11 0953 kairon - slide deck for source forge final 2 11

© 2011 The MITRE Corporation. All rights Reserved.Approved for Public Release 11-0953. Distribution Unlimited.

The MITRE Corporation

Peter Mork, PhD

Kairon: Granular Patient Consent Management

1


2

■ MITRE:– Private, independent non-profit organization– Chartered to work solely in the public interest– Provide support to governmental sponsors– Four Federally Funded Research and Development Centers

■ MITRE Research:– Internal competition– Approximately 6% of revenue (provided by FAR)– Targeted to specific focus areas, including health care– Advances technologies for transition to public and private sectors

About MITRE Research


Consent Research

Request Server

Record Holder Server

EHR

Browser

Consent Server

Consent DB

Policy Reasoner

Policy Enforcer

3


4

Objective: Efficient Consent Management

■ Globally Accessible by:– Patients and

– Record Holders

■ Intuitive User Interface

■ Platform Adaptable

■ Modular Design adapts to:– Technology or

– Legal Changes

Consent Directive Analysis Model

Privacy Policy Reference

Consent specifications- allow/disallow action- purpose of consent- effective period- additional conditions

Information Sender-OrganizationInformation Receiver

- Role- Identity

Health Information Affected- Related to a diagnosis- Data Sensitivity- Coverage Type- Type of information (e.g., lab, rx)

Medical Record Reference- Patient Identification- Medical Record Identification

Action Specification- hierarchy of operations applied to information

Consent Directive Form


7

Mobile App Interface


John Smith’s Privacy Preferences

Recipient Purpose Allowed Types

Disallowed Topics

Primary Care Provider = Dr. Blass

Treatment Any None

Drs. referred byDr. Blass

Treatment Allergies, Medications

Mental Health

Any Research Not Imagery PII, Mental Health

8


Preference Simplification(through Rule Minimization)

Allow

Direct Care Providers

X = Primary Care

Provider

Referral fromX to

RecipientPurpose =Treatment

Allowed Categories

Medications

Allergies

¬ Mental Health

Purpose =Treatment

Dr. Blass

Research

Purpose =Research

Anonymized

¬ Imagery

¬ Mental Health

Dr. Walsh:

Purpose = Treatment

(Medications or Allergies) and not Mental Health

9


Rewritten Preferences

10

<AND> <OR> <String-is-in(‘medication’, Select(datatype))/> <String-is-in(‘allergy’, Select(datatype))/> </OR> <String-is-in(‘NOT-mental-health’, Select(topic)))/></AND>

Blass Walsh Nelson

Treatment Any (Allergies or Medications) and

NOT Mental Health

None

Research NOT Imagery, NOT PII and NOT Mental Health

http://localhost:8080/PatientPolicy/Controller


Consent Form CDA Document

• Produced by the form

• Conforms to the Implementation

Guide


Electronic Consent Directive: CDA Document (rendered as HTML)


13

Sample Response


14

■ Peter Mork, PhD– [email protected]– 703-983-1465

■ Jean Stanford– [email protected]– 301-814-4934

■ Source Forge Site:– http://kaironconsents.sourceforge.net/

Contacts

mailto:[email protected]

mailto:[email protected]


15

Backup Slides


16

Sample Consent Form


17

Trust

• Relationships

• Delegation

Constraints on Consent

Legal

• HIPAA / Privacy Act

• State Laws

Compliance

• Auditing

• Enforcement

Authentication

• Credentials

• Identity Management


Implementation Landscape

Policy MaturityAccepted Practices Inchoate

Tech

nic

al C

om

ple

xity

Lo

wH

igh

Preemptory Access

Patient Review & Approve

Integrate with State Mandates

Intelligent Redaction

Credential Matching

Eliciting Patient Preferences

Automated Enforcement

Implemented

Grand Challenges

Under Development

Integrate Care Relationships

Audit

18

11 0953 kairon - slide deck for source forge final 2 11

Documents

Transcript of 11 0953 kairon - slide deck for source forge final 2 11