Electronic Data Consent and Electronic Privacy Policy Domain Analysis Ioana Singureanu Eversolve, LLC
Jan 19, 2016
Electronic Data Consent and Electronic Privacy Policy Domain Analysis
Ioana Singureanu
Eversolve, LLC
Overview
Giving privacy protection options is a requirement for the adoption of secure Electronic Health Record systems
SAMHSA is a leader in promoting privacy protection Long-term experience to inform future direction
HL7 standards enable communication/exchange over the web for Privacy policy Consumer preferences Provider override
Consumer-driven Privacy
Privacy Consent Directives+Privacy Policy
Personal Health Records(including IIHI)
Direct Care Research
Diagnosis
Consumer
Maintain
Request (based on consumer’s criteria)
Data filtered (based on rules)
Override
Administrator
Terms and Concepts
Privacy Policy A set of rules intended to protect specific aspects of PHR from abuse
Personal Health Records – identified personal health records that include: PHI- Protected Health Information IIHI
Privacy Consent Directives Agreement/disagreement with policies Directives
Identity (unique identifiers) Consumer Identity
Used to protect privacy, in place of identifying traits Information Identity
Object Identifier (OID
eConsent Management over time
Explicit Privacy Consent or Privacy Policy
En
terp
rise
-sp
ecif
ic
ePolicy-based Privacy (implied consent)
Privacy Policy
Personal Health Records(including IIHI)
• The consumer cannot opt-in or opt-out. • Default policies are applied without consumer’s explicit involvement (e.g. HIPAA)
Direct Care Research
Diagnosis Administrator
Request (based on consumer’s criteria)
Data filtered (based on rules)
Terms
Implied Consent DirectivesAlso referred as “deemed” privacy consent
directivesLocal privacy policies apply by default without
explicit consumer sign-off
Manage Privacy Policy over time
Using Implied Consent for privacy protection
ePolicy-based Privacy (consumer signs-off)
Privacy Policy
Personal Health Records(including IIHI)Request (based on criteria)
Data filtered (rules)
The consumer signs-off on the consent policy as available.
Direct Care Research
Diagnosis Administrator
Consumer
Agrees
Consumer sign-off
The Role of ePolicy for eConsent
Privacy Consent Directives
Consumer
Maintain
National, Local, Organizational Policy
Use/lookup
Policies and rules - Analysis
National State
Organization
Consumer adds privacy consent directive Collect Access Use Disclose
1234
1
2
3
4
Sample Consumer Preferences Web Portal
Policy Rule Sets(Venn Diagram)
1
2
3
4
I disallow restricted info to be accessed by administrators for any purpose
I allow restricted info to be accessed by direct care providers for treatment
Policy and Consent Directives
Runtime Rules
EnginesPlatform-specific
Rules
Platform-independent, standard-based, interoperable, harmonized
Consent Directives
Privacy Policies
HL7 Standard
Common Terminology
Policy and Consent Directives
Runtime Rules Engines
HL7 Standard eConsent<XML>instance
eConsent<XML>instance
eConsent<XML>instance
ePolicy<XML>instance
ePolicy<XML>instance
ePolicy<XML>instance
ePolicy<XML>instance
ePolicy<XML>instance
eConsent<XML>instance
eConsent<XML>instance
XSD ePolicy eConsent
(XMLSchemas)
XACML
Policy rules
ODRL
Policy rules
XrML
policies rules
Platform-independent,standard-based, interoperable, harmonized
Interoperable, standard-based, automated privacy protection
ePolicy<XML>instance
National Jurisdiction
ePolicy<XML>instance
State/Province/Local JurisdictionConsumer’s
Consent Directives
eConsent<XML>instance
ePolicy synchronization
Automatic notification/publication of new privacy rules between jurisdictions
National Jurisdiction
ePolicy<XML>instance
State/Province Jurisdiction
Man
age
Ele
ctro
nic
Pri
vacy
Po
licy
(eP
oli
cy)
Actors (stakeholders)
Consenterresponsible for
maintaining privacy policies
A patient is a consumer who receives medical services
Responsible for maintaining
privacy policies
Evaluation Engine
= Policy Rule Elements = Constraint Catalog
Sensitive
ePolicy used in Personal Health Records
Information references the privacy policy or category type
Like confidentialityCode confidentialityCode
RESTRICTED
HIV-RELATED
Discharge Summary
eConsent Structure
eConsent Override
Vocabulary proposals
Additional coversheets/proposals
CompletedProposal
ISO 13606 Part 4: Functional roles
NewProposal
Terminology - 1
CBCC WGCBCC WG CBCC WG
CBCC WG
CBCC WG
CBCC WG
CBCC WG
Condition may be redundant re: purpose
Security W
G
Obligation, Condition, and Purpose
Obligation Code Action that is required to receive the permission
specified in the privacy rule Condition Code
Prerequisite for a permission to collect, access, use, or disclose personal health records (e.g. trusted computing environment).
Purpose Code It specifies the purpose of a allowing or denying
a permission.
Terminology – 2
CBCC WG
Security W
G
Security WG
Secur
ity W
G
Security WG
Security W
G
Security W
G