enforceable specification of privacy
DESCRIPTION
TRANSCRIPT
![Page 1: Enforceable Specification of Privacy](https://reader033.vdocuments.mx/reader033/viewer/2022042623/54c7bed44a795931208b466b/html5/thumbnails/1.jpg)
Enforceable Specification of Privacy
Peter MorkJean Stanford
CEM IR&D
![Page 2: Enforceable Specification of Privacy](https://reader033.vdocuments.mx/reader033/viewer/2022042623/54c7bed44a795931208b466b/html5/thumbnails/2.jpg)
© 2011 The MITRE Corporation. All rights reserved
Problem
Growing need for Health Information Exchange
– Continuity of care
– Decreased costs
– Public health reporting
– Facilitate clinical research
Health Information Exchange requires patient consent:
– Paper-based
– One form per transaction
– Non-transferrable
– Signed with limited time to think
![Page 3: Enforceable Specification of Privacy](https://reader033.vdocuments.mx/reader033/viewer/2022042623/54c7bed44a795931208b466b/html5/thumbnails/3.jpg)
© 2011 The MITRE Corporation. All rights reserved
Background
Paper consent forms prevent seamless health information exchange
VA
DoD
![Page 4: Enforceable Specification of Privacy](https://reader033.vdocuments.mx/reader033/viewer/2022042623/54c7bed44a795931208b466b/html5/thumbnails/4.jpg)
© 2011 The MITRE Corporation. All rights reserved
Objective
Support Meaningful & Granular Patient Consent
Globally Accessible by:
– Patients and
– Record Holders
Platform Adaptable
Modular Design adapts to:
– Technology Changes
– Legal Changes
![Page 5: Enforceable Specification of Privacy](https://reader033.vdocuments.mx/reader033/viewer/2022042623/54c7bed44a795931208b466b/html5/thumbnails/5.jpg)
© 2011 The MITRE Corporation. All rights reserved
Activities
Developed rules language for consent:
– Basic constructs = purpose, topics, datatypes, time, etc.
– Two forms of negation
– Terminological hierarchies
– Reusable knowledge components
Policy reasoner:
– Input = Patient preferences + request
– Output = Minimized rule tree
Policy enforcement:
– Conversion to XACML
– Prototype of EHR with XACML engine
![Page 6: Enforceable Specification of Privacy](https://reader033.vdocuments.mx/reader033/viewer/2022042623/54c7bed44a795931208b466b/html5/thumbnails/6.jpg)
© 2011 The MITRE Corporation. All rights reserved
Highlight
Request Server (e.g., hData)
Record Holder Server
EHR
Browser
Consent Server
Consent DB
Policy Reasoner
Policy Enforcer
![Page 7: Enforceable Specification of Privacy](https://reader033.vdocuments.mx/reader033/viewer/2022042623/54c7bed44a795931208b466b/html5/thumbnails/7.jpg)
© 2011 The MITRE Corporation. All rights reserved
Demonstration
Allow
Direct Care Providers
X = Primary Care Provider
Referral fromX to
RecipientPurpose =Treatment
Allowed Categories
Medications
Allergies¬ Mental Health
Purpose =Treatment
Dr. Blass
Research
Purpose =Research
Anonymized
¬ Imagery
¬ Mental Health
Purpose =Emergency
¬ Mental Health
Dr. Walsh:Purpose = Treatment
(Medications or Allergies) and not Mental Health
![Page 8: Enforceable Specification of Privacy](https://reader033.vdocuments.mx/reader033/viewer/2022042623/54c7bed44a795931208b466b/html5/thumbnails/8.jpg)
© 2011 The MITRE Corporation. All rights reserved
Impacts
Sponsor Engagements:
– Office of the National Coordinator
– Substance Abuse and Mental Health Services Administration
– Department of Veteran’s Affairs
Other Engagements:
– Healthcare Information and Management Systems Society
– GE Healthcare
– United Health
Open Source:
– https://sourceforge.net/projects/kaironconsents/
![Page 9: Enforceable Specification of Privacy](https://reader033.vdocuments.mx/reader033/viewer/2022042623/54c7bed44a795931208b466b/html5/thumbnails/9.jpg)
© 2011 The MITRE Corporation. All rights reserved
Future Plans
Policy MaturityAccepted Practices Inchoate
Tech
nica
l Co
mpl
exi
tyLo
wH
igh
Preemptory Access
Patient Review & Approve
Integrate with State Mandates
Intelligent Redaction
Credential Matching
Eliciting Patient Preferences
Automated Enforcement
Implemented
Grand Challenges
Under Development
Integrate Care Relationships
Audit