Post on 20-Dec-2015
transcript
The Patient as Steward of Healthcare Data
Managing Consent Preferences
John D. Halamka MD
Louis Sullivan Lecture
Privacy is the Final Frontier
How do we record patient preferences about information sharing?
How do we transfer consent preferences among payers, providers, labs, pharmacies, personal health record vendors and other stakeholders?
How do we manage continually changing privacy preferences, situations and use cases?
1998 – Payer/Provider data exchange
Health Insurance Portability and Accountability Act (HIPAA)
2004 – Provider/Provider data exchange
Regional Health Information network Organizations (RHInOs)
2008 – The Patient as Data Steward
Consent Assertion Markup Language (CAML)
How it might work?
A Consent Wizard, available as an open source web application, codifies all the consent options inventoried by HISPC
The output of the Consent Wizard is a transportable XML representation of patient preferences that can be hosted by a payer, a PHR, or a RHIO and used to guide all information exchange
Flavors of Consent
Opt-Out = data is exchanged by default unless restricted by the patient
Opt-In = data is not exchanged by default until the patient consents
Quilted = a subset of data is exchanged with patient consent based on institution, data user, data producer, and situation
Scope of Consent
Institution– Opt Out = I do not wish the information at this
institution to be shared– Opt In = I agree to share all information from
this institution– Quilted = I agree to share my medications and
labs but not my problem list and notes from this institution
Scope of Consent
Data User– Opt Out = I do not want to participate in this
research study– Opt In = I want my data used by all
stakeholders with audit protections, to optimize my health
– Quilted = I want all my data shared with emergency providers, primary care physicians, payers and public health agencies, but not with pharmaceutical firms
Scope of Consent
Data Producer– Opt Out = I do not want my laboratory records
shared– Opt In = I want my data from labs, pharmacies
and payers shared with providers– Quilted = I want my pharmacy records shared
except medications used for mental health, HIV, and substance abuse treatment
Scope of consent
Situation– Opt Out = I do not want my data shared for
simple office visits with one-time providers i.e. out of town visit to an urgent care for a small laceration repair
– Opt In = I want my data shared for all care situations
– Quilted = I want my data shared for all emergency visits but not for routine care
How it might appear
<consent> <scope="Institution"> <code code="311570" displayName="Beth Israel Deaconess Medical
Center"/> <statusCode code="opt-in"/> <time value=’20041001132534-0500’/> </scope> <scope="DataUser"> <code code =“12345678" displayName="Harvard Clinical Research
Institute" /> <statusCode code="opt-out"/><time value=’20060923153527-0500’/> </scope></consent>
How it might appear
<consent> <scope="DataProducer"> <code code="987654321" displayName="Walgreens Pharmacy"/> <statusCode code="quilted"/> <time value=’20051103161524-0500’/> <exclusion code="34343434" displayName="Mental Health"/></scope> <scope="Situation"> <code code =“111111" displayName="Emergency Department Care" /> <statusCode code="opt-in"/><time value=’20060201113715-0500’/> </scope></consent>
What this means
I opt-in to share all my data from Beth Israel Deaconess Medical Center
I opt-out of participating in a clinical trial at Harvard Clinical Research Institute
I opt-in to sharing my Walgreens prescription data except mental health medications
I opt-in to sharing all data (including mental health medications) for emergency care
The devil is in the details
The Consent Wizard would need to enforce integrity of consent options to avoid conflicting preferences i.e. patients cannot both opt-out and opt-in for data sharing with the same data user and situation
A hierarchy must be created to ensure consistent interpretation of complex consent such as
situation > institution > data user > data producer i.e. an opt-in for emergency department data sharing overrides data producer opt-outs
How could this be implemented?
A Payer implements a patient portal which hosts the Consent Wizard and authenticates the patient. When a provider does a 270/271 transaction, the CAML data is returned with the 271 response or is available as a 275 claims attachment
How could this be implemented?
A Personal Health Record vendor provides the Consent Wizard to patients but does not need to verifiably authenticate the patient. When the patient 'authenticates' with the provider during the care registration process, the patient provides the PHR vendor name and account information needed to access their CAML data
How could this be implemented?
A RHIO, on behalf of the community, hosts the Consent Wizard and provides access to the CAML records of the community
Next steps
Consideration by the AHIC Security and Privacy Working Group
If AHIC proposes a use case, then SDOs would need to work on CAML or adapt XACML (existing standard for access control) to support CAML principles
Pilot projects for Consent Wizard development