HIT Standards CommitteeHIT Standards Committee

Privacy and Security Workgroup: Privacy and Security Workgroup:

Standards for Consumer Engagement

Dixie Baker, SAIC

Steve Findlay, Consumers Union

April 28, 2009

2

Privacy and Security Workgroup Members

• Dixie Baker, SAIC• Anne Castro, BlueCross BlueShield of South Carolina• Aneesh Chopra, Federal Chief Technology Officer• Ed Larsen, HITSP• David McCallie, Cerner Corporation• John Moehrke, HITSP• Steve Findlay, Consumers Union• Gina Perez, Delaware Health Information Network• Wes Rishel, Gartner • Walter Suarez, Kaiser Permanente• Sharon Terry, Genetic Alliance

3

Current Status

• Initiated series of educational sessions on current standardization activities related to consent management

– Organization for the Advancement of Structured Information Standards (OASIS) / International Security Trust and Privacy Alliance (ISTPA) Privacy Management Reference Model (PMRM)

• Framework for resolving privacy policy requirements into operational services and functions

– Integrating the Healthcare Enterprise (IHE) Basic Patient Privacy Consents (BPPC)

• Profile for capturing patient acknowledgement of consent as Health Level 7 (HL7) Clinical Document Architecture (CDA) document

• Coming Up – May 14, 10:00am-12:00pm ET: HL7 Version 3 Domain Analysis Model: Medical Records; Composite Privacy Consent Directive – Ioana Singureanu

4

Meaningful Use Health Outcomes Policy Priority #2: Engage Patients and Families

Care Goals(MU NPRM)

Stage 1 Objectives(MU NPRM)

2013 Objectives (HITPC)

2015 Objectives (HITPC)

• Provide patients and families with timely access to data, knowledge, and tools to make informed decisions and to manage their health

• Electronic copy of health information• Timely electronic access to health information within 96 hours • Clinical summary for each office visit

• PHR populated in real time• Secure patient-provider messaging• Patient-specific educational resources in common primary languages • Patient preferences• Incorporate data from home monitoring devices

• Self-management tools • Electronic reporting on experience of care

5

Needs for Consumer Engagement Standards

• “Electronic copy” of health information– Machine readable– Human readable – Exchangeable with personal health records (PHRs)

• “Clinical summary” • “Real-time” PHR• Secure patient-provider messaging – authenticated, private, integrity protected,

attributable, audited• Patient permissions and preferences• Incorporation of consumer data into electronic health record (EHR)

– Home devices– Consumer reported

• Decision-support – Safety– Privacy

• Care-experience reporting• Usability

6

Consumer Engagement Observations

• The big and relevant question: should government guidelines and regulations “nudge” in these areas. (2008 book Nudge: Improving Decisions About Health, Wealth and Happiness by WH adviser Cass Sunstein and Richard Thaler)

• Nudging is the art of guiding consumer behavior by manipulating the ecosystem of choice and decision-making

• HIT tools absolutely offer a nudge opportunity in health care – perhaps revolutionary!

– The “meaningful use” nudge may be transformational

• How HIT tools are designed will promote certain choices and behaviors– Decisions about where and how to specify standards will exert a significant impact

7

Example #1: Home Care

• Will be used increasingly for seniors and those with chronic conditions

• “Many birds with one stone” – consumer preference, less provider-intensive, safer than hospital/nursing home, lower cost

• HIT tools will be key enabler

• What is the role of the HITSC in recommending standards, implementation specifications, and certification criteria for home care devices? exchanges between providers and home care devices? exchanges between devices?

8

Example 2: Consumer Permissions

Permission for PHR vendor to query home

device?

Consent to send health information to consulting

specialist

Authorization to disclose psychotherapy notes

Consent to exchange

secure email

Authorization for provider to send health information to

PHR vendor

Authorization for HIE to use health information

Authorization to use information in clinical research

Informed consent to participate in clinical trial

Permission to query home medical devices?

Consent to send health information

to payer

Permission to “friend”?

Permission to use health information to direct self-management tools?

Consent to share

information across

HIE/NHIN

9

Consumer Engagement Questions

• HIT Policy Committee may tackle these kind of issues. What’s the HIT Standard Committee’s role?

• Should we be advising ONC (and other feds agencies) to promulgate guidelines and/or standards for PHRs, mobile technology platforms and apps, home monitoring devices, connectivity with providers, “actionable” decision support, social networking that involves personal information and data, etc?

• What is proper scope and role of such guidelines and standards?

• We are just raising the question today for initial discussion