Realized that CDA does not support confidentiality at the
entry level (in R2). Will limit segmentation to the document and section level.
Plus, there is no reliable way to remove content from the narrative.
Friday Q1 -- 0800
Need to write up a strawman for Donna, Joe and Peter to see
if they are interested in being a pilot. Propose Tulsa and Detroit Beacon as
potential pilots. Need to engage Mirth and Apelon. Possibly IHIE? Not really.
They do not support CDA.
We could do the direct as transport protocol. Generate CCD
from Mirth and send it on.
There are pilots of CCDA in the ToC initiative. Need to look
at who is involved.
How to pilot? XD* and the exchange of CCDA should already
exist. We just need to test the segmentation part of the project.
Need pilots that have different architectures and transport
protocols, as it is very unlikely that any one pilot will have all of them.
We already have the use cases. No need to create new ones. Need
to pick a pilot that meets some use cases, not all of them.
SAMHA Pilot.
VA pilot. Using a standard CDA. Working with Apelon. Using
standard terminology from Apelon and Value sets to look at the documents. Access
control system (ACS). Trying to adapt CCDA to behavioral health. Rules engine
to determine what to suppress. GUI for
42CFR Part 2 and Title 38 Section 7332 consent form (one and only one).
Epic.
Epic has a network of their systems. Care Everywhere. No
central repository. Each Epic system is a trusted entity with the others.
56million patients.
Organizations decide how to handle consent. Either opt-in or
opt-out. No re-disclosure. Patient has to issue consent to each organization.
Withheld information can be in several categories:
Organizations can configure sharing. Some departments can be withheld. Some
types of notes can be withheld. Physician flags the note as “sensitive.”
Patients who opt out.
Friday Q2 – 1030
Mitre and hData
What is hData
Organizing data. Metadata. Pub.sub model for data exchange.
They have their own transport and network api.
hData and green cda are friends. Simpler xml.
Record – section – section document
How does this fit with the use cases and the technologies
that we have discussed?
http put, get, etc.
Transforms to and from cda, etc.
Security concerns with this approach. Using xaml with http
can be done, but it is cumbersome.
Good applications in mobile health, rendering to a mobile
phone.
Data Segmentation for Privacy is similar to Data
Segmentation for Security (Intelligence Community). Tagging documents. Similarities between security classification
and phi.
Defining Success
Objectives for the pilot.
·
Open Dialogue
o
Standards and scope
o
Requirements – functional and scope
o
Landscape survey
·
Defining expectations for the pilot
·
Success metrics
Are the success criteria complying with the law, or
improving patient care?
The default position since the fifth century bc is that the
provider discloses only the information that the patient wishes.
The ONC has an eConsent project that connects with patients
for feedback. Pilot in western New York.
There is a movement to standardizing consent language. See
Ohio.
What are consumer expectations? That we comply with the law!
Pick an environment that is already exchanging and add the
segmentation capabilities to that. Trusted exchange!
We will need specific patient buy-in before proceeding.
Test cases only. No legal implications to failure! Whew!!
Friday Q3 – Wrap-up
I love it when the policy wonks work with the geeks.
Two priorities for the next year. Acceleration of mu and
S&I
