Primary Goal: To demonstrate how behavioral health information is protected through patient-supplied privacy preferences.

Key Points:• This demonstration illustrates how the IHE profile BPPC (Basic Patient Privacy Consents) allows patients to specify privacy rules for

sensitive data, which is in this case behavioral health data.• The HIE (Health Information Exchange) honors the patient’s privacy settings and restricts access to the content depending on who is

attempting to access the sensitive information.• Later, a patient may ask the HIE to provide a list of authorized users who saw their sensitive records using “break the glass”.

Use Case 6

Domain Profile Vendors Actor

IT Infrastructure (ITI)

ATNA Oracle RepositoryeClinicalWorks, InterSystems Secure Application

CT eClinicalWorks, InterSystems, Oracle Time ClientPDQ,

PDQv3eClinicalWorks, InterSystems Consumer

InterSystems Supplier

PIX, PIXv3

eClinicalWorks, InterSystems ConsumereClinicalWorks Identity SourceInterSystems Manager

XDS

eClinicalWorks, InterSystems ConsumerOracle Registry

InterSystems RepositoryeClinicalWorks Source

Patient Care Coordination (PCC)

BPPC

InterSystems ConsumereClinicalWorks CreatorInterSystems Recipient

eClinicalWorks Source

MS InterSystems ConsumereClinicalWorks Creator

IHE

Prof

iles

and

Act

ors

Care Theme: Transitions of CareUse Case: Respecting the Patients Privacy Concerns During EMS & Physician Encounters

1. In formulating its privacy and consent strategy, a statewide HIE considers the pros and cons of opt-in and opt-out models. After careful consideration, it selects an “opt-out” model which states that a patient’s Personal Health Information (PHI) may be disclosed unless that patient explicitly opts out of the HIE as a whole, or opts out specific content.

2. A patient visits the PCP to discuss his state of mental health. Due to the sensitive nature of the encounter, the patient wishes to keep all information related to his mental health condition confidential. To enforce this, the patient explicitly defines a consent policy that declares his mental health condition as highly confidential, and only accessible in emergency situations.

3. Some time later, the patient is in a car accident. A witness calls 911 and passes the injured patient’s driver’s license information to the 911 phone operator. The 911 operator dispatches the ambulance, and at the same time views the patient in the community’s clinical portal. The 911 operator is able to see the non-sensitive content, but not the sensitive content.

4. EMS staff arrive at the accident scene and attend to the patient. Using the community’s clinical portal, the EMS staff view the patient’s clinical history and, using “break the glass”, also see the patient’s sensitive data.

5. Concerned about who might have seen his confidential data, the patient calls the local HIE to obtain a record of attempted and successful views of his data. The HIE’s Audit Officer assists the patient, and produces a report of all accesses to his PHI, including accesses performed using “break the glass”.

Clinical Workflow:

Visit the IHE Product Registry at: ihe.net/registry

Care Theme: Transitions of CareUse Case 6: Respecting the Patients Privacy Concerns During EMS & Physician Encounters

1- HIE

4- EMS at Accident Scene

3- 911 Operator

5- Audit Officer at HIE

2- PCP