Your SlideShare is downloading. ×
0
Data Segmentation For Privacy Himss 2012 Fina Lv2
Data Segmentation For Privacy Himss 2012 Fina Lv2
Data Segmentation For Privacy Himss 2012 Fina Lv2
Data Segmentation For Privacy Himss 2012 Fina Lv2
Data Segmentation For Privacy Himss 2012 Fina Lv2
Data Segmentation For Privacy Himss 2012 Fina Lv2
Data Segmentation For Privacy Himss 2012 Fina Lv2
Data Segmentation For Privacy Himss 2012 Fina Lv2
Data Segmentation For Privacy Himss 2012 Fina Lv2
Data Segmentation For Privacy Himss 2012 Fina Lv2
Data Segmentation For Privacy Himss 2012 Fina Lv2
Data Segmentation For Privacy Himss 2012 Fina Lv2
Data Segmentation For Privacy Himss 2012 Fina Lv2
Data Segmentation For Privacy Himss 2012 Fina Lv2
Data Segmentation For Privacy Himss 2012 Fina Lv2
Data Segmentation For Privacy Himss 2012 Fina Lv2
Data Segmentation For Privacy Himss 2012 Fina Lv2
Data Segmentation For Privacy Himss 2012 Fina Lv2
Data Segmentation For Privacy Himss 2012 Fina Lv2
Data Segmentation For Privacy Himss 2012 Fina Lv2
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Data Segmentation For Privacy Himss 2012 Fina Lv2

311

Published on

Privacy Protection for Substance Abuse Treatment Information: HIMSS 2012 Presentation

Privacy Protection for Substance Abuse Treatment Information: HIMSS 2012 Presentation

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
311
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Please note that this presentation is being recorded.There will be an opportunity for questions at the end of the presentation. To ask a question: Select the Q&A button in the WebEx toolbar. Select All Panelists in the Q&A box. Type your question and select Send. The moderator will queuequestions for the panelists.
  • Please note that this presentation is being recorded.There will be an opportunity for questions at the end of the presentation. To ask a question: Select the Q&A button in the WebEx toolbar. Select All Panelists in the Q&A box. Type your question and select Send. The moderator will queuequestions for the panelists.
  • Please note that this presentation is being recorded.There will be an opportunity for questions at the end of the presentation. To ask a question: Select the Q&A button in the WebEx toolbar. Select All Panelists in the Q&A box. Type your question and select Send. The moderator will queuequestions for the panelists.
  • Transcript

    • 1. Privacy Protection for Substance Abuse Treatment Information An Example of Data Segmentation for Privacy Johnathan Coleman, CISSP, CISM Initiative Coordinator, Data Segmentation for Privacy Office of the Chief Privacy Officer, ONC/HHS
    • 2. AgendaWhat is Data Segmentation?Why Segment at All?Regulatory LandscapeUse Case ExampleFocus Area and ChallengesData Segmentation Initiative: Scope and OutcomeMoving Forward/Next StepsConclusionCommunity Participation 2
    • 3. What is Data Segmentation? “Process of sequestering from capture, access or view certain data elements that are perceived by a legal entity, institution, organization or individual as being undesirable to share.” Data Segmentation in Electronic Health Information Exchange: Policy Considerations and Analysis • Melissa M. Goldstein, JD; and Alison L. Rein, MS, Director Academy Health • Acknowledgements: Melissa M. Heesters, JD; Penelope P. Hughes, JD; Benjamin Williams; Scott A. Weinstein, JD3
    • 4. Why Segment at All? • Some healthcare information requires special handling that goes beyond the protection already provided through the HIPAA Privacy rule. • Additional protection through the use of data segmentation emerged in part through state and federal privacy laws which address social hostility and stigma associated with certain medical conditions.* • Data Segmentation for Privacy provides a means for electronically implementing choices made under these privacy laws. * The confidentiality of alcohol and drug abuse Patient records regulation and the HIPAA privacy rule: Implications for4 alcohol and substance abuse programs; June 2004, Substance Abuse and Mental Health Services Administration.
    • 5. Examples of Heightened Legal Privacy Protections (1) • Federal Confidentiality of Alcohol and Drug Abuse Patient Records regulations [42 CFR Part 2] which protect specific health information from exchange without patient consent. • State and Federal laws protecting data related to select conditions/types of data – Mental Health – Data Regarding Minors – Intimate Partner Violence and Sexual Violence – Genetic Information – HIV-Related Information5
    • 6. Examples of Heightened Legal Privacy Protections (2) • Laws protecting certain types of health data coming from covered Department of Veterans Affairs facilities and programs [Title 38, Section 7332, USC] – Sickle Cell Anemia – HIV Related Information – Substance Abuse Information • In addition, there is a proposed federal rule [45 CFR Part 164.522(a)(1)(iv)] which would allow patients to withhold any health information from payors for services they received and paid for out-of- pocket.6
    • 7. User Story Example (1)  The Patient receives care at their  local hospital for a variety of conditions, including substance abuse as part of an Alcohol/Drug Abuse Treatment Program (ADATP).   Data requiring additional protection and consent directive are captured and recorded in the EHR system. The patient is advised that the protected information will not be shared without their consent.7 Provider/Healthcare Organization 1
    • 8. User Story Example (2)   A clinical workflow event triggers additional data to be sent to Provider/Organization  2. This disclosure has been authorized by the patient, so the data requiring heightened protection is sent along with a prohibition on redisclosure.  Provider/ Organization 2 electronically receives and incorporates patient additionally protected data, data annotations, and Provider/Healthcare Provider/Healthcare prohibition on redisclosure.8 Organization 1 Organization 2
    • 9. User Story Example (3)    The Patient receives care for new, unrelated condition and is referred by Alle rgie s Organization 1 to a specialist Alle (Provider/Organization 3). rgie s Organization 1 checks the consent directive and sends authorized data to Organization 3.  Provider/Organization 3 electronically receives and incorporates data which does not require heightened Provider/Healthcare Provider/Healthcare protection.9 Organization 1 Organization 3
    • 10. Focus Area and Challenges (1) • Some regulatory requirements mandate that certain types of data not be disclosed without specific patient consent. Many of these regulations were drafted prior to broad adoption of EHRs, and include requirements (e.g. restrictions on re-disclosure) not easily implemented electronically. • Lack of granularity in current implementations results in reliance on out- of–band handling (all-or-nothing choice is easier to implement). • There are multiple levels at which segmentation can occur (e.g. disclosing provider, intended recipient, or category of data such as medications). There are no widely adopted standards to segment at these levels. • There are no widely adopted standards for transferring restrictions or notice of restriction (e.g. for re-disclosures).10
    • 11. Focus Area and Challenges (2) Underlying Challenge: Enable the implementation and management of disclosure policies that: • Originate from the patient, the law, or an organization. • Operate in an interoperable manner within an electronic health information exchange environment. • Enable individually identifiable health information to be appropriately shared. Technical Considerations: • Prevalence of unstructured data/free text fields. • Defining “sensitive information”: Pre-determining categories of information can ease implementation, but patients express a strong preference for systems that enable them to convey their personal preferences more fully.11
    • 12. Initiative Objectives• Data Segmentation for Privacy aims to address standards needed to protect those parts of a medical record deemed especially sensitive or that may otherwise require additional privacy protection, while allowing other health information to flow more freely.• It will help enable interoperable implementation and management of varying disclosure policies in an electronic health information exchange environment, allowing providers to share specified portions of an electronic medical record while retaining others, such as information related to substance abuse treatment. 12
    • 13. Data Segmentation Initiative: Scope • Focus on defining the use case, user stories and requirements supporting data segmentation for interchange across systems. • The initiative builds on the PCAST* vision by testing recommendations from the HITSC** for the development of metadata tags to be used for exchanging data • *PCAST: Presidents Council of Advisors on Science and Technology • **HITSC: The Health Information Technology Standards Committee13
    • 14. Data Segmentation Initiative: Outcome • Successful pilot test of a privacy protection prototype compliant with Federal privacy and security rules across multiple systems demonstrating interoperability. • Validation of the applicability and adequacy of the recommended standard(s) in implementing a data segmentation solution.14
    • 15. Solution Development LifecycleAs of Feb 201215
    • 16. Community Participation Initiative Timing Outputs Launch Date Oct 5, 2011 # Use Case Artifacts TBD Elapsed Time (as-of today) 2.5 months # User Stories 11 (currently being explored) Anticipated Ramp-Down Fall 2012 Use Case Complexity High # Use Case WG Members 62 Participation & Process # Wiki Registrants 148 # Committed Members 56 # Committed Organizations 52 # Cumulative Workgroups 1 # Workgroup Meetings Held* 28 # Days Between Meetings 5.416
    • 17. Community Participation AHIMA HIMSS Allscripts HIPAAT International Inc American College of Obstetricians and Gynecologists (ACOG) LINTECH American College of Rheumatology MASS, Inc Apelon, Inc McKesson Apixio Medical Arts Rehabilitation, Inc. Availity Meditology Services Baycliffe Strategies Inc MedPlus/Quest Diagnostics CAL2CAL Corp Metasteward LLC CDC / DHQP MITRE Center for Mental Health Services of SAMHSA National Health Data Systems Covisint National Partnership for Women & Families Datuit, LLC Ohio Health Information Partnership Department of Veterans Affairs Oracle Discoverture Health Solutions OZ Systems Elekta Inc Private Access Inc EnableCare Prosocial Applications, Inc. Epic Quantal Semantics, Inc. Eversolve, LLC RAIN FairWarning Inc SAMHSA GE Healthcare SG Healthcare Analytics Gorge Health Connect, Inc. Texas State University HACNet labs at SMU The National Council17 HHS Thomson Reuters – Healthcare
    • 18. Next Steps • The ONC Data Segmentation Initiative is open for anyone to join. This community meets frequently by webinar and teleconference and has access to a Wiki page to facilitate discussion and the harmonization of data standards. Information on how to join the Community can be found on the Data Segmentation Wiki page: http://wiki.siframework.org/Data+Segmentation+Sign+Up • In order to ensure the success of DSI and the subsequent pilot, we encourage broad and diverse participation to ensure the standards reflect technology used across the industry and meet the needs of all stakeholders. • This is your chance to have an impact on the creation and implementation of a pilot program in this important area of health IT development.18
    • 19. Conclusion • Data segmentation provides a potential means of protecting specific elements of health information, both within an EHR and in broader electronic exchange environments, which can prove useful in implementing current legal requirements and honoring patient choice. • In addition, segmentation holds promise in other contexts; the electronic capture of data in structured fields facilitates the re-use of health data for operations, quality improvement, public health, and comparative effectiveness research. Data Segmentation enables patients and providers to share specific portions of the electronic medical record, as guided by applicable policy.19
    • 20. References/Contact Information • For more information on the President’s Council of Advisors on Science and Technology (PCAST) Report go to: http://www.whitehouse.gov/sites/default/files/microsites/ostp/pcast-health-it-report.pdf • The full whitepaper by Melissa M. Goldstein, entitled, “Data Segmentation in Electronic Health Information Exchange: Policy Considerations and Analysis” is available at: http://healthit.hhs.gov/portal/server.pt/community/healthit_hhs_gov__privacy_and_security/1147 Thank you! Johnathan Coleman, CISSP, CISM Scott Weinstein, J.D. Initiative Coordinator, Data Segmentation for Privacy Office of the Chief Privacy Officer Principal, Security Risk Solutions Inc. Office of the National Coordinator for Health 698 Fishermans Bend, Information Technology Mount Pleasant, SC 29464 Department of Health and Human Services20 Email: jc@securityrs.com Tel: (843) 647-1556 Email: scott.weinstein@hhs.gov

    ×