“ Jericho / UT Austin Pilot”
34
“Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review July 16, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation
description
“ Jericho / UT Austin Pilot”. Privacy with Dynamic Patient Review. Presented by: David Staggs, JD, CISSP Jericho Systems Corporation. Agenda. Administrative issues Pilot scope Data flow diagram Test Cases Functional requirement cross-walk Potential Test Cases Conformance Effort - PowerPoint PPT Presentation
Transcript of “ Jericho / UT Austin Pilot”
“Jericho / UT Austin Pilot”
Privacy with Dynamic Patient Review
July 16, 2013
Presented by:David Staggs, JD, CISSP
Jericho Systems Corporation
207/16/2013
Agenda• Administrative issues • Pilot scope• Data flow diagram• Test Cases• Functional requirement cross-walk• Potential Test Cases• Conformance Effort• Timeline• Questions• POA&M• Meeting Schedule Announcement
307/16/2013
Pilot Administrivia• This pilot is a community led pilot
– Limited support provided by the ONC• Apurva Dharia (ESAC)• Jeanne Burton (Security Risk Solutions)• Melissa Springer (HHS)
• In conjunction with DS4P bi-weekly return of an All Hands meeting• Access to DS4P Wiki, teleconference, and calendar • Meeting times: Tuesdays 11AM (ET)
– Dial In: +1-650-479-3208Access code: 662 197 169URL:https://siframework1.webex.com/siframework1/onstage/g.php?t=a&d=662197169
407/16/2013
Scope of the Pilot• 1. Define the exchange of HL7 CDA-compliant PCD between a
data custodian and a PCD repository that includes a report on the outcome of the request back to the healthcare consumer.
• 2. Additional goal: use of identifiers that can uniquely identify the healthcare consumer and PCD repository used to report the outcome of the request back to the healthcare consumer by healthcare consumer’s provider and subsequent EHR custodians.
• 3. Stretch goal: use of the PCD repository as a proxy allowing direct authentication by the healthcare consumer to the provider, subsequently reducing correlation errors.
• 4. Stretch goal: mask and/or redact the clinical document based on PCD choices retrieved from the PCD repository.
507/16/2013
Pilot Data Flow
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
B
, = Clinical data
A,B =PCD data
= audit record
And Subsequent Custodian of Data being Provided at
607/16/2013
Test Methodology (from 6/18)
J-UT Pilot Sequence Detail (1)
07/16/2013 7• Applying PCD / reporting during patient discovery
807/16/2013
Consent to Patient Discovery• Test Case Title:
– Consent to Patient Discovery• Test Case Description:
– Verify PCD is applied to patient discovery request• Test Case Detail
– Document custodian receives XCPD request– Document custodian identifies potential matching subjects– Document custodian sends data set A to PCD repository– PCD repository applies data set A to filter returned PCD– Document custodian sends response to XCPD request – Document custodian audit data set A to PCD repository– PCD repository stores audit data set A
J-UT Pilot Sequence Detail (2)
07/16/2013 9
• Applying PCD / Reporting when retuning document list
1007/16/2013
Consent to Document Set Query• Test Case Title:
– Consent to Documents Query• Test Case Description:
– Verify PCD is applied to query for list of available documents• Test Case Detail
– Document custodian receives “retrieve document set” request– Document custodian identifies potential matching documents– Document custodian sends data set B to PCD repository– PCD repository applies data set B to filter returned PCD– Document custodian sends response to request – Document custodian audit data set B to PCD repository– PCD repository stores audit data set B
J-UT Pilot Sequence Diagram (3)
07/16/2013 11
• Applying PCD / Reporting when retuning the clinical document
1207/16/2013
Consent to Retrieve Document• Test Case Title:
– Consent to Retrieve Document• Test Case Description:
– Verify PCD is applied to request for a clinical document• Test Case Detail
– Document custodian receives “retrieve document” request– Document custodian identifies matching document– Document custodian sends data set C to PCD repository– PCD repository applies data set C to filter returned PCD– Document custodian sends response to request – Document custodian audit data set C to PCD repository– PCD repository stores audit data set C
Functional Requirements Summary• Precondition Functional Requirements
– Document format for establishing authentication exchange *– Document format for exchange of repository account holder
and HIO identifiers? (in proxy) *– Document format for clinical data request (NwHIN)
• Functional Requirements – Document format for requesting consent directive– Document format for returning consent directive – Document format for sending result of decision to consent
directive repository • Post-Condition Functional Requirements
– Document format for exchange of repository location and account holder identifier to 2nd requestors associated with data
07/16/2013 13
1407/16/2013
Additional Possible Test Titles• Possible Test Case Titles:
– Establishing authentication exchange• Use of profile to exchange PCD and document custodian
identifiers after authenticating the patient to a portal– Exchange of repository location in clinical document
• Use of Identifiers in the CDA-r2 document sufficient to identify source of the PCD for certain blocks of data previously requested
– Masking data in returned clinical documents based on the PCD• Use of HCS labels to exchange content the subject does not
want to disclose
J-UT Pilot Sequence Diagram (1)
07/16/2013 15
J-UT Pilot Sequence Diagram (2)
07/16/2013 16
1707/16/2013
Conformance Effort • The J-UT will document changes to the IG based on our pilot• Create and track conformance against IG (with our additions)
– Conformance statements tested– Conformance statements used
• Add issues for discussion/resolution in the IG– Input from implementers (e.g. filtering PCD on demand)– Standards gaps
• Change, removal for some items in the IG– Discussion of pilot recommendations may be needed
07/16/2013
UT Student Contribution• Students: John Bender and Adrian Tan• Requirements for Request of a PCD (within PCD scope):
– Sensitivity, POU, requester role, custodian metadata • Fields of HL7 Security Observation Vocabulary:
– Sensitivity, POU, requester role, custodian metadata • Other data that can be included in exchange (not in PCD scope):
– Identifying Service Location– Clinical Reports (ex. Behavioral health assessment)– Payment Type (ex. 42 CFR or Veteran's Health Benefits)– Obligations, Refrain Policies
• Response from PCD Repository:– 1. Custodian of Data will receive PCD– 2. Custodian of Data will be notified of denial
1907/16/2013
Pilot Timeline• General Timeline, conditioned on agreement of stakeholders
20
Relevant Standards• Standards from previous discussions:
• XCA and/or XDS.b (IHE)• XUA (IHE) – IHE profile includes SAML (OASIS) • XCPD (IHE) – not fully integrated into DS4P IG• ATNA (IHE) in ISO 12052 format – returned access decision log• CDA r2 (HL7) – for PCD location in released clinical document
– for format of the directive (includes XACML)• XACML (OASIS) – specifically to PCD• NwHIN specification• ODD (IHE) - On-Demand Documents (Trial) Supplement
Note: PCD (HL7) – just updated last WGM, will re-ballot07/16/2013
2107/16/2013
Questions?
• For example:• How do we identify the test points and conformance in the test
documentation?
22
Plan of Action
• Upon agreement of the participants the POA is: • Identify the elements available from previous DS4P pilots• Scope level of effort, decide on extended scenario• Determine first draft of functional requirements• Review standards available for returning information on requests• Determine any gaps or extensions required in standards• Stand up information holders and requestors• Create XDS.b repository holding PCD• Identify remaining pieces • Document and update IG with results of our experience
07/16/2013
2307/16/2013
Meeting Announcement
• No meeting next week:• Next meeting will be on July 30• Expected topics will be progress on the pilot demonstration and
test documentation
2407/16/2013
Backup Slides
DS4P Standards Material• Location of DS4P Standards Inventory:
http://wiki.siframework.org/Data+Segmentation+-+Standards+Inventory• Location of DS4P Standards Mapping Issues:
http://wiki.siframework.org/file/view/Copy%20of%20DataMappingsIssues%2005102012.xlsx/333681710/Copy%20of%20DataMappingsIssues%2005102012.xlsx
• General Standards Source List:http://wiki.siframework.org/file/view/General%20SI%20Framework%20Standards%20Analysis.xlsx/297940330/General%20SI%20Framework%20Standards%20Analysis.xlsx
• Standards Crosswalk Analysis http://wiki.siframework.org/Data+Segmentation+for+Privacy+Standards+and+Harmonization (at bottom of page, exportable)
• Implementation Guidancehttp://wiki.siframework.org/file/view/Data%20Segmentation%20Implementation%20Guidance_consensus_v1_0_4.pdf/416474106/Data%20Segmentation%20Implementation%20Guidance_consensus_v1_0_4.pdf
07/16/2013 25
2607/16/2013
DS4P References
• Use Case: http://wiki.siframework.org/Data+Segmentation+for+Privacy+Use+Cases
• Implementation Guide: http://wiki.siframework.org/Data+Segmentation+for+Privacy+IG+Consensus
• Pilots Wiki Page: http://wiki.siframework.org/Data+Segmentation+for+Privacy+RI+and+Pilots+Sub-Workgroup
2707/16/2013
Pilot Data Flow
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
B
, = Clinical data
A,B =PCD data
= audit record
And Subsequent Custodian of Data being Provided at
2807/16/2013
Pilot Data Flow
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
Clinical exchange #
Clinical exchange #
B
, = Clinical data
A,B =PCD data
= audit record
And Subsequent Custodian of Data being Provided at Fetch PCD Fetch
PCD
Send auditSend audit
2907/16/2013
Pilot Data Flow (1)
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
, = Clinical data
A,B =PCD data
= audit record
3007/16/2013
Pilot Data Flow (2)
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
, = Clinical data
A,B =PCD data
= audit record
3107/16/2013
Pilot Data Flow (3)
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
B
, = Clinical data
A,B =PCD data
= audit record
And Subsequent Custodian of Data being Provided at
3207/16/2013
Pilot Data Flow (4)
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
, = Clinical data
A,B =PCD data
= audit record
And Subsequent Custodian of Data being Provided at
3307/16/2013
Pilot Data Flow (5)
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
, = Clinical data
A,B =PCD data
= audit record
And Subsequent Custodian of Data being Provided at
3407/16/2013
Pilot Data Flow (updated)
Custodian of Data being Provided at
Patient
PCD Repository2nd Requestor
1st Requestor
B
, = Clinical data
A,B =PCD data
= audit record
And Subsequent Custodian of Data being Provided at
