must contain a framework which permits diverse solutions to the age-old questions of self and society
should facilitate exchange of health information between systems with different 'set up' configurations in the networks of rights, obligations, access, and privacy considerations that surround health records
The concept of ‘ownership’, which can be deconstructed into rights and reciprocal obligations, is problematic when viewed cross-culturally
A decision was taken by WG1 members at the Tokyo meeting November 1999 to delete the ownership concept from the title of the work item
Review of international literature on access to health records
We presented a critical overview of national standards and procedures, including assessment of the extent of international consensus on principles relevant to access(please refer to this in the document on the WG1 web site)
many OECD countries have broadly similar rules and restrictions regarding access, but:
details vary considerably, and
relatively little information is available about practices and procedures in other countries
Cultural concepts regulating access can be considered as sets of ‘roles’, and ‘rules’ relating those roles.
Operationalizing is challenging and will show up redundancies, inconsistencies (eg David Jones’ UK scenarios, see Form 4 attachment)
Systems of roles and rules are mutually defining. Our task is not to try to evolve some sort of ‘definitive set’ but rather to develop a model that can accommodate different sets of rules and roles yet remain globally interoperable
Procedures should be in place which restrict access to health information by defined criteria (e.g. the ‘what’ ‘when’ ‘who’ ‘where’ and ‘why’ list above)
The criteria, which may be culture- or jurisdiction-specific, must be able to be locally defined according to ethical precepts current in that jurisdiction. These may or may not include individual consent, depending on the situation
There should be a process or processes mediating the exchange of health information at jurisdictional boundaries
This should allow EHR to interoperate in a way that is truly global yet respects local customs and culture. It follows that the process should be both simple and be amenable to customisation in different jurisdictions
The collection of clinical objects formed at the clinical encounter has an access object assigned to it.
These contain a key to the data contained –(patient ID), a content definition, indicating the type of information contained in the object, the ACM applicable to the object, a reference by which the data can be located, encryption keys
The definition and grain of the clinical objects is not defined by the access system
The Request Object made by the request manager would also contain encryption keys verifying ID and role of requesting agency, and the access rules for that role (what classes of data can be accessed, as well as a content template, and a statement of ‘reasons for request’).
If the ACM of the access object, and the roles and reason for request as well as the content search criteria from the request object are met, the requesting agency gets access to the referent in the access object
There is a final verification stage for the source of the requested data using the encryption key which is part of the access object, and then a ‘secure socket’ connection is established which permits exchange of data.
This concept might bridge the work of WG1,2 and 4, but WG3 would need to address content coding.
The access objects might be web-based, stored on smart cards or other mobile media (WG5)