Скачать презентацию The Patient as Steward of Healthcare Data Managing Скачать презентацию The Patient as Steward of Healthcare Data Managing

fe0f3ead92247edda3ef66349d10cb0b.ppt

  • Количество слайдов: 19

The Patient as Steward of Healthcare Data Managing Consent Preferences John D. Halamka MD The Patient as Steward of Healthcare Data Managing Consent Preferences John D. Halamka MD Louis Sullivan Lecture

Privacy is the Final Frontier How do we record patient preferences about information sharing? Privacy is the Final Frontier How do we record patient preferences about information sharing? How do we transfer consent preferences among payers, providers, labs, pharmacies, personal health record vendors and other stakeholders? How do we manage continually changing privacy preferences, situations and use cases?

1998 – Payer/Provider data exchange Health Insurance Portability and Accountability Act (HIPAA) 1998 – Payer/Provider data exchange Health Insurance Portability and Accountability Act (HIPAA)

2004 – Provider/Provider data exchange Regional Health Information network Organizations (RHIn. Os) 2004 – Provider/Provider data exchange Regional Health Information network Organizations (RHIn. Os)

2008 – The Patient as Data Steward Consent Assertion Markup Language (CAML) 2008 – The Patient as Data Steward Consent Assertion Markup Language (CAML)

How it might work? A Consent Wizard, available as an open source web application, How it might work? A Consent Wizard, available as an open source web application, codifies all the consent options inventoried by HISPC The output of the Consent Wizard is a transportable XML representation of patient preferences that can be hosted by a payer, a PHR, or a RHIO and used to guide all information exchange

Flavors of Consent Opt-Out = data is exchanged by default unless restricted by the Flavors of Consent Opt-Out = data is exchanged by default unless restricted by the patient Opt-In = data is not exchanged by default until the patient consents Quilted = a subset of data is exchanged with patient consent based on institution, data user, data producer, and situation

Scope of Consent Institution – Opt Out = I do not wish the information Scope of Consent Institution – Opt Out = I do not wish the information at this institution to be shared – Opt In = I agree to share all information from this institution – Quilted = I agree to share my medications and labs but not my problem list and notes from this institution

Scope of Consent Data User – Opt Out = I do not want to Scope of Consent Data User – Opt Out = I do not want to participate in this research study – Opt In = I want my data used by all stakeholders with audit protections, to optimize my health – Quilted = I want all my data shared with emergency providers, primary care physicians, payers and public health agencies, but not with pharmaceutical firms

Scope of Consent Data Producer – Opt Out = I do not want my Scope of Consent Data Producer – Opt Out = I do not want my laboratory records shared – Opt In = I want my data from labs, pharmacies and payers shared with providers – Quilted = I want my pharmacy records shared except medications used for mental health, HIV, and substance abuse treatment

Scope of consent Situation – Opt Out = I do not want my data Scope of consent Situation – Opt Out = I do not want my data shared for simple office visits with one-time providers i. e. out of town visit to an urgent care for a small laceration repair – Opt In = I want my data shared for all care situations – Quilted = I want my data shared for all emergency visits but not for routine care

How it might appear

" src="https://present5.com/presentation/fe0f3ead92247edda3ef66349d10cb0b/image-13.jpg" alt="How it might appear " /> How it might appear

What this means I opt-in to share all my data from Beth Israel Deaconess What this means I opt-in to share all my data from Beth Israel Deaconess Medical Center I opt-out of participating in a clinical trial at Harvard Clinical Research Institute I opt-in to sharing my Walgreens prescription data except mental health medications I opt-in to sharing all data (including mental health medications) for emergency care

The devil is in the details The Consent Wizard would need to enforce integrity The devil is in the details The Consent Wizard would need to enforce integrity of consent options to avoid conflicting preferences i. e. patients cannot both opt-out and opt-in for data sharing with the same data user and situation A hierarchy must be created to ensure consistent interpretation of complex consent such as situation > institution > data user > data producer i. e. an opt-in for emergency department data sharing overrides data producer opt-outs

How could this be implemented? A Payer implements a patient portal which hosts the How could this be implemented? A Payer implements a patient portal which hosts the Consent Wizard and authenticates the patient. When a provider does a 270/271 transaction, the CAML data is returned with the 271 response or is available as a 275 claims attachment

How could this be implemented? A Personal Health Record vendor provides the Consent Wizard How could this be implemented? A Personal Health Record vendor provides the Consent Wizard to patients but does not need to verifiably authenticate the patient. When the patient 'authenticates' with the provider during the care registration process, the patient provides the PHR vendor name and account information needed to access their CAML data

How could this be implemented? A RHIO, on behalf of the community, hosts the How could this be implemented? A RHIO, on behalf of the community, hosts the Consent Wizard and provides access to the CAML records of the community

Next steps Consideration by the AHIC Security and Privacy Working Group If AHIC proposes Next steps Consideration by the AHIC Security and Privacy Working Group If AHIC proposes a use case, then SDOs would need to work on CAML or adapt XACML (existing standard for access control) to support CAML principles Pilot projects for Consent Wizard development