The document proposes an architecture and process for nationwide patient-centric consent management. It discusses the need for improved electronic consent management given the limitations of paper-based consent. The proposed approach uses an internet-based consent service that stores a patient's consent preferences in one place and can provide the most current preferences to any record holder. This allows patients to manage consent in a centralized way without needing to interact directly with each individual record holder. The proposed architecture aims to balance the needs of patients, providers, and other stakeholders to enable greater data sharing while respecting patient privacy preferences.
Presentation by Megan Douglas, JD for the Third Annual Policy Prescriptions® Symposium
She is the associate director of Health Information Technology Policy in the National Center for Primary Care at Morehouse School of Medicine.
The symposium is designed for clinicians, healthcare workers, and healthcare executives interested in exploring the major themes that will emerge in health policy throughout the year. This year, the symposium will emphasize value in healthcare, health information technology, gun violence, insurance choices, the Affordable Care Act, and the viewpoints of the Presidential candidates on health care.
Director Rodriguez provides an overview to the new impact of the Omnibus HIPAA Rulemaking and highlights OCR’s commitment to enforcement, audit and education initiatives in the coming year.
Presentation by Megan Douglas, JD for the Third Annual Policy Prescriptions® Symposium
She is the associate director of Health Information Technology Policy in the National Center for Primary Care at Morehouse School of Medicine.
The symposium is designed for clinicians, healthcare workers, and healthcare executives interested in exploring the major themes that will emerge in health policy throughout the year. This year, the symposium will emphasize value in healthcare, health information technology, gun violence, insurance choices, the Affordable Care Act, and the viewpoints of the Presidential candidates on health care.
Director Rodriguez provides an overview to the new impact of the Omnibus HIPAA Rulemaking and highlights OCR’s commitment to enforcement, audit and education initiatives in the coming year.
Here’s How Blockchain Can Revolutionize TelemedicineMatthew Doyle
Could blockchain offer the boost telemedicine needs to reach its potential? Over the past several decades, digitally-facilitated medicine has made significant inroads into mainstream medicine, expanding access to care, improving health outcomes, and lowering costs for patients and providers alike — and yet, adoption is far lower than it should be. According to one study conducted by HIMSS Analytics, the percentage of providers who offer telemedicine solutions hovers at just 71%. Similarly, a 2018 Kaiser Family Foundation (KFF) report found the adoption rate for payers to be even less, with only 67% of surveyed employers reporting telemedicine coverage in their largest-enrollment health plans.
Big data is more than just a buzzword in healthcare. It's the promise of being able to extract, cull, and interpret medical data to directly benefit population and individual health. learn more about the benefits of big data, roadblocks to leveraging it's potential, how Meaningful Use enablesbig data, what types of cross-country collaboration projects are advancing the use of big data on an international scale, big data's impact on patient privacy and much more! Special thanks to Mandi Bishop for her time on the podcast.
Building blockchain based Healthcare infrastructure with beyond block labsBeyond Block Labs
The Current healthcare ecosystem mainly consists of seven key stakeholders –
patient, provider, payer, pharma, medical technology, technology vendors and
suppliers, and the government and healthcare regulator.
Speech Understanding Dictation To Clinical Data - TEPR 2009Nick van Terheyden
Speech Understanding automatically converts the spoken work into structured and encoded clinical data that provides access to relevant diagnostic support, evidence based medicine and real time alerts.
Unlocking the data tucked away in the vast mountain of documents produced as part of delivering care to patients is possible today with Speech Understanding, the next generation of speech recognition technology that not only improves the overall efficiency of the documentation process by producing higher quality, more accurate clinical data but also produces structured encoded clinical data that can populate EMR’s that are crying out for high quality input. This information is encoded using the HL7’s Clinical Document Architecture (CDA) and Common Document Types (CDA4CDT).
With knowledge of the meaning the output from Speech Understanding is now able to identify concepts, organize documents into meaningful categories and create a semantically interoperable document .
Value-Based Care and Healthcare Consumerism: Opportunities for Health IT and ...Cognizant
Health IT and technology solutions are central in the shift to value-based care and to meeting the demands of patient consumerism. Hurdles remain, but all primary players in the healthcare ecosystem, patients, providers and payers, are seeking more and better data, platform interoperability, real-time and actionable analytical insights, and more effective engagement.
Mercy Hospital Freedom Program“Hospital Based Preventive Care Program coupled with Patient Financial Incentives”
William D. Kirsh, DO, MPH
Medical Director,Department of Preventive Medicine
Slide Presentation for the Week10 Activity of HI 201. Some of the pictures used in the presentation are from http://all-free-download.com/free-photos/.
Providers need to move towards real-time analytics that have become critical to demonstrate their quality of care, as reimbursement by government programs can be contingent upon how providers are measured in “Quality of Care”. For example, the Medicare Access and CHIP Reauthorization Act (MACRA) of 2015, also called the Permanent Doc Fix, changes the way Medicare doctors are reimbursed with the implementation of a merit based incentive. The performance-based pressure is huge, which makes it imperative that every provider consider technology solutions. Read more at https://www.solix.com/solutions/data-driven-solutions/healthcare/
Here’s How Blockchain Can Revolutionize TelemedicineMatthew Doyle
Could blockchain offer the boost telemedicine needs to reach its potential? Over the past several decades, digitally-facilitated medicine has made significant inroads into mainstream medicine, expanding access to care, improving health outcomes, and lowering costs for patients and providers alike — and yet, adoption is far lower than it should be. According to one study conducted by HIMSS Analytics, the percentage of providers who offer telemedicine solutions hovers at just 71%. Similarly, a 2018 Kaiser Family Foundation (KFF) report found the adoption rate for payers to be even less, with only 67% of surveyed employers reporting telemedicine coverage in their largest-enrollment health plans.
Big data is more than just a buzzword in healthcare. It's the promise of being able to extract, cull, and interpret medical data to directly benefit population and individual health. learn more about the benefits of big data, roadblocks to leveraging it's potential, how Meaningful Use enablesbig data, what types of cross-country collaboration projects are advancing the use of big data on an international scale, big data's impact on patient privacy and much more! Special thanks to Mandi Bishop for her time on the podcast.
Building blockchain based Healthcare infrastructure with beyond block labsBeyond Block Labs
The Current healthcare ecosystem mainly consists of seven key stakeholders –
patient, provider, payer, pharma, medical technology, technology vendors and
suppliers, and the government and healthcare regulator.
Speech Understanding Dictation To Clinical Data - TEPR 2009Nick van Terheyden
Speech Understanding automatically converts the spoken work into structured and encoded clinical data that provides access to relevant diagnostic support, evidence based medicine and real time alerts.
Unlocking the data tucked away in the vast mountain of documents produced as part of delivering care to patients is possible today with Speech Understanding, the next generation of speech recognition technology that not only improves the overall efficiency of the documentation process by producing higher quality, more accurate clinical data but also produces structured encoded clinical data that can populate EMR’s that are crying out for high quality input. This information is encoded using the HL7’s Clinical Document Architecture (CDA) and Common Document Types (CDA4CDT).
With knowledge of the meaning the output from Speech Understanding is now able to identify concepts, organize documents into meaningful categories and create a semantically interoperable document .
Value-Based Care and Healthcare Consumerism: Opportunities for Health IT and ...Cognizant
Health IT and technology solutions are central in the shift to value-based care and to meeting the demands of patient consumerism. Hurdles remain, but all primary players in the healthcare ecosystem, patients, providers and payers, are seeking more and better data, platform interoperability, real-time and actionable analytical insights, and more effective engagement.
Mercy Hospital Freedom Program“Hospital Based Preventive Care Program coupled with Patient Financial Incentives”
William D. Kirsh, DO, MPH
Medical Director,Department of Preventive Medicine
Slide Presentation for the Week10 Activity of HI 201. Some of the pictures used in the presentation are from http://all-free-download.com/free-photos/.
Providers need to move towards real-time analytics that have become critical to demonstrate their quality of care, as reimbursement by government programs can be contingent upon how providers are measured in “Quality of Care”. For example, the Medicare Access and CHIP Reauthorization Act (MACRA) of 2015, also called the Permanent Doc Fix, changes the way Medicare doctors are reimbursed with the implementation of a merit based incentive. The performance-based pressure is huge, which makes it imperative that every provider consider technology solutions. Read more at https://www.solix.com/solutions/data-driven-solutions/healthcare/
A Case Study for Blockchain in Healthcare MedR.docxransayo
A Case Study for Blockchain in Healthcare:
“MedRec” prototype for electronic health records and medical research data
White Paper
Ariel Ekblaw*, Asaph Azaria*, John D. Halamka, MD†, Andrew Lippman*
*MIT Media Lab, †Beth Israel Deaconess Medical Center
August 2016
Note: The abstract and first three sections of this white paper are drawn from a peer-reviewed, formally
accepted paper, presently being prepared for publication with IEEE through their Open & Big Data
Conference, August 22-24, 2016.
MedRec: Using Blockchain for Medical Data Access and Permission Management
IEEE Original Authors: Asaph Azaria, Ariel Ekblaw, Thiago Vieira, Andrew Lippman
This material is adapted and included here with permission of the IEEE, including permission for
publication by the ONC Blockchain Challenge if selected.
Abstract
A long-standing focus on compliance has traditionally constrained development of fundamental design
changes for Electronic Health Records (EHRs). We now face a critical need for such innovation, as
personalization and data science prompt patients to engage in the details of their healthcare and restore
agency over their medical data. In this paper, we propose MedRec: a novel, decentralized record
management system to handle EHRs, using blockchain technology. Our system gives patients a
comprehensive, immutable log and easy access to their medical information across providers and
treatment sites. Leveraging unique blockchain properties, MedRec manages authentication,
confidentiality, accountability and data sharing—crucial considerations when handling sensitive
information. A modular design integrates with providers' existing, local data storage solutions, facilitating
interoperability and making our system convenient and adaptable. We incentivize medical stakeholders
(researchers, public health authorities, etc.) to participate in the network as blockchain “miners”. This
provides them with access to aggregate, anonymized data as mining rewards, in return for sustaining and
securing the network via Proof of Work. MedRec thus enables the emergence of data economics,
supplying big data to empower researchers while engaging patients and providers in the choice to release
metadata. The purpose of this paper is to expose, in preparation for field tests, a working prototype through
which we analyze and discuss our approach and the potential for blockchain in health IT and research.
1. Introduction
EHRs were never designed to manage multi-institutional, life time medical records. Patients leave
data scattered across various organizations as life events take them away from one provider's data silo and
into another. In doing so they lose easy access to past data, as the provider, not the patient, generally
retains primary stewardship (either through explicit legal means in over 21 states, or through default
arrangements in the process of providing care) [.
Discussion for Week 4SubscribeTopic Explain the data i.docxmadlynplamondon
Discussion for Week 4
Subscribe
Topic: Explain the data interchange standards required to enable the flow of the
information.
As part of the Stage 2 assignment, you will identify Data Interchange Standards the
Midtown Family Clinic EHR system will use to exchange information with external
organizations. For this discussion, we will explore several different Data
Interchange Standards, or "Interoperability Standards" as the ONC defines them.
First to understand the top challenges in sharing data, read
http://www.pewtrusts.org/en/research-and-analysis/fact-
sheets/2016/11/electronic-health-records-patient-matching-and-data-
standardization-remain-top-challenges This article highlights the need for data
standardization. Next, you will become familiar with the Interoperability Standards
Advisory published and maintained by the Office of the National Coordinator for
Health Information Technology (ONC) https://www.healthit.gov/isa/ The purpose
of the Advisory, as stated on the website is shown below.
The Interoperability Standards Advisory (ISA) is meant to serve at least the following
purposes:
1. To provide the industry with a single, public list of the standards and
implementation specifications that can best be used to address specific
clinical health information interoperability needs. Currently, the ISA is focused
on interoperability for sharing information between entities and not on intra-
organizational uses.
2. To reflect the results of ongoing dialogue, debate, and consensus among
industry stakeholders when more than one standard or implementation
specification could be used to address a specific interoperability need,
discussion will take place through the ISA public comments process. The web-
version of the ISA will improve upon existing processes, making comments
more transparent, and allowing for threaded discussions to promote further
dialogue.
http://www.pewtrusts.org/en/research-and-analysis/fact-sheets/2016/11/electronic-health-records-patient-matching-and-data-standardization-remain-top-challenges
https://www.healthit.gov/isa/
3. To document known limitations, preconditions, and dependencies as well as
provide suggestions for security best practices in the form of security patterns
for referenced standards and implementation specifications when they are
used to address a specific clinical health IT interoperability need."
GROUP 4: From the many different standards listed in the Advisory, choose one
that has not yet been posted and:
1. Put the Title of the standard in the Subject line for your posting.
2. Conduct some additional research and explain:
a. What the standard is
b. What the standard is used for
c. Why it is important
GROUPS 1, 2 and 3: For at least two postings,
1. Conduct your own research on the standard
2. Critically evaluate and respond to the explanation provided for:
a. What the standard is
b. What the standard is used for
c. Why it is important
3. Provide at least one additional comme ...
21st Century Act and its Impact on Healthcare ITCitiusTech
This document gives an overview, core objectives of the act and enumerates purpose of each part / division of the 21st Century Act. It lists down the sections of the act which have a direct impact on Healthcare IT and gives a brief overview of each section.This document also explains the impact of 21st Century Cures Act on regulatory bodies: FDA / NIH / HSS.
Running Head EVALUATION PLAN FOCUSEVALUATION PLAN FOCUS 1.docxcowinhelen
Running Head: EVALUATION PLAN FOCUS
EVALUATION PLAN FOCUS 1
Evaluation Plan Focus
Student Name
University Affiliations
Date
Professor
Scenario 1:
Your hospital is implementing a new unified acute and ambulatory Electronic Health Record (EHR) system through which patient care documentation will occur. Interdisciplinary assessment forms (including nursing), clinical decision support, and medical notes will be documented in this system. The implementation of the system is anticipated to improve the hospital’s performance in a multitude of areas. In particular, it is hoped that the use of the EHR system will reduce the rate of patient safety events, improve the quality of care, deter sentinel events, reduce patient readmissions, and impact spending. The implementation of the EHR system is also
Introduction
Evaluation plan involves an integral part regarding a grant suggestion providing information aimed at improving a project during the development and implementation. I will participate in the assessment of the scenario system in throughout the project. The scenario includes the hospital that is implementing the new unified as well as the Ambulatory EHR (Electronic Health Record) system that enhances the documentation of patient care. The purpose of the paper is explaining the selected scenario one, explanation of the reasons for selecting it, and summarizing of the research findings on the similar HIT implementations. More so, there is a description of the evaluation viewpoint, and goal guiding the assessment plan and same rationale.
HIT System Selected
The new system to be implemented has various modules that contain interdisciplinary assessment forms, medical notes, and clinical decision support where their documentation is guaranteed. The implementation of the unified system will enhance improved performance of the hospital in several departments. The new EHR system becomes of great importance to the hospital since there is a reduction of medical errors, reduction of the rate of the safety events of each patient, improving the quality of healthcare, deterrence of sentinel events, reduced patients readmissions as well as impact spending. Another reason for choosing the scenario is that the new system will enhance while fulfilling the requirements of meaningful use as stipulated in the HITECH (Health Information Technology for Economic and Clinical Health) Act. Therefore, the need for evaluation regarding the EHR implementation becomes paramount since it will help to identify the associated risks while adjusting the modules required when offering the medication services to the patients (Lanham, Leykum & McDaniel, 2012).
Summary of Research Findings on Similar HIT Implementations
Several evaluations are analogous to the HIT system implementation of the unified system with related differences regarding the outcomes based on the primary goals. For instance, some of the implemented systems fail to meet one hundred percent ...
Electronic Health Records Implementation RoundtableDATAMARK
DATAMARK and Creative Health Care (CHC) recently brought together CIOs, physicians and other stakeholders from U.S.-based hospital organizations to share experiences with implementation of Electronic Health Records systems to meet Meaningful Use requirements of healthcare reform.
Part ONE-1 page AMA format-due 917 by 1000 pm EST Evaluate m.docxdanhaley45372
Part ONE-
1 page AMA format-due 9/17 by 10:00 pm EST
Evaluate meaningful use regulations for recovery audit contractors (RACs) and electronic health records (EHRs), as well as the impact on either case management or performance incentives. What is the purpose of these regulations? How effective are they in meeting the purpose? Support your answer with course resources-attached
Part TWO
In response to your peer-provided below, agree or disagree with their assessments of the effectiveness of RAC and EHR meaningful use regulations. Be sure to justify your answer.
Classmate Chiwaula’s post:
Top of Form
MEANINGFUL USE REGULATIONS FOR RECOVERY AUDIT CONTRACTORS & ELECTRONIC HEALTH RECORDS
IMPACT ON CASE MANAGEMENT OR PERFORMANCE INCENTIVES.
In 2015 the Board of Registration in Medicine introduced a set of regulations requiring physicians to demonstrate proficiency in the use of electronic medical records, as well as the skills to achieve the federal Meaningful Use standard. Under the regulations, physicians are considered to have demonstrated proficiency if they meet any one of the following conditions:
· Participating in the Meaningful Use program as an Eligible Professional
· Having a relationship with a hospital that has been certified as a Meaningful Use participant. This relationship would be satisfied by any oneof the following conditions:
. Employed by the hospital
. Credentialed by the hospital to provide patient care
. Having a “contractual agreement” with the hospital
· Completing at least three hours of accredited CME program on electronic health records. Such a program must, at a minimum, discuss the core and menu set objectives, as well as the clinical quality measures for Meaningful Use.1
The Recovery Audit Contractor, or RAC, program was created through the Medicare Modernization Act of 2003 (MMA) to identify and recover improper Medicare payments paid to health care providers under fee-for-service (FFS) Medicare plans. The United States Department of Health and Human Services (DHHS) is required by law to make the program permanent for all states by January 1, 2010, under section 302 of the Tax Relief and Health Care Act of 2006.2 The main goals for RAC include:
• Minimize Provider Burden
• Ensure Accuracy
• Maximize Transparency
RACs are authorized to investigate claims submitted by all physicians, providers, facilities, and suppliers—essentially, everyone who provides Medicare beneficiaries in the fee for service program with procedures, services, and treatments and submits claims to Medicare (and/or their fiscal intermediaries (FI), regional home health intermediaries (RHHI), Part A and Part B Medicare administrative contractors (A/B/MACs), durable medical equipment Medicare administrative contractors (DME MACs), and/or carriers.2
Benefits of Electronic Health Records (EHRs)
Providers who use EHRs report tangible improvements in their ability to make better decisions with more compreh.
Running Head SHARING CLINICAL DATASHARING CLINICAL DATA.docxtodd521
Running Head: SHARING CLINICAL DATA
SHARING CLINICAL DATA7
SHARING CLINICAL DATA
STUDENT’S NAME:
LECTURER:
DATE:
Introduction
Electronic Health Record (EHR) is the computerized storage and sharing of patients’ health information to help in continuous monitoring of the patients’ health (Shickel B., 2017). This is a system developed to enable health clinics share information that can help in providing effective medication to the patients with different kinds of health needs. The data on patients is stored and accessed by the clinics during visits from the patient which will help in care management of the patients. An electronic health record system can be helpful as the information stored consist of medical history of a patient, laboratory tests, treatment plans, immunization dates and various allergies of the patients. This is helpful when the patient visits different clinic health providers where they will not need to explain the situations over and over again.
Electronic health record system automates information sharing and reduces the traditional paper work which was tiresome and had a great risk of losing information. With the HER, information on patients is kept in a secure system where only authorized persons can access it. Errors are minimized in provision of health care since the information kept can be more accurate and available at any given time.
Wasatch Family Clinic will greatly benefit from this strategy of recording, keeping and sharing of information on patients. The nurses can use the system to easily record the patients’ names, numbers and all other critical information required during scheduling for clinical attendance of any patient. Tracing of the information will be easier compared to using the traditional form of papers in storing information for a patient.
Need to share data
Information on health status of a patient has to be kept with care and only authorized persons can be able to access them. This helps in building ethical handling of patients’ information which creates their trust on the health care providers (Drazen J., 2015).
Wasatch Family Clinic needs to share their health data with the patients for them to understand their health issues. The clinic also needs to share data with other health facilities in order to increase the patient’s safety and a great care.
Duplicate registrations will be avoided by sharing data in the different departments of the health care center. A real-time link can be created for the patients from registration, through consultation, testing and final medication. This can save Wasatch family Clinic from traditional paper work which took most time when searching for medical records of a patient at every stage in the clinic. Time can also be saved when the information of the patient is a system shared by the departments of the clinic health center.
Wasatch Family Clinic will also benefit economically when the data is shared improving service time and hence reducing.
FACULTY OF HIGHER EDUCATION
Individual assignment 1 - Case study analysis
HS2061 Information Systems Project Management
Trimester 2 2018
Date Due: Friday Week 5 by 5:00 PM Marks
Weighting 10%
Student Name (Block letters) Student Number:
___________________________ _____________
HS2061 IS Project Management – Assignment 1 T2 2018 1
1. Develop a system scope document
Using the MedRec Case Study provided,
develop a system scope document. This document must include a
section for each of the following:
• the business problem,
• a statement of purpose,
• the benefits of a new system
• the system capabilities and what it must achieve as a
minimum
Ensure you use business language and write in the third person
(avoid the use of I or we). A business report format should be
followed.
Word limit: 500 – 1000 words
Marking Criteria
ASSESSMENT 1 CRITERIA
N/A Poor Fair Good Very Good Excellent
Scope
Document Statement of Purpose (1)
Business problem (2)
Business Benefits (2)
System capabilities (2)
Exclusions (1)
Document
Format
Document Presentation Good layout
Grammar & Spelling (2).
Deduction for late, copied, or plagiarised
work (up to total marks earned)
Total out of 10
A Case Study for Blockchain in Healthcare:
“MedRec” prototype for electronic health records and medical research data
White Paper
Ariel Ekblaw*, Asaph Azaria*, John D. Halamka, MD†, Andrew Lippman*
*MIT Media Lab, †Beth Israel Deaconess Medical Center
August 2016
Note: The abstract and first three sections of this white paper are drawn from a peer-reviewed, formally
accepted paper, presently being prepared for publication with IEEE through their Open & Big Data
Conference, August 22-24, 2016.
MedRec: Using Blockchain for Medical Data Access and Permission Management
IEEE Original Authors: Asaph Azaria, Ariel Ekblaw, Thiago Vieira, Andrew Lippman
This material is adapted and included here with permission of the IEEE, including permission for
publication by the ONC Blockchain Challenge if selected.
Abstract
A long-standing focus on compliance has traditionally constrained development of fundamental design
changes for Electronic Health Records (EHRs). We now face a critical need for such innovation, as
personalization and data science prompt patients to engage in the details of their healthcare and restore
agency over their medical data. In this paper, we propose MedRec: a novel, decentralized record
management system to handle EHRs, using blockchain technology. Our system gives patients a
comprehensive, immutable log and easy acce.
76 CHAPTER 4 Assessing Health and Health Behaviors Objecti.docxpriestmanmable
76
CHAPTER 4
Assessing Health and Health Behaviors
Objectives
this chapter will enable the reader to:
1. Describe the expected outcomes of a nursing health assessment.
2. Identify the components of a nursing health assessment conducted for an individual client.
3. Examine life span, language, and culturally appropriate nursing health assessment tools for children, adults, and older adults.
4. Compare the similarities and differences among the various approaches to assessing the family, mindful of cultural influences.
5. Evaluate the criteria for conducting a screening in the community.
6. Compare the similarities and differences among the various approaches to assessing
the community.
Athorough assessment of health and health behaviors is the foundation for tailoring a health promotion-prevention plan. Assessment provides the database for making clinical judgments about the client’s health strengths, health problems, nursing diagnoses, desired health or behavioral outcomes, as well as the interventions likely to be effective. This information also forms the nature of the client–nurse partnership such as the frequency of con- tact and the need for coordination with other health professionals. The portfolio of assessment measures depends on the characteristics of the client, including developmental stage and cul- tural orientation. The nurse assesses age, language, and cultural appropriateness of the various measures selected.
Cultural competence is the ability to communicate effectively with people of different cultures. Providing culturally competent care is the cornerstone of the nursing assessment. The nurse’s aware- ness of her own attitude toward cultural differences and her cultural worldview and characteristics
Chapter4 • AssessingHealthandHealthBehaviors 77
are critical to her understanding and knowledge of various cultures. Recognizing that diversity exists in all cultures based on educational level, socioeconomic status, religion, rural/urban residence, and individual and family characteristics will ensure a more successful encounter (The Office of Minority Health, 2013). An online cultural educational program, designed specifically for nurses and featur- ing videotaped case studies and interactive tools, is available.
The Enhanced National Standards for Culturally and Linguistically Appropriate Services, based on a definition of culture expanded to include geography, spirituality, language, race and ethnicity, and biology, provides a practical guide to culturally and linguistically sensitive care (The Office of Minority Health, 2013).
Technology is having a significant impact on health care. The Electronic Health Record (EHR) promotes involvement of the client in developing a dynamic, tailored database. The EHR offers great promise to improve health and increase the client’s satisfaction with his care. Data aggregation, cross-continuum coordination, and clinical care plan management are critical com- ponents of the.
Electronic health record (EHR) is a computerized patient-centric history of an individual’s health
care record that includes data from the multiple sources of care that the patient has used.
4 hours ago
Amy Miller
RE: Discussion - Week 7
Collapse
NURS 6050C: Policy and Advocacy for Improving Population Health
Main Question Post. The Patient Protection and Affordable Care Act of 2010 created several positive healthcare policies such as affordable health care, lifting the preexisting health condition clause from health insurance, requiring facilities to make healthcare charges public knowledge, and enforcing healthcare providers to become active in improving quality and health outcomes for patients (Library of Congress, n.d.). The act addressed a combination of the health care drivers of cost, quality, and access. According to a report released by the White House Press Secretary on April 17, 2014, “The Affordable Care Act is working. It is giving millions of middle class Americans the health care security they deserve, it is slowing the growth of health care costs and it has brought transparency and competition to the Health Insurance Marketplace.” (The White House, 2014). However, the price some healthcare providers had to pay a heavy financial - forcing some providers out of business. The negative side of the act is seldom portrayed in the news and media.
Section 3131(a) of the act required payment for home health services to be rebased over a period of four years (Centers for Medicare & Medicaid Services, 2013); resultant in a 2.8% reduction beginning in 2014 for four consecutive years totaling a reduction in payment of 11.6%. The reductions were placed along with mandates for quality reporting, new forms, and new processes resulting in increased administrative overhead costs while shouldering the burden of financial reductions.
Initiating a Change in Policy Process
Living in a rural community, I witness firsthand the lack of access to care as there are limited numbers of primary care providers. Couple the limited access to providers with the amount of paperwork and forms that must be signed by a physician and patients are not referred to home health services as often as one should be – the result is the patient presenting to the emergency room or a hospitalization to have one’s health care needs met. Currently, Medicare and Medicaid do not allow physician assistants or advanced practice registered nurses (APRNs) to sign the necessary orders and plan of care for home health services – only a “doctor of medicine, osteopathy, or podiatric medicine” may sign for services (Government Publishing Office, 2014, p. 693). I would like to use the knowledge gained as an APRN to legislate for this mandate to be changed and allow both physician assistants and APRNs to sign for coverage of home health services.
The Kingdon Model would be utilized for the legislation process by finding the three streams of problem, policy, and politics to coordinate with the above-mentioned issue (Milstead, 2019, p. 24). The problem would consist of the burdensome amount of paperwork imposed upon.
Electronic Health Records: purpose of electronic health records, popular electronic health record system, advantages of electronic records, challenges of electronic health records, the key players involved.
Healthcare by Any Other Name - Centricity Business WhitepaperGE Healthcare - IT
Whether referred to as integrated healthcare or accountable care, the
current focus on new healthcare models is a reaction to long-standing
concerns around quality, cost, and efficiency. Many of these issues stem
from care delivery systems that have been:
• Directed more at episodic treatment than prevention and early intervention
• Fragmented rather than integrated and coordinated
• Focused on patient eligibility and billing rather than patient engagement
within and outside of the care setting
• Customized to the idiosyncrasies of individual facilities rather than
standardized across care sites
• Rewarded more for volume than for quality and cost outcomes
The resulting inefficiencies have made healthcare less effective, less safe,
and more costly than can be tolerated, particularly against the backdrop of
a challenging worldwide economy. The old dictum ‘if you provide healthcare,
they will pay’ no longer applies. Public payers, private payers, and regulatory
agencies are wielding both carrots and sticks to drive healthcare organizations
toward greater coordination, demonstrable quality, and measurable
cost control.
The consensus on what ails our health systems, as well as the availability
of new technologies, has led to the creation of new models of delivery,
such accountable care organizations and integrated health organizations.
By whatever name, these healthcare models are designed to promote
accountability and improve outcomes for the health of a defined population.
Implementation of Consent in Health Information Exchange (HIE)CitiusTech
The issue of whether to what extent, and how individuals should have the ability to access and control over their health information represents one of the foremost policy challenges related to the electronic exchange of health information.
Buy Verified PayPal Account | Buy Google 5 Star Reviewsusawebmarket
Buy Verified PayPal Account
Looking to buy verified PayPal accounts? Discover 7 expert tips for safely purchasing a verified PayPal account in 2024. Ensure security and reliability for your transactions.
PayPal Services Features-
🟢 Email Access
🟢 Bank Added
🟢 Card Verified
🟢 Full SSN Provided
🟢 Phone Number Access
🟢 Driving License Copy
🟢 Fasted Delivery
Client Satisfaction is Our First priority. Our services is very appropriate to buy. We assume that the first-rate way to purchase our offerings is to order on the website. If you have any worry in our cooperation usually You can order us on Skype or Telegram.
24/7 Hours Reply/Please Contact
usawebmarketEmail: support@usawebmarket.com
Skype: usawebmarket
Telegram: @usawebmarket
WhatsApp: +1(218) 203-5951
USA WEB MARKET is the Best Verified PayPal, Payoneer, Cash App, Skrill, Neteller, Stripe Account and SEO, SMM Service provider.100%Satisfection granted.100% replacement Granted.
Digital Transformation and IT Strategy Toolkit and TemplatesAurelien Domont, MBA
This Digital Transformation and IT Strategy Toolkit was created by ex-McKinsey, Deloitte and BCG Management Consultants, after more than 5,000 hours of work. It is considered the world's best & most comprehensive Digital Transformation and IT Strategy Toolkit. It includes all the Frameworks, Best Practices & Templates required to successfully undertake the Digital Transformation of your organization and define a robust IT Strategy.
Editable Toolkit to help you reuse our content: 700 Powerpoint slides | 35 Excel sheets | 84 minutes of Video training
This PowerPoint presentation is only a small preview of our Toolkits. For more details, visit www.domontconsulting.com
Affordable Stationery Printing Services in Jaipur | Navpack n PrintNavpack & Print
Looking for professional printing services in Jaipur? Navpack n Print offers high-quality and affordable stationery printing for all your business needs. Stand out with custom stationery designs and fast turnaround times. Contact us today for a quote!
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...BBPMedia1
Marvin neemt je in deze presentatie mee in de voordelen van non-endemic advertising op retail media netwerken. Hij brengt ook de uitdagingen in beeld die de markt op dit moment heeft op het gebied van retail media voor niet-leveranciers.
Retail media wordt gezien als het nieuwe advertising-medium en ook mediabureaus richten massaal retail media-afdelingen op. Merken die niet in de betreffende winkel liggen staan ook nog niet in de rij om op de retail media netwerken te adverteren. Marvin belicht de uitdagingen die er zijn om echt aansluiting te vinden op die markt van non-endemic advertising.
LA HUG - Video Testimonials with Chynna Morgan - June 2024Lital Barkan
Have you ever heard that user-generated content or video testimonials can take your brand to the next level? We will explore how you can effectively use video testimonials to leverage and boost your sales, content strategy, and increase your CRM data.🤯
We will dig deeper into:
1. How to capture video testimonials that convert from your audience 🎥
2. How to leverage your testimonials to boost your sales 💲
3. How you can capture more CRM data to understand your audience better through video testimonials. 📊
Cracking the Workplace Discipline Code Main.pptxWorkforce Group
Cultivating and maintaining discipline within teams is a critical differentiator for successful organisations.
Forward-thinking leaders and business managers understand the impact that discipline has on organisational success. A disciplined workforce operates with clarity, focus, and a shared understanding of expectations, ultimately driving better results, optimising productivity, and facilitating seamless collaboration.
Although discipline is not a one-size-fits-all approach, it can help create a work environment that encourages personal growth and accountability rather than solely relying on punitive measures.
In this deck, you will learn the significance of workplace discipline for organisational success. You’ll also learn
• Four (4) workplace discipline methods you should consider
• The best and most practical approach to implementing workplace discipline.
• Three (3) key tips to maintain a disciplined workplace.
Recruiting in the Digital Age: A Social Media MasterclassLuanWise
In this masterclass, presented at the Global HR Summit on 5th June 2024, Luan Wise explored the essential features of social media platforms that support talent acquisition, including LinkedIn, Facebook, Instagram, X (formerly Twitter) and TikTok.
At Techbox Square, in Singapore, we're not just creative web designers and developers, we're the driving force behind your brand identity. Contact us today.
1. Architectures and Processes for Nationwide Patient-Centric Consent Management
P. Mork, A. Rosenthal, and J. Stanford
The MITRE Corporation
Abstract
Background: Before electronic health information can be shared, the patient’s consent must be obtained. However,
the current paper-based process is insufficient at a nationwide scale. Improvements will need to be introduced
gradually, in a manner compatible with an exceedingly complex system: multiple professions, islands of partial
standardization, radical differences in automation and technical sophistication, autonomous players with differing
motivations, refusals to participate, external data sources, an evolving and unpredictable legal landscape, and
pressure groups from privacy advocates, researchers, and health providers.
Objective: We propose pragmatic requirements and a highly patient-centric, Internet-based consent management
architecture .
Methods: We examine requirements for serving a wide variety of patients and providers, including their diverse
incentives. Based partly on experience with our Kairon Consent prototype, we then describe a modular,
incrementally adoptable system design, and illustrate its behavior and advantages via use cases.
Results: Our approach lets patients specify their privacy preferences covering a variety of possible uses of their
personal health information in one virtual document; emergencies and research can be included. Record holders can
retrieve the patient’s privacy policies, reconcile with what they are willing to enforce, and mix in government
defaults and mandates as additional rules. Then, we describe how a record holder uses the consent service to
determine just the privacy constraints that need to be enforced for a particular request. With today’s systems, many
of these constraints need to be verified manually; our architecture enables incremental automation. We illustrate
how our architecture can support a wide variety of use cases, and examine the independent stakeholders’ incentives
to participate. The approach was found able to handle an extremely wide range of requirements, but not all. Open
problems were identified; while new features are needed, the architecture extends naturally.
Conclusion: It is technically feasible to implement very flexible patient-centric consent, considerably beyond the
scope of current Data Segmentation standards initiatives. .
Introduction and Background
1.1 Introduction
As the world moves towards widespread adoption of electronic health records (EHRs), one of the most frustrating
problems is how to meet legal/regulatory requirements to obtain and apply patients’ consent to share data with other
parties. The business case for interoperable EHRs rests in their ability to exchange data to support patient care,
clinical research, and biomedical surveillance. However patients have a justified fear of exposing their health
information to third parties and consider the ability to control the use of their data to be critically important. This
paper proposes a technical approach to meet many of the consent management desiderata established by the Office
of the National Coordinator for Health Information Technology (ONC) [1 Gold1, 2 Mark1]. We also discuss the
policy issues that arise when sharing health information on a nationwide scale, such as the U.S. Nationwide Health
Information Network.
Providers currently supply consent forms, explain them to patients and bear the burden of enforcement, so their
concerns tend to be favored over the patients’ concerns. To minimize burdens, they rarely provide the ability to
express nuanced consent preferences [4 Mark2]. Instead, a typical provider institution creates its own form, usually
notifying patients of the institution’s HIPAA data sharing policies, but not allowing patients to express their own
privacy preferences. Also, its stack of paper consent forms cover a narrow range of anticipated data sharing. If a
patient needs to have his records forwarded to another physician or to be screened for research protocols, he often
2. has to complete additional paper forms for each request. When the patient wishes to revoke consent, providers
holding consent forms that enable them to disclose data need to be identified and those forms updated. (It seems
infeasible to “claw back” data that has been released, because data from an imported document may percolate to
many parts of the recipient’s EHR, and a recipient who has acted on it wants to document what they knew, when.)
We aim to enable systems that support patient privacy, and are flexible enough to adapt to the compliance
requirements of many jurisdictions, both internationally and among the 50 US states. Elegance and flexibility are
required, rather than a mass of idiosyncratic features. The architecture is intended to be flexible enough to adapt to
legal requirements, including future ones, rather than being a perfect fit for today.
Our objective is to get suitable policies (rulesets) to the record holders, automate more decision-making, reduce
costs, and make it feasible to document the patient’s wishes in a form that is readily accessible, understandable and
up-to-date. This paper describes one part in detail -- handling the patient’s preferences. The Future Work section
briefly explains how we will mix in government and record holder preferences, reconcile with a record holder’s
enforcement ability, and provide an integrated ruleset, so patients and others can understand how the combined
system will behave.
In our “Kairon” prototype, a patient manages one preferences document (a ruleset) that is used for all requests to all
record holders. This allows patients to guide data sharing by independent laboratories and health information
exchanges (HIEs) with whom they have no direct relationship. By providing nationwide access to up to date consent
preferences, we enable patients to update their preferences in one place, without contacting every potential record
holder. We propose an Internet-accessible consent service, which is patient-centric in three senses:
• Preference management: The preferences are stored by the consent service on behalf of the patient, not by each
provider. The patient can update them at will. Upon each request; the service provides the current version to
apply.
• Preference choice: The patient expresses their own privacy preferences, usually in terms of recipient’s
attributes (credentials and relationships), rather than as individuals. Record holders cannot reject a patient’s
ruleset, but may return unknown for terms that the automated system cannot evaluate.. (Issues of medical
safety are briefly discussed in the appendix)
• Choice of consent format: The vocabulary and constructs employed to express consent are chosen on behalf of
the patient, by the consent service they subscribe to. The preferences can be defined in patient-friendly terms
and each rule (e.g., “do not release any information about sexually-transmitted diseases”) need be stated only
once. This is as opposed to the patient having to decipher the release form for each provider individually and
struggle to explain specific preferences in the form the provider accepts.
All participants in an exchange gain some benefit from patient-centric preference management. The benefit will be
greatest in jurisdictions where laws permit generalized rules such as “release to any clinician known to be treating
me”. Patients can establish their privacy preferences just once, and update in one place with effect on all record
holders. Record holders do not need to elicit a new document (possibly with counseling) for each new exchange of
health information, nor worry whether their consent is current. Enforcement may be more palatable when bundled
with a capability record holders want, such as enforcement of government and organizational rules. These factors
somewhat mitigate disadvantages, such as lower record holder autonomy and the need to counsel patients for whom
automated help does not suffice. Requestors will not need to solicit consent for every request, nor do it in terms of
the record holder’s consent form. Such a simplification might encourage dentists and chiropractors to push data to
the primary care provider (PCP), or the PCP to share data with any researcher they approve. This would be
especially important for recruiting to research studies or for analyses that need many patients’ data. (Some patients
will be willing to consent to have their data referenced for research, especially after “lite” deidentification and for
approved researchers). Recipients need not separately track privacy constraints that apply to the health information
they receive, but instead just check the patient’s current preference. All are spared paper forms, saving a major
administrative burden [1 Gold1, page ES-2].
We focus in particular on consent management challenges, relying on other services for generic data sharing
capabilities, such as: message handling (e.g., request submission and interception, transport, encryption), identity
services (authentication and matching, for patients and for health system entities), and reconciliation of semantic
heterogeneity.
The remainder of this paper is organized as follows. Section 1.2 describes the background and related work.
Section 2 describes the capabilities needed to manage patient consent and how to assemble those capabilities into a
consent management system. Section 3 demonstrates efficacy by showing how our proposed architecture handles
2
3. several common use cases, with varying degrees of automation. Section 4 summarizes the benefits of patient-centric
consent management as realized by our architecture, and comments on future work.
1.2 Background
Though it offers little flexibility, paper-based consent management is still a burden for all concerned. Some record
holders insist on signed paper, due to regulations or because they do not trust that an easily forged fax sufficiently
protects them. When a consortium of New York City hospitals agreed to upload all data to their Health Information
Exchange (HIE) and then rely on each other’s claim to have an authentic consent, sharing increased fourfold. [10
GSK1]
Several efforts have explored ways to transition to electronic management of patient consent. Integrating the
Healthcare Enterprise (IHE) has developed a conceptual model for consent management [9 IHE1] to be integrated
with EHRs. Storage can be provider-centric or patient-centric. Providers can specify interfaces through which
patients can state preferences. As provider constructs become standardized, some could be incorporated into user
interfaces, to promote easy enforcement.
Goldstein, ET al. [1 Gold1] discuss the privacy options patients are typically given: none, opt-in, opt-out, opt-in with
restrictions and opt-out with restrictions. This paper notes that patients perceive a need for more granular options to
restrict access to their health information based on such aspects as diagnosis, source, recipient, etc. However, few (if
any) of the systems they surveyed allowed patient-specified granular restrictions.
To explore electronic alternatives, ONC’s Security and Privacy Tiger Team [13 ONC2] discussed the state-of-the-
art in automated consent management systems. For example, InterSystems has a product that allows the patient to
specify which diagnosis codes can be released to whom (within that organization). [14 Inter1] This within-
organization focus is common among vendor offerings -- preferences specified in one location cannot be transferred
to another system, so they must be respecified, and updates are not propagated. [HITSP]. Current efforts include
standardization of consent metadata, funding experimental prototypes, and a “Segmentation” initiative that includes
standards for both data annotation and consent.
The President’s Council of Science and Technology Advisors (PCAST) report [16 PCAST1] recommended that
primary care providers explain consent policies and capture patient preferences face to face, but that patients should
also have access to a helpful web interface. Though we began this work two years before the PCAST report was
published, the consent system we describe here can ease these tasks with its intuitive presentation of preferences and
by storing and presenting educational materials.
Halamka [15 Hal1] would like to encourage patients to delegate authority to clinicians, to share their data as
desired. Such delegation is useful, but expresses only the clinician’s wish to receive data, not the patient’s wish to
send.
Our work draws on the privacy use cases established by the Health Information Technology Standards Panel
(HITSP), sponsored by the American Standards Institute [6 HITSP1] augmented by ONC guidance [7 ONC1]. The
HITSP Privacy Consent Directive Working Group presents key questions regarding the “cross validation and
verification of conflicting consents:
• What is the most recent/latest consent from a patient?
• Where can I find the various consents issued by a consumer to perform cross-validation and verification?” [8
Moehrke1]
• Does that override the other consents for specific data, specific purpose?
Internet-based patient-centric preference management answers the first two questions directly. For the third,
specificity is not a logically sufficient criterion, compared for example with a general rule for emergencies or public
health.
The Data Segmentation effort of ONC’s Standards and Interoperability Framework has developed standards for
simple patient preferences, and for compliance with special restrictions on data associated with substance abuse,
mental health, and veterans. HIPAAT http://www.hipaat.com/ and Jericho Systems’ products
http://www.jerichosystems.com/solutions/patientprivacy.html both provide Internet-based repositories for such
preferences, and enforcement at record holders. Neither the standard nor the products supports general, multi-use
consents (e.g., based on known treatment relationships), nor extensibility to other topics. Some state HIEs (e.g.,
Texas) also provide consent capabilities.
3
4. Existing security technologies provide several useful capabilities but do not suffice for consent systems. The basic
security enforcement pattern provides a way to pull access control management and enforcement out of applications,
into the security system. It involves interception by a Policy Enforcement Point (PEP), decision at a Policy Decision
Point (PDP), policy retrieved from a Policy Information Point (PIP) and authored at Policy Administration Point
(PAP). Our system extends the idea, but has multiple instances of each piece, so we do not adopt the vocabulary. We
need the ability to split rule evaluation into multiple stages, initially just substituting attributes from the request and
producing a simplified the ruleset by eliminating rules whose conditions fail for this request’s purpose or
participants. The simplified ruleset may be displayed as part of a “what if” facility, used by a person who enforces
manually, or passed to the next stage of evaluation.
The best known access control language, XACML, is an OASIS standard, and can conveniently encode Boolean
logic; the XPSD profile defines a vocabulary of information to be used in consent policies. However, XACML has
several shortcomings for our purposes. It cannot exploit taxonomies, nor use variables (akin to relational database
join) to test relationships and affiliations, so these must be done by add-on systems. It requires an extra
administration level -- targets to identify relevant rules. The supported actions are just Allow/Deny; other actions are
pushed into an opaque obligation facility, with no conflict management. Academic researchers have proposed to
deconflict based on rule strengths [Jajodia et. al.] and XACML supports that. However, researchers have not
proposed a plausible way to manage strengths in a scenario that is as complex as Consent’s mix of defaults and
mandates from patient tools, governments, and other organizations.
Methods (Technologies for Components)
This section first describes the capabilities of the consent service, and then the capabilities on which it relies:
identity management (Section 2.2), ancillary knowledge sources (Section ), and the rule logic (Section 2.4). Finally,
it describes the overall architecture and workflows, in two configurations. The utility of this approach is shown via
use cases in Section 4.
Consent Service Capabilities
The consent service associates each patient with a set of rules that identify circumstances where health information
can be released. A rule may reference attributes of the request (e.g., requestor, recipient, and purpose), the topics
covered in the item to be released, and additional knowledge (such as affiliations and referrals). Most rules specify
the action “Allow release”, subject to a condition. In our basic language, Allow is the only action, so there is no
need for explicit conflict resolution; instead patients express exceptions by negated terms within Allow condition.
Other rules (possibly expressed in a standard logic programming language) derive ancillary information, such as
ways to derive a relationship Treats(patient, clinician) based on explicit patient assertions plus referrals, on-call
substitution, and affiliations.
Upon a request, the record holder creates an answer to the requestor’s query as a set of candidate items and then
tests consent on each item and releases only those that pass the test; the effect may be, for example, to release a
subset of an XML structure, based ono the topics it contains, and their provenance. Under future work, we discuss
ways to accommodate the awkward likelihood topic detection will never be highly accurate for all data.
Establishing Privacy Preferences
Each patient chooses a consent service provider, and then establishes preferences through a graphical user interface
(UI). In the future, we envision that insurers, HMOs, and others may establish relationships with consent service
providers to make it simpler for patients.
Our prototype’s original UI partitions the patient’s preference-writing as a set of cases, each defined by a purpose
and a set of recipients,, and with predicates specified on metadata attributes. These attributes indicate type of
information (e.g., Allergies) plus presence of sensitive topics (such as mental health). However, a full specification
of an appropriate policy would involve more detail than patients can manage, to handle issues like strength of the
requestor’s authentication, or uncertainty when saying a record does not reveal a sensitive topic.
4
5. We are now exploring a higher level interface, in which experts write detailed rules, while patients merely express
where they want the balance point between protection and sharing. Currently, a slider is used to express each
balance points, both globally and on specific topics such as mental health or pregnancy. The slider values areis then
used to set the thresholds in the expert-written rules. The result is a rule such as:
Allow if purpose = treatment ∧ Identity_certainty ≥ 1 ∧
Topic is not sensitive (with certainty ≥ 2) %just a basic test
∧ Medical Categories breadth ≤ 3 % Can release short summary, not whole record
The patient’s preference may include tests on items’ topics and provenance, but that information may be unavailable
for some data (e.g., pdfs). Today, the patient must negotiate explicitly with each record holder, creating a separate
ruleset (called a directive) that the record holder is confident they can enforce, driven by the low water mark of
record holder’s capabilities. Our approach instead tells the record holder to do their best on each item, returning
Unknown in the worst case and actual topics and provenance in the best. The rule then specifies how to deal with
Unknown attribute values. Our three-valued rule logic (which can return Unknown) allows patients (through their
UIs) to specify rules whose terms that use either forgiving or strict interpretation of Unknown; future extensions
will treat levels of uncertainty.
By storing the patient’s preferences as a set of logical rules, we can support a wide range of UIs. A provider
organization could give its patients a UI that produces rules that execute easily in its EHR; advocacy groups could
develop UIs designed to address their concerns. These UIs can gradually be tailored for the gamut of patients, with
patient-friendly natural language explanations of technical terms, and templates for patients with differing concerns.
In addition, a patient or the government can specify proxies who are authorized to consent to data sharing on behalf
of the patient (e.g., if the patient is uncomfortable with electronic consent management or is a minor). A patient
might even identify a trusted physician as a proxy (assuming the physician is willing), with partial rights to
authorize individual releases or to make permanent changes.
Managing Requests
A request for patient data typically describes the data requested, plus values for purpose, individual and
organization ID for requestor, recipient, record holder, and the patient’s consent ID (Section 2.2). The requestor
and recipient can be individuals, roles, or processes. The automated enforcer has no need special “do not disclose”
constructs or patient policy to the record being sent out; further forwarding simply checks the latest consents. US
law today can require specific verbiage to be inserted into the record for substance abuse data; this text is strictly for
human readers.
When the consent service receives the request, it retrieves the patient’s preferences, and forwards them to the record
holder. Drawing on information in the request message and from other available evidence, it can simplify before
forwarding, to exclude rules that are inapplicable (e.g., Treatment rules are inapplicable to Research requests; PCP
permissions are irrelevant if the recipient is known not to be the patient’s PCP?). Sometimes this process will suffice
to generate a decision (increasingly, as standards and evidence sources improve). The consent service then sends a
decision, or else (simplified) constraints for the record holder to evaluate, in both human friendly form and machine
friendly formalisms (such as XACML or Datalog)..
The record holder needs to enforce the preferences it receives. Some rule terms may be evaluated automatically,
based on data that record holders holds, such as referrals, affiliations, and annotated data in the EHR; other rule
terms may require manual help. We expect record holders to be conservative: if a patient rule includes a term the
record holder is unable or unwilling to evaluate, Unknown is returned. Distributed query optimizing techniques
might help optimize the efficiency of human reviewers, by employing cheap-to-access data first, and manually-
supplied data last, and focusing the human on only those terms that could not be evaluated automatically.
Finally, the consent service maintains an audit log of all activity. This audit log indicates: all information in the
request message; any additional factors that influence the decision-making process (e.g., the patient told the consent
system that Dr. Jones is her PCP); endorsement of this request from the patient or proxies, and the constraints sent to
the record holder.
The patient can interact with the audit subsystem to see the history of requests, or to define alerts that notify him of
requests that meet specific criteria (e.g., a request to access the results of an HIV test). The consent service offloads
5
6. this IT burden from the record holder, who may need to cope with patient questions. As with any security system, it
will be important to avoid trivial alerts.
To manage consent on a large scale, additional capabilities are needed, to make the system trustworthy, and to
obtain ancillary information that belongs in external sources, not in EHRs. These are addressed in the next two
subsections.
Patient Identity and the Consent Systems
This section addresses the consent system’s need to ensure that a patient’s records are released based on their own
consents, rather than an inadvertent mismatch or malicious spoofer. The first step, as in eCommerce, is for the
patient to open a consent account and obtain a consent account ID, hereafter called a “consent ID.” Then, to securely
tie this account to a record holder’s records, the patient must authenticate with the record holder (in person or by
securely logging into the record holder’s system). The patient then provides a consent identifier (if present in person,
possibly via a smart card), which the record holder binds to its master identifier for that patient, rather than requiring
links to individual records. Once this is established, the record holder knows that the preferences sent by the consent
service correspond to this patient. (We examined other approaches to attaching a consent identity, but the ones
without user login seemed insecure – a malicious referral could attach the wrong ID to the recipient’s master patient
record. One could attach the consent ID to the data sent, but then must carry it along as that data is shredded and
inserted into databases.)
The consent service will give a patient voluntary digital IDs on demand; the patient decides which ID to give each
provider. A privacy purist patient might give a distinct identifier to each record holder; another person might give
the same identity to most providers (for its error-reducing benefits) but give distinct identifiers at a substance abuse
clinic and a reproductive health center. Extra IDs make it possible to attach Consent IDs without creating an
unwanted global identifier [Roop, Mark3]. (US laws currently prohibit government funding of creation of such
identifiers, even when voluntary.)
When a record holder receives a request, they are responsible for identifying the appropriate patient. If a requestor
attaches the consentID he uses for the desired patient, it can be part of the identity-matching process, to reduce
errors.
Ancillary Knowledge Sources
The consent service may rely on “ancillary” evidence not in the candidate release or the request message. Examples
include the identity of a patient’s PCP, the PCP’s referrals, and clinician attributes (specialty, and hospital
affiliations). While originating at many provider and state sources, they might be made available 7x24 through a
single interface via an HIE or data aggregator. For example, Health Management Sciences aggregates certification
and affiliation data for multiple clinical professions. Frequent refresh may be required.
Having retrieved whatever ancillary knowledge it can, the consent service matches that information against the
patient’s preferences, allowing the consent service to further simplify the constraints it forwards to the record holder.
The residue is sent to the record holder, whose may possess additional ancillary knowledge (e.g., referrals, staff
assignments), and otherwise needs to gather the information from nonautomated sources.
The consent service and the record holder need to determine if they trust the source of the ancillary information.
Creation of such a trust structure (certifications, trust relationships) is an open problem.
Rules and their logic
The patient preference consists of rules submitted through the patient’s consent specification user interface. We
anticipate that wizards and defaults will do much of the work, being customized by the patient’s expressed level of
privacy concern and topics of particular sensitivity. Our prototype evaluates only the patient preferences. We are
exploring ways to include Allow and Deny rules, especially from organizational and government preferences, to
produce an integrated ruleset.
6
7. Request Response
R: Record Holder System C: Consent Service
Request Interface Consent Interface Trust
Service
EHR (with Consent
consent IDs) Database Ancillary
Knowledge
Sources
XACML Policy
Engine Reasoner
Rules determine their own scope of applicability, by including explicit predicates on metadata available from the
request, the health record, or ancillary sources. Each rule has a condition; if that evaluates to false, the rule is
ignored. If true, then the rule is applicable and a result is created (either an Allow decision or a table that feeds into
later rules; Deny rules will be added soon). Since applicability is handled within each rule, there is no need to
construct and maintain functions to find rules to apply, nor for health records to link to rules.
Rules are currently expressed in a variant of Datalog without recursion. Datalog can express join expressions, such
as determining whether a clinician has a known affiliation with an organization known to be treating the patient;
such conditions cannot be expressed in XACML. We extend Datalog to distinguish “not known” from “not true”;
this enables us to distinguish “has no mental health data” from “as far as we can tell, has no mental health data”,
both in record holder assertions and patient predicates. Future UI extensions will let the patient extend rule conjuncts
to deal with Unknown, and more generally, to support confidence thresholds. We are also investigating semantic
web rule languages that offer easy integration with taxonomies and ontologies, and are W3C standards.
The consent service’s reasoner simplifies the ruleset, based on whatever information is available to it. That is, it
substitutes values from the request message, from ancillary sources, or from the health record, and then does logical
simplifications. Because simplify (rather than evaluate) is our primitive, we can leave a residue for automated
processing at the record holder, or manual processing (as is done today), and can perform “what if” investigations
(e.g., what constraints must be satisfied before a record is released if that record contains mental health information).
Sample Architecture
Figure 1: Configuration C for giving record holder an enforceable consent. The record holder (R) forwards the request
to the consent service (C), which uses a policy reasoner to determine the residual policy to be enforced on the health
record. Our prototype translates the residual policy to XACML and places an efficient XACML engine at the record
holder to make access decisions. The capabilities described above can be combined in multiple ways to instantiate a
consent management system. In this section, we present a high-level architecture and data flow (Figure 1). We then
discuss three sample configurations for implementing it, the first manual and the second idealized, with all requests,
consents, and EHR data employing compatible standards, and automated rule evaluation.
As shown in Figure 1, there is a consent service (C) that maintains the patient’s privacy preferences and related audit
logs in a consent database. Patients create and modify these privacy preferences via a consent specification GUI. To
avoid liability risk and reduce storage, C receives no EHR data. The record holder sends C the consent identity
registered for the patient, finds the proper consent account (resolving aliases), and connects with external sources to
7
8. obtain ancillary knowledge. This is the architecture we prototyped, as a natural extension to today’s practice. It
distributes conventional functionality into several components. One Policy Enforcement Point (PEP) intercepts the
request and sends it to our policy reasoner (acting as a partial Policy Decision Point -- PEP), which in some cases
may provide an answer for the entire request. If not, the reasoner produces a simplified policy (also called residual
policy), as the response is constructed. The relevant policy will (eventually) be constructed at run time as the PIP
mixes patient, organizational, and government rules into a single ruleset.
The processing begins before a request is sent.
• The patient selects a consent service provider, creates an account, and records their preferences as a set of rules.
• The patient gives each record holder a consent account identifier (rather than a set of consent forms), which the
record holder attaches to their master patient index.
Then, for each request to disclose patient data
• An add-on to the recipient EHR (a PEP) intercepts the request. After matching the request to the proper patient
at the record holder, it looks up the consent ID, and sends an evaluation request to the consent service.. (A
registry that indicates the correct consent service for each patient would enable patients to switch consent
services easily).
• The consent service retrieves the patient’s preferences and sends this ruleset to the reasoner. (In the future, the
ruleset will be augmented by mixing in with government and organizational preferences). Relevant ancillary
data from outside the patient record are also retrieved, if available, e.g., provider credentials, affiliations, and
treatment relationships.
• The reasoner substitutes this data into the ruleset, and performs Boolean simplifications, yielding a residual
ruleset. If the ruleset simplified to an Allow or Deny decision, the decision is returned to the record holder. (The
decision is Deny if the reasoner determines that no rule applies).
• Otherwise, the residual rules need to be evaluated at the record holder for each health record item. Items within
the patient record must be annotated (as discussed below) to tell whether they contain topics or sources that are
to be restricted.
• In all cases, each decision yields a record for the audit trail. Other obligations could also be attached.
To enable the tests, software must annotate items (on demand from rules, or in advance in the EHR) for a variety of
topics and provenance categories, as either Present, Absent, or Unknown. Annotation techniques rely on
extensive terminological and clinical knowledge and are outside our scope; as a callable service. Several such
services have been built; for example, one is included in the SAMHSA/VA demonstration at HL7 in September
2012. Secondary users may also find the annotations useful, whether to retrieve on clinical topics or to examine
patient and information flow among institutions. Annotations will be provided for legally mandated categories and a
few more; it is infeasible to annotate for every topic that a patient may someday consider sensitive.
We have identified several ways to configure the above capabilities.
Configuration A (manual): Consider a record holder R who relies on paper records and receives requests by fax or
email. A medical records specialist would enter information about the recipient and request into a web form hosted
by the consent service, and receive a human-readable version of the patient’s preferences. She interprets the
conditions for each item proposed for release. If the evaluation needs ancillary data, she obtains it by accessing
websites or by telephone.
This degree of manual processing is incompatible with extensive exchange. Still, it seems worth demonstrating that
technology-poor environments will not find their work harder. For example, a provider might initially seek only the
simplest benefits, such as distributed editing and retrieval of the latest patient and government preferences. Patients
also get the benefit of simpler and more patient-centric consents, as opposed to the current system in which they
must sign provider-centric consents at each new provider location Processing of actual records remains manual.
Configuration B (fully automated, reasoner at record holder): Here R receives and automatically processes
formatted messages from requestors in their own health provider network. Requests are queries in standards known
8
9. to their EHR, and requestors are known. In this idealized case, either the scope is small (such as just an HL7 C32
message), or else all health records in their institution can be accessed via a single EHR interface. The patient’s
preferences are stored in one Internet-accessible place.
Configuration C (fully automated, distributed): The previous configuration is elaborated to have two reasoners, one
co-located with the Consent database (hosted once, and able to see rule terms that are too sensitive to send to some
record holders), and one located at the record holder to deal with the residual (and able to see sensitive referral
information that the record holder might not disclose to a remote reasoner). Our prototype implements this
configuration. To show use of existing standards, the record holder’s reasoner is implemented by translating first to
XACML, and then evaluating.
Results (Examination of Use Cases)
To illustrate how a consent management system provides our claimed benefits, we consider six use cases. For
generality, the descriptions allow a range of automation in terms of both the record holder’s capabilities and the
collection of ancillary knowledge.
1) A patient establishes his privacy preferences for the first time.
The patient connects to the consent service using a browser or smartphone app (e.g., at home, at the library, on a
mobile phone, or in a kiosk in the waiting room). Because the patient does not have an existing consent account, he
is given a new consent identifier. Next, he is walked through a series of wizards to establish his initial privacy
preferences. We envision wizards tailored to several common situations, for example, treatment by the PCP,
emergency treatment, and specifying with whom the patient has a treatment relationship. Extending the suggestions
from the IHE report discussed earlier [9], we hope that organizations will establish reasonable prepackaged options
for the patient to select from. The system can also express the current style of narrow consents—a rule can include
conjuncts that restrict its applicability to one record holder, one requestor, or one request although we would
discourage such usages.
Our examples below assume that the patient says “anyone referred by my PCP has a treatment relationship”, and
permits release of all information to their PCP, and all except mental health to any provider with whom they have a
treatment relationship. We also assume that some providers make it known that they normally process queries
against a store that excludes all data subject to special legal protections (e.g., originating at a federally funded
substance abuse center).
2) A specialist (Dr. Lee) was unable to obtain the patient’s health information. Via the consent system, she asks
the patient to “fix this”, to modify his existing preferences to allow her the necessary access. The patient is
willing, and does so.
The policy reasoner determines one or more plausible modifications to the patient’s current preferences, and the
consent service contacts the patient for selection and approval. For example, a future UI might determine that the
patient be shown three choices a) to declare a treatment relation with this specialist; b) to approve this single release,
or c) to create a new rule for Dr. Lee or for all specialists. Note that Dr. Lee did need not see the existing
preferences. Once the update is saved, it will apply to all subsequent requests.
3) After the change, and on subsequent visits, Dr. Lee asks for recent records about the patient.
a. Suppose the patient’s consent releases all health information to treating physicians.
b. Suppose the patient’s consent excludes data that is known to relate to mental health.
For case 3a, the consent system receives the request, determines that Lee is an MD, and has a treatment relationship
with the patient. It authorizes release and writes the request and the ancillary knowledge employed to the audit log.
With less automation, the record holder might know that Lee is a doctor, and obtain the remaining ancillary
information manually.
Now the consented request is processed. For the advanced record holder, the request is sent to their EHR and the
results assembled. In configuration A, a medical records person receives the request, manually forwards a message
to the consent system, and receives the preferences she is to enforce. She then formulates requests to the various
systems at her site (possibly including paper) and assembles a response. In either case, the result is then securely
transmitted to the recipient.
For case 3b, the consent system tells the record holder “release is approved except for information that the record
holder knows relate to mental health.” For each item to be released, the rule retrieves the record holder’s annotation.
9
10. (If mental health information is kept in a segregated data store, then items from all other stores is virtually annotated
as Absent). Any data, annotated as mental health Present will be redacted from the response, but data annotated
Absent or Unknown would be released. (A more restrictive patient might write a rule that also excludes
Unknown.)
4) The PCP refers the patient (who is not physically present) to a new provider, Dr. Jones. The record holder
seeks to send information to Dr. Jones before the patient’s visit. All providers are now authorized to send non-
mental health information to Dr. Jones.
The consent system first knowledge from a data aggregator or HMO (if that HMO is the record holder) to verify that
Ms. Jones is a healthcare provider and that the patient’s PCP has referred the patient to her. According to the
patient’s ruleset, referral creates a Treatment relationship. As in case 3a, once this information has been retrieved
(from a source the record holder trusts), the consent system simplifies to prune the ruleset. The remaining rules are
shown to the record holder. The record holder is then responsible for enforcing the remaining constraints. Note that
no further consents were required.
5) A provider with no documented treatment relationship requests the patient’s medication and allergy data, on an
emergency basis.
A nurse in Utah declares a medical emergency to override normal protections and enable her to retrieve a patient’s
medications and allergies from a California record holder. The notional California policy includes conditions for
trusting the claim that this is for a medical emergency, and then allows all Normally-sensitive information to be
released, but requires explicit auditing and that the patient be informed. Here, the notional condition is that the
requestor’s claim to be a doctor has been verified OR the request came from a known Emergency Department and a
check of the requestor’s claim to be a doctor or Nurse returned True or Unknown. (The second condition applies if
California’s software is unable to locate or access Utah credentials registries)
Emergency policies are rules, like any other. In the future, we will allow a motivated patient to impose limitations
that involve minimal medical risk, such as to limit the access for particular individuals or organizations (e.g., an
institution where an ex-spouse works).
6) A researcher wants to screen kidney patients to find ones suitable for a new clinical trial. Many patients have
consented to have their data screened by accredited researchers.
Many patients have stipulated (via a UI option) that they are willing to let their information be employed to match
them to clinical studies; some have even offered to share deidentified data without being contacted. To recruit, the
researcher first asks the consent service to search across all patients to find those who have consented to recruitment
for kidney research; this will include patients who consented to research in general. Second, the EHR performs
eligibility screening based on demographics, dates, diagnoses, and treating clinicians. The eligible candidates may
then be sent invitations to contact the researcher. For the most willing patients, the EHR may be sent a consented
request to send deidentified data directly to the researcher.
Today’s paper-based system offers no effective way for researchers and suitable willing subjects to find each other,
nationwide. Full automation is needed, because record holders have limited desire to process such requests,
especially from outside their institution. The search process need not reach every suitable patient—a small fraction
from a nationwide population may suffice (e.g., type 2 diabetes patients under age 60, taking certain drugs).
Statistical studies do not require the patient’s physical presence; once consent is established, they can be fully
automated and thus much cheaper. An alternative approach is to send queries to the sources
http://wiki.siframework.org/file/view/Distributed+Queries+-+Platt%2C+Elmore%2C+Brown+-+IOM+Digital+Data+Priorities+-
+2012-03-23.pptx. This approach it makes two problematic assumptions, that the local result can be insensitive
enough to export without consent, and that providers will be willing to accept queries coming from outside.
Discussion (Conclusions and Future Work)
We have described a path toward patient-centric consent management. Patients, record holders, and requestors all
benefit, and thus have incentives to participate. A key idea is that all of a patient’s rules (augmented by government
rules, as needed) are stored in one place, accessible to the patient (for updates) and to record holders (for evaluation
requests). Rule terms that reference data from the request or ancillary evidence are evaluated and the ruleset
simplified, so the record holder sees only what is relevant. Metadata is attached to the transmitted record, describing
the data’s topics and provenance, but not the applicable policies (which may change). This metadata can be used for
privacy and also for other applications (e.g., discovery, budget analysis by topic). Throughout, we employ
10
11. generalized capabilities (e.g., rule engines, reusable consents) to minimize complexity, for both software
implementers and patients.
Patients get a single location for expressing their consent preferences, so they do not need to separately notify every
record holder. They gain flexible user interfaces that go beyond provider legalese or HIPAA forms, making it easier
to review and modify their preferences. The UIs are available over the web anytime, anyplace there is Internet
access, not just at the provider’s check-in desk. Relevant federal or state regulations could be visible from the same
interface, allowing patients to see how their preferences interact with legal constraints. UIs can incorporate record
holder idioms, and vendors can compete for patient adoption. As a result of all this, patients get better care because
their providers can better share information.
Record holders will get a reduced consent-enforcement burden, as compared with manually processing requests with
the same patient preferences. They are freed from maintaining a stack of consent documents and can apply the
patient’s generalized preferences without contacting the patient again. They need not pass policies or obligations to
recipients – instead, the recipient can get the latest over the Internet, in machine processable form, not a fax. Logical
simplifications based on elements of the request remove rules and terms irrelevant to the current request.
Requestors benefit because they can seek information from multiple record holders without pair-wise consent
negotiation. By reusing existing generalized consents, they can get the data they need, without waiting for the
patient to sign a new document. The potential benefits are especially big for researchers and other secondary users of
EHRs. The consent system can even give requestors a preview of what it will send the record holder (if that preview
does not contain sensitive information), thus reducing unexpected rejections. Data may also be pushed rather than
pulled, or even be initiated by an untrusted third party. For example, a secretary could phone the home provider and
ask for additional information to be forwarded to a specialist with whom a treatment relationship already exists.
While recipient’s privileges dominate, policy can also give weight to assertions by a trusted requestor or record
holder.
Further research
Additional research is needed to establish a range of user interfaces and pre-written policies, based on a variety of
factors including device (such as paper, desktop computer, or smart phone), level of privacy concern, and degree of
computer sophistication. Patients also need help in understanding terminology (e.g., “mental health”) and to reason
about the impact of their preferences.
Rule languages and UIs need expansion to deal with uncertainty about assertions, e.g., for “doubtful” emergency
requests, or where a topic annotation comes back Unknown. It is unclear how best to mix declarative rule languages
(for inferring properties) with procedural and prioritized rule languages, for dealing with three valued logic, and
with conflicting actions (both Allow/Deny and actions in obligations).
The framework outlined above supports patient specification of privacy preferences. It must be expanded to mix in
rules from organizations plus federal and state governments. The challenge is to support multiple modes: weak
defaults that ordinary patient consent overrides (e.g., HIPAA’s “Deny unless for treatment, payment, or operations
(TPO)”); state requirements (some states say explicit consent is needed even for TPO), emergencies (which might
override topic restrictions), blacklists (e.g., to override emergency requests from an ex-spouse as recipient), and
unconditional mandates (“Release tuberculosis diagnoses to Public Health departments”). We are now designing
such a capability.
Derived information also needs protections. These would cover existence of data (from discovery services, e.g.,
“does ABC Rehab have data on this patient?), notices that data has been redacted, and consent policies themselves
(e.g., “Allow release of my ABC Rehab information to Dr. Freud”). Also, we are exploring how to enforce rules that
cannot be fully revealed to all record holders.
Government and provider policy initiatives can speed progress. Consent services should be certified, and then
providers might be allowed to rely on them, without fear of liability. Government should make its policies available
as machine readable rulesets, which are deemed authoritative. Policy should be developed about what directory
services may reveal. We also need to enable interoperability to allow patients to switch consent service vendors, and
to enable competition and innovation in individual components, such as UIs. Also, a technical facility cannot resolve
issues of data ownership and whether there is an affirmative obligation to share.
Finally, and perhaps most important, one could build a useful consent system today, whose main function was just
to place consents (in machine and human readable form) on record holders’ screens (e.g., for a physical therapist
practicing alone, with minimal software), and to automate the simplest cases (which are pleasantly common). Our
architecture consciously avoided depending on universal participation, employment of data standards, record holder
11
12. automation, or ancillary data completeness. Progress in these areas would permit greater automation, but in the near
term, all tasks can be processed partly manually, with incremental automation.
The system need not be perfect, just good enough to lure participation. Its architecture should be extremely flexible
and extensible, to accommodate changing laws, and stronger desires for patient privacy
Acknowledgements and Conflicts: This work was funded by MITRE’s internal Innovation Program. The software
has been released as open source, and MITRE does not sell either the software (which has been open sourced) or
support. We have no personal financial interests.
References
[1 Gold1] Goldstein, M.M., and Rein, A.L. Consumer Consent Options for Electronic Health Information Exchange:
Policy Considerations and Analysis. [93 pp.]
http://healthit.hhs.gov/portal/server.pt/gateway/PTARGS_0_11673_950145_0_0_18/gwu-data-segmentation-
final.pdf Archived at http://www.webcitation.org/674s808vs
[2 Mark1] Markle Foundation. Americans Overwhelmingly Believe Electronic Personal Health Records Could
Improve Their Health. [Internet] [2008 June 1] http://www.connectingforhealth.org/resources/ResearchBrief-
200806.pdf. Archived at http://www.webcitation.org/674ThDPA0 .
[3 Blum1] Blumenthal, D. Stimulating the Adoption of Health Information Technology. N Engl J Med. 2009: (360):
1477-1479. PMID: 19321856
[4 Mark2] Markle Foundation. Connecting for Health Common Framework, Policy Notice to Consumers Appendix
A. [Internet] [2008 June http://www.markle.org/health/markle-common-framework/connecting-consumers/cp2,
archived at http://www.webcitation.org/674ThDPAQ.
[5 MARK3] Markle Foundation “Linking Health Care Information: Proposed Methods for Improving Care and
Protecting Privacy”, Working Group on Accurately Linking Information for Health Care Quality and Safety,
February 2005. http://www.markle.org/publications/863-linking-health-care-information-proposed-methods-
improving-care-and-protecting-priv, archived at http://www.webcitation.org/674s808w6
[6 HITSP1] HITSP/ISO3. HITSP Consumer Empowerment and Access to Clinical Information via Networks
Interoperability Specification, Version 4.0. [2008 December 18] [cited 2011 April 4] [122 pp.]
http://www.hitsp.org/Handlers/HitspFileServer.aspx?FileGuid=195bf7df-b290-49e4-b47d-29834d32f317 archived at
http://www.webcitation.org/674vaPj5r
[7 ONC1] Consumer Preferences Draft Requirements Document. [2009 October 5] [cited 2011 April 4] [42pp.]
Sponsored by U.S. Department of Health and Human Services Office of the National Coordinator for Health
Information Technology.
http://healthit.hhs.gov/portal/server.pt/gateway/PTARGS_0_10779_891071_0_0_18/20091005_Consumer
%20Preferences_Draft_Requirements_Document.pdf archived at http://www.webcitation.org/674wEY0uo
[8 Moehrke1] Moehrke, J. Consumer Privacy using HITSP TP30. [2010 October 20]
http://healthcaresecprivacy.blogspot.com/2010/10/consent-management-using-hitsp-tp30.html archived at
http://www.webcitation.org/674ss2lsZ
[9 IHE1] Integrating the Healthcare Environment (IHE). Basic Patient Privacy Consents. [Internet] [cited 2011 April
4] [about 6 pp.] http://wiki.ihe.net/index.php?title=Basic_Patient_Privacy_Consents. Archived at
http://www.webcitation.org/674ThDPAZ
[10 GSK1] N. Genes, J. Shapiro, G. Kuperman “Health Information Exchange Consent Policy Influences
Emergency Department Patient Data Accessibility”, Proceedings of AMIA Symposium, 2010
[11 HIPAA1] Public Law: Health Insurance Portability and Accountability Act of 1996 (HIPAA), Pub. L. 104-191
(August 21, 1996).
[12 Priv1] Public Law: Privacy Act of 1974, Pub. L. 93-579 (December 31, 1974).
[13 ONC2] ONC Privacy and Security Tiger Team. Consumer Choice Technology Hearing, June 29, 2010. [cited
2011 April 6], Available from:
http://healthit.hhs.gov/portal/server.pt/gateway/PTARGS_0_11673_945904_0_0_18/Consumer-Choice-Technology-
Hearing-062910.txt archived at http://www.webcitation.org/674v3zqAb
[14 Inter1] Michael LaRocca, Intersystems Corporation Written Public Testimony, Consumer Choice Technology
Hearing, June 29, 2010, p. 3
12
13. http://healthit.hhs.gov/portal/server.pt/gateway/PTARGS_0_11673_945904_0_0_18/Consumer-Choice-Technology-Hearing-
062910.txt archived at http://www.webcitation.org/674v3zqAb
[15 Hal1] Halamka, J. Solving Secure Transport.: http://geekdoctor.blogspot.com/2010/01/solving-secure-
transport.html, archived at http://www.webcitation.org/674ThDPAi
[16 PCAST1] President’s Council of Advisors on Science And Technology, “Report to the president: Realizing the
full potential of health information technology to improve healthcare for Americans: The path forward.”, December
2010, p. 46 http://www.scribd.com/doc/44944668/Report-to-the-President-Realizing-the-Full-Potential-of-Health-
Information-Technology-to-Improve-Healthcare-for-Americans-The-Path-Forward
Archived at http://www.webcitation.org/674uBy6rQ
13
14. This was a software effort. There were no human or animal experiments requiring formal trial approval.
There are no conflicts of interest.
The work has not been published; an earlier version is posted on our project pages on the Internet..
14