Harry Rhodes Director, National Standards.

Similar documents
Patient Unified Lookup System for Emergencies (PULSE) System Requirements

Ambulatory Interoperability - Proposed Final Criteria - Feb Either HL7 v2.4 or HL7 v2.5.1, LOINC

Breaking HIE Barriers

Data Sharing Consent/Privacy Practice Summary

Merit-Based Incentive Payment System (MIPS) Promoting Interoperability Performance Category Measure 2018 Performance Period

Health Level Seven International Unlocking the Power of Health Information

Accessing Patient Records in Virtual Healthcare Organisations

IHE Eye Care Technical Framework Supplement

Health Information Exchange 101. Your Introduction to HIE and It s Relevance to Senior Living

Test Procedure for (c) Maintain up-to-date problem list

Department of Defense INSTRUCTION

HL7 capabilities for working with GS1

GE integrates with ELLKAY; GE integrates with Cerner HIE; GE Media Manager IHE PDQ, IHE XDS, HL7 CDA. ELLKAY LKeMPI IHE PDQ

Data Segmentation for Privacy (DS4P)

ecw Integration PIX, XACML, CCD with Basic Clinical Event Notifications Project Scope Definition

Health Information Exchange. Anne Dobbins, RN Operations Director Minnesota Health Information Exchange (MN HIE)

Accessing HEALTHeLINK

Consolidated CDA Basics. Lisa R. Nelson, Lantana Consulting Group

Arizona Hospital Discharge Data Submission to CDC NEPHT Network Fellowship

ONC Cooperative Agreement HIE Program Update. Arizona Rural & Public Health Policy Forum January 19, 2012

2/2/2012. Health Care Information Technology Reform: The challenge for MCH programs and an Alaska Case Study. Agenda.

Examples of Successful Interoperability Texas HIE Emergency Telehealth and Navigation (ETHAN)

Wednesdays With PHRI

IHE IT Infrastructure Technical Framework Supplement. Rev. 2.2 Trial Implementation

Frequently Asked Questions. Inofile FAQs

EMPOWERING THE NEW HEATHCARE ERA

Population Health Management. Ashley Rhude RHIA, CHTS-IM HIT Practice Advisor

Privacy Issues and the Children s Hospital EMR

Healthcare Information Technology Standards Panel

International Perspectives. Marjorie S. Greenberg, MA National Center for Health Statistics Centers for Disease Control and Prevention

Current and future standardization issues in the e Health domain: Achieving interoperability. Executive Summary

IHE Patient Care Coordination Technical Framework Supplement. Dynamic Care Team Management (DCTM) Rev. 1.1 Trial Implementation

Merit-Based Incentive Payment System (MIPS) Promoting Interoperability Performance Category Measure 2018 Performance Period

Integrating the Healthcare Enterprise International IHE Eye Care

WISHIN Statement on Privacy, Security, and HIPAA Compliance - for WISHIN Pulse

Universal Public Health Node (UPHN): HIE and the Opportunities for Health Information Management

Patient Centered Data Home : Scalable Model of Exchanging Patient Data Among HIEs

Copyright All Rights Reserved.

Office of the Chief Privacy Officer. Privacy & Security in an App Enabled World HIMSS, Tuesday March 1, 2016, Las Vegas, NV

HIPAA PRIVACY TRAINING

Privacy & Security of Occupational, Behavioral & Deceased Patient Records Alisha R. Smith, RHIA

Merit-Based Incentive Payment System (MIPS) Promoting Interoperability Performance Category Transition Measure 2018 Performance Period

The PHDSC Quarterly Standard E-Newsletter

Privacy Rio Grande Valley HIE Policy: P1. Last date Revised/Updated 02/18/2016

John Quinn HL7 CTO. (with content contributed by Bob Dolin, MD HL7 Chair Elect) IHIC Kyoto, Japan, May

NOTICE OF PRIVACY PRACTICES

Quality Data Model (QDM) Style Guide. QDM (version MAT) for Meaningful Use Stage 2

The Clinical Investigation Policy and Procedure Manual

Via Electronic Submission to:

IHE Patient Care Coordination Technical Framework Supplement. Dynamic Care Planning (DCP) Rev 1.2 Trial Implementation

Columbus State Community College Allied Health Professions Department Health Information Management Technology

Chapter 11. Expanding Roles and Functions of the Health Information Management and Health Informatics Professional

HIPAA & HEALTH INFORMATION EXCHANGE

Building Blocks for HIE in California

Agenda. New 42 CFR Part 2 Regulations and Information Sharing. Presented by: Christina Grijalva, RHIA, CHC OCHIN Compliance Specialist 4/28/2016

Vendor Plan Share, Panel Discussion: Clinical Data Exchange by leveraging the EHR

Establishing a Personal Electronic Health Record in the Rhine-Neckar Region

Frequently Asked Questions And Healthcare Glossary of Terms

Health Information Management

Behavioral Health Data Sharing: The Opportunities & Challenges In Health Information Exchange

Comparison of Health IT Provisions in H.R. 6 (21 st Century Cures Act) and S (Improving Health Information Technology Act)

The Children's Clinic Patient Information Form

HW/ODH XDR CDS. Alliance of Chicago GE Centricity Qvera

Integrating EMS for Care Coordination and Disaster Response March 3, 2016

Meaningful use glossary and requirements table

Report from the Technical Committees & Tiger Teams

Merit-Based Incentive Payment System (MIPS) Advancing Care Information Performance Category Transition Measure 2018 Performance Period

Request for Information NJ Health Information Network. State of New Jersey. New Jersey HIT Coordinators Office. Request for Information

ESRD Network 14. Supporting Quality Care

HL7 Basic Overview HIMSS 15. April 14, George W. Beeler, Jr. (co-chair HL7 FTSD)

Sharing Behavioral Health Information in Massachusetts: Obstacles and Potential Solutions. March 30, 2016

GDPR DATA PROCESSING ADDENDUM. (Revision March 2018)

Integrating Clinical Data into the Medi-Cal Enterprise

Leveraging Health IT: How can informatics transform public health (and public health transform health IT)?

Market Trends and Practical Examples

SAMPLE. Release of Information in California: E-book Series, 12 of 12. Published by:

Section D. From Business Processes to Systems Requirements

PRIOR APPROVAL GUIDE ',47 +MPP 7ERW

IHE Quality, Research and Public Health Technical Framework Supplement. Healthy Weight (HW) Rev. 2.2 Trial Implementation

CMS-0044-P; Proposed Rule: Medicare and Medicaid Programs; Electronic Health Record Incentive Program Stage 2

Access to Patient Information for Research Purposes: Demystifying the Process!

PHR and the Issue of Patients Altering Professionally-Sourced Data

Administrative services which may be delegated to IPAs, Medical Groups, Vendors, or other organizations include:

Nonprofit partnership. A grass roots organization where Board of Directors have vested interest in its success.

Statement of Understanding

HIE Success - Physician Education Series

Health Information Technology and Coordinating Care in Ohio

Louisiana Medicaid Hospital Precertification for Acute Care. On Line Webinar November 12 13, 2009

U.S. Health and Human Services Office of the National Coordinator for Health IT

PRIVACY IMPACT ASSESSMENT (PIA) For the

Merit-Based Incentive Payment System (MIPS) Promoting Interoperability Performance Category Measure 2018 Performance Period

Assure Health Information Technology Standards for Early Hearing Detection and Intervention (EHDI):

ADDICTION TRAINING & WORKFORCE DEVELOPMENT PROGRAM CPS STUDENT APPLICATION

The American Recovery and Reinvestment Act of 2009, Meaningful Use and the Impact on Netsmart s Behavioral Health Clients

Business Risk Planning

Copyright Scottsdale Institute All Rights Reserved.

Measure: Patient name. Referring or transitioning healthcare provider's name and office contact information (MIPS eligible clinician only) Procedures

Request for Proposal for Digitizing Document Services and Document Management Solution RFP-DOCMANAGESOLUTION1

Deriving Value from a Health Information Exchange. HIMSS17 DA-CH Community Conference Healthix I New York I February 20, 2017

HIPAA Training

Transcription:

Harry Rhodes Director, National Standards harry.rhodes@ahima.org

Collaboration with Health IT Vendors Approach Activities Explained Basic Patient Privacy Consents (BPPC) Advanced Patient Privacy Consents (APPC)

The Information Technology Planning Committee: Developing and reviewing Integration Profile proposals Determining scope of development priorities Communication and coordination of development activities with other IHE domain Developing educational materials in support of the ITI Domain

The Information Technology Technical Committee: Assessing the feasibility and scope of development priorities Developing detailed documentation of approved Integration Profile proposals Developing and maintaining the IHE Technical Framework These committees are composed of representatives of stakeholder organizations who are users or developers of healthcare IT systems and related infrastructure. The committees are international in scope. All qualified stakeholders are invited to join. Participation is open and voluntary, but in order to remain a voting committee member, participants must take part regularly in committee meetings and teleconferences and perform committee assignments.

To address challenges with HIT adoption, in 2015, AHIMA joined the Integrating the Healthcare Enterprise (IHE, www.ihe.net) IHE is an international collaborative of HIT vendors, professionals associations and governmental entities to develop interoperability standards in healthcare to improve the quality, value, and safety of healthcare by enabling rapid, scalable, and secure access to health information at the point of care. IHE engages public and private entities to develop, test, implement, and use standards-based solutions for all health information needs.

Integrating the Healthcare Enterprise (IHE). URL: www.ihe.net

Collaboration with Health IT Vendors Approach Activities Explained Basic Patient Privacy Consents (BPPC) Advanced Patient Privacy Consents (APPC)

Co-Chairs: Tarik Idris, InterComponentWare AG, tarik.idris@icw.de John Moehrke, GE Healthcare, John.Moehrke@med.ge.com

Introduce a new kind of consent document Clearly defined document structure (like BPPC) Transport binding at least for XDS (like BPPC) Must include a structured policy representation Few restrictions on the content of the policies Provide a common vocabulary for referencing IHE defined concepts (like XDS metadata or XUA attributes) in policies Should play well with XDS, XUA/SAML, existing BPPC implementations, HL7 Consent Directives, IHE Secure Retrieve and other OASIS XACML-based approaches As stated in volume 1: Future profiles may include in addition to the legal text, a structured and coded expression of the consent policy that can be used to support even more dynamic understanding of the patient's directives (see HL7 and OASIS).

The Need Collaboration with Health IT Vendors Approach Activities Explained Basic Patient Privacy Consents (BPPC) Advanced Patient Privacy Consents (APPC)

privacy policies governing healthcare data exchanges become more complex exchanges become more sophisticated, handle more types of data patients demand more control in exchange for handing over more of their electronic healthcare data Increasingly exchanges include PHI with special legal rules attached to it (e.g. substance abuse and mental health data) IHE BPPC works well when acknowledging basic policies Healthcare data exchanges need an interoperable way to communicate more complex patient consent

Existing IHE BPPC profile do not include a structured representation of the privacy consent policy. Privacy-sensitive patients, organizational policies and legal regulations often demand that patients be given considerable flexibility as to what data is accessible to which participants. Agreeing on a common format, vocabulary and transport mechanisms for an enhanced consent would significantly reduce security-related interoperability costs. The patient s specific choices (e.g. which organizations to grant access to) could then be included in a structured policy representation as part of the new Enhanced Patient Privacy Consent document.

Basic Patient Privacy Consents (BPPC) profile Provides a mechanism to record the patient privacy consent(s), a method to mark documents published to XDS with the patient privacy consent that was used to authorize the publication, and a method for XDS Consumers to use to enforce the privacy consent appropriate to the use.

BPPC profile provide mechanisms to: Record the patient privacy consent(s), Enforce the privacy consent appropriate to the use.

Case 1: Facility-specific consent Patient P will soon be treated at facility F P signs a consent before transfer Consent document grants full PHI access to doctors at facility F Affinity domain defines access levels and manages facility list (e.g. via HPD*) Examples for other access levels: normal confidentiality documents, summaries only, demographics and encounters only Access levels could be seen as base policies, the proposed structured policy representation would reference them and add the facility constraint Currently requires pre-arranging 1 policy per access level for each facility *HPD-Healthcare Provider Directory

Case 2: Consent for an episode of care A care nurse creates a care team to treat Patient P s forearm fracture at the beginning of his treatment P signs a consent for this episode of care Consent document grants read and write access to documents linked to a folder with folder code S52 (ICD10) to three identified healthcare providers Affinity domain defines limits of read and write access and manages facility list (e.g. via HPD) E.g. does read access include submission sets? In this case there is one base policy, the proposed structured policy representation would reference it and add the folder code and the selected provider constraint Currently requires pre-arranging 1 policy per supported folder code for each provider (assumes multiple policies per consent document)

Enable policies that limit access based on 3. a provider blacklist Example: The patient P s nosy cousin C works at hospital H. P wants to grant access to H s doctors, with the exception of C 4. document author or source system Example: All documents are sent to the HIE, but documents from facility F are only shared with users from other facilities if the patient signed a consent (or waiver) 5. document metadata (e.g. Unique ID, ClassCode, PracticeSettingCode, ) Example: A Patient Portal allows the patient to hide specific documents or types of data, like all dermatology documents 6. the user s home community ID, purpose of use, roles Example: The patient signs a consent to grant crosscommunity access for their state HIE data to a specific health system that runs their own exchange - but only if the recipient is a doctor and the data is used for treatment

XDS Metadata Enhanced Consent Document Structured and Coded CDA Header Patient, Author, Authenticator, Institution CDA Body Human-readable Consent Details Structured and Coded Policy Representation Access rights or restrictions, References to one or more base policies

Bi-weekly WebEx Conference calls on Tuesday mornings From 8:00 AM to 9:30 AM Central Time, Beginning December 1, 2015 and running through July 26, 2016 All face-to-face meeting are WebEx supported

Diana Warner, MS, RHIA, CHPS, FAHIMA Diana.Warner@ahima.org Harry Rhodes, MBA, RHIA, CHPS, CDIP, FAHIMA Harry.Rhodes@ahima.org Anna Orlova, PhD Anna.Orlova@ahima.org

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback