• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Enforceable Specification of Privacy
 

Enforceable Specification of Privacy

on

  • 639 views

 

Statistics

Views

Total Views
639
Views on SlideShare
191
Embed Views
448

Actions

Likes
0
Downloads
1
Comments
0

3 Embeds 448

http://localhost 230
http://kaironconsents.org 202
http://mm181308-pc 16

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Enforceable Specification of Privacy Enforceable Specification of Privacy Presentation Transcript

    • Enforceable Specification of Privacy Peter Mork Jean Stanford CEM IR&D
    • Problem Growing need for Health Information Exchange – Continuity of care – Decreased costs – Public health reporting – Facilitate clinical research Health Information Exchange requires patient consent: – Paper-based – One form per transaction – Non-transferrable – Signed with limited time to think © 2011 The MITRE Corporation. All rights reserved
    • Background DoD VA Paper consent forms prevent seamless health information exchange © 2011 The MITRE Corporation. All rights reserved
    • Objective Support Meaningful & Granular Patient Consent Globally Accessible by: – Patients and – Record Holders Platform Adaptable Modular Design adapts to: – Technology Changes – Legal Changes © 2011 The MITRE Corporation. All rights reserved
    • Activities Developed rules language for consent: – Basic constructs = purpose, topics, datatypes, time, etc. – Two forms of negation – Terminological hierarchies – Reusable knowledge components Policy reasoner: – Input = Patient preferences + request – Output = Minimized rule tree Policy enforcement: – Conversion to XACML – Prototype of EHR with XACML engine © 2011 The MITRE Corporation. All rights reserved
    • Highlight Request Server Browser (e.g., hData) Record Holder Server Consent Server Policy Policy Enforcer Reasoner EHR Consent DB © 2011 The MITRE Corporation. All rights reserved
    • Demonstration X = Primary Care Provider Direct Care Providers Referral from X to Recipient Purpose = Dr. Walsh: Treatment Purpose = Medications Allowed Treatment Categories Allergies ¬ Mental Health Purpose = Treatment Allow Dr. Blass Purpose = (Medications or Allergies) and not Mental Health Research Anonymized Research ¬ Imagery Purpose = Emergency ¬ Mental Health ¬ Mental Health © 2011 The MITRE Corporation. All rights reserved
    • Impacts Sponsor Engagements: – Office of the National Coordinator – Substance Abuse and Mental Health Services Administration – Department of Veteran’s Affairs Other Engagements: – Healthcare Information and Management Systems Society – GE Healthcare – United Health Open Source: – https://sourceforge.net/projects/kaironconsents/ © 2011 The MITRE Corporation. All rights reserved
    • High Future Plans Automated Integrate with Intelligent Enforcement State Mandates Redaction Eliciting Patient Integrate Care Preferences Relationships Implemented Technical Complexity Under Development Patient Review & Approve Grand Challenges Preemptory Credential Audit Matching AccessLow Accepted Practices Inchoate Policy Maturity © 2011 The MITRE Corporation. All rights reserved