Enforceable Specification of Privacy

1,119 views

Published on

Published in: Health & Medicine, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,119
On SlideShare
0
From Embeds
0
Number of Embeds
794
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Enforceable Specification of Privacy

  1. 1. Enforceable Specification of Privacy Peter Mork Jean Stanford CEM IR&D
  2. 2. Problem Growing need for Health Information Exchange – Continuity of care – Decreased costs – Public health reporting – Facilitate clinical research Health Information Exchange requires patient consent: – Paper-based – One form per transaction – Non-transferrable – Signed with limited time to think © 2011 The MITRE Corporation. All rights reserved
  3. 3. Background DoD VA Paper consent forms prevent seamless health information exchange © 2011 The MITRE Corporation. All rights reserved
  4. 4. Objective Support Meaningful & Granular Patient Consent Globally Accessible by: – Patients and – Record Holders Platform Adaptable Modular Design adapts to: – Technology Changes – Legal Changes © 2011 The MITRE Corporation. All rights reserved
  5. 5. Activities Developed rules language for consent: – Basic constructs = purpose, topics, datatypes, time, etc. – Two forms of negation – Terminological hierarchies – Reusable knowledge components Policy reasoner: – Input = Patient preferences + request – Output = Minimized rule tree Policy enforcement: – Conversion to XACML – Prototype of EHR with XACML engine © 2011 The MITRE Corporation. All rights reserved
  6. 6. Highlight Request Server Browser (e.g., hData) Record Holder Server Consent Server Policy Policy Enforcer Reasoner EHR Consent DB © 2011 The MITRE Corporation. All rights reserved
  7. 7. Demonstration X = Primary Care Provider Direct Care Providers Referral from X to Recipient Purpose = Dr. Walsh: Treatment Purpose = Medications Allowed Treatment Categories Allergies ¬ Mental Health Purpose = Treatment Allow Dr. Blass Purpose = (Medications or Allergies) and not Mental Health Research Anonymized Research ¬ Imagery Purpose = Emergency ¬ Mental Health ¬ Mental Health © 2011 The MITRE Corporation. All rights reserved
  8. 8. Impacts Sponsor Engagements: – Office of the National Coordinator – Substance Abuse and Mental Health Services Administration – Department of Veteran’s Affairs Other Engagements: – Healthcare Information and Management Systems Society – GE Healthcare – United Health Open Source: – https://sourceforge.net/projects/kaironconsents/ © 2011 The MITRE Corporation. All rights reserved
  9. 9. High Future Plans Automated Integrate with Intelligent Enforcement State Mandates Redaction Eliciting Patient Integrate Care Preferences Relationships Implemented Technical Complexity Under Development Patient Review & Approve Grand Challenges Preemptory Credential Audit Matching AccessLow Accepted Practices Inchoate Policy Maturity © 2011 The MITRE Corporation. All rights reserved

×