CASCON 2009 - Talk on Interoperability
Download as PPTX, PDF0 likes260 views
The document outlines the objectives of reviewing policy constraints related to electronic health records (EHR) systems, focusing on personal health information, consent management, and relevant legislative frameworks in Canada. Key sources of policy include statutes, case law, and professional guidelines, with an emphasis on the importance of privacy legislation and fair information practices. It highlights challenges in managing consent directives across jurisdictions and the need for interoperable systems to ensure compliance and protect patient information.
CASCON 2009 - Talk on Interoperability
- 1. James Williams – Ontario Telemedicine Network
- 2. Objectives: 1. Review policy constraints for EHR systems. 2. Traditional approaches to policies in EHRs. 3. CHI consent management architecture. 4. Current research.
- 3. Focus: Policies pertaining to personal health information. Policies may touch upon: Consent directives. Acceptable uses. Permissible disclosure. Appropriate safeguards. Emergency overrides. Retention.
- 4. Sources of Policy: 1. Statutes and regulations 2. Case law 3. Codes of conduct 4. Corporate bylaws 5. Professional guidelines / best practices 6. First Nations Sovereignty
- 5. Statutes: Privacy The most important legislative instruments are the various privacy and health information statutes. Privacy legislation in Canada is based on a set of fair information practices: 1) Accountability 6) Accuracy 2) Identifying purposes 7) Safeguards 3) Consent 8) Openness 4) Limiting collection 9) Individual access 5) Limiting use, disclosure, retention. 10) Challenging compliance
- 6. Statutes: Establish a basic rule, and then add exceptions. For example, express consent is generally required in order to disclose information to a third party. But: Emergency situations. Law enforcement. Public health. Eligibility for benefits. Risk to third party.
- 7. Statutes: Private sector privacy laws
- 8. Statutes: Health information laws
- 9. Statutes: additional laws Federal: Statistics Act. Quarantine Act. Provincial: Child Protection Act. Communicable Disease Act. Health Act. Worker’s Compensation Act. Mental Health Act.
- 10. Other sources Case Law: Eg: Patient has right of access to their own health record. (McInerney v MacDonald). Codes of Conduct: Eg: Canadian Medical Association, Health Information Privacy Code (1998). Corporate bylaws: Hospital policies and procedures. Municipal Information Acts. Best Practices COACH Guidelines for the Protection of Health Information.
- 11. Sources: OCAP Ownership: information is owned collectively by the Nation. Control: the Nation retains control over all aspects of information management. Access: the Nation has a right to manage and make decisions regarding access to their collective information. Possession: a mechanism to assert ownership.
- 14. Some Issues: Custodians disclosing PHI are generally under a duty to ensure that the receiving jurisdiction has ‘comparable safeguards’. Patients may issue consent directives. Ontario imposes a ‘duty to notify’ receiving custodians about these. Patients should be able to avail themselves of additional protections in the new jurisdiction. Who now has control of the information? Consent directives are also sensitive.
- 15. More issues: Even if we have a way to solve these issues, one of the major problems is that laws (etc) are dynamic.
- 16. Challenge: How do we manage policies in a multi-EHR setting? Traditional route has been to either purchase COTS products, or to develop systems for a particular jurisdiction. (Hard coded business rules).
- 17. CHI’s Consent Directives Management System Applies constraints prior to providing access or transmitting PHI. Allows consent directives at various levels of granularity. Relies on common privacy vocabulary to apply consent requirements. Can store with EHRi data, or in consolidated form.
- 18. Processing Consent Directives in a Jurisdiction 1. Transfer consent directives from clinical applications to the EHR. 2. Let either the EHR or (sending clinical application) process consent directives prior to disclosing a patient’s PHI. 3. Transfer consent directives from EHR to clinical applications whenever PHI is disclosed from the EHR. Want to avoid having too many consent directives management systems.
- 19. Interjurisdictional Transfer Consent directives will be processed whether an access request is received from a POS system, or clinical portal, or from an EHR in another jurisdiction. Jurisdictions need to agree upon and set policies as to how consent directives made in one jurisdiction will be managed following disclosure to another. A nationally adopted messaging schema is required for conveying consent directives between jurisdictions.
- 20. Interjurisdictional Transfer (2) Several goals must be achieved before policy enforcement can be automated by a policy management service: Jurisdictional policies must be harmonized. Rules must be captured and codified. Special support for changes to rules. Common vocabultary. Data containing consent directives may flow from one jurisdiction to another, but policy related data does not.
- 21. Can we do better? The inter-jurisdictional data transfer problem is complex. Can we bring some technical tools to bear on the problem? Representing policy rules. Operationalizing the representations. Storing and securing the representations. Managing the representations through their lifecycle. Verification and validation.
- 22. Current work: There has been quite a bit of work on representing policies and regulations. L.Cranor, M. Langehreich, M. Marchiori, J. Reagle, The Platform for Privacy Preferences (P3P 1.0) Specification. R. Agrawal, J. Kiernan, R. Srikant, Y. Xu, An Xpath based preference language for P3P. N. Li, T. Yu, A.I. Anton, A semantics based approach to privacy languages. (2006)
- 23. Current Work P. Ashley, S. Hada, G. Karjoth, C. Powers, M. Schunter, Enterprise Privacy Authorization Language (EPAL 1.1). A. Barth, J.C. Mitchell, J. Rosenstein, Conflict and combination in privacy policy languages (2004). (DPAL) eXtensible Access Control Markup Language. (XACML)
- 24. Current Work The above frameworks provide a formalism to specify data protection policy. They provide methods for evaluating and enforcing policies. Drawback: they are built to manage policies within single organizations. (Guarda, Zannone, Toward the Development of Privacy Aware Systems, 2008)
- 25. Current Work Recent efforts: Extend XACML with algorithms addressing issue of policy similarities and integration across organizations. (Mazzoleni et al, XACML policy integration algorithms, 2008). Distributed temporal logic. (Hilty et al, On obligations, 2005). Privacy in Peer to Peer Networks. Automated policy enforcement. (Weber, Obry).
Editor's Notes
- #6: Accountability. Organizations are accountable for the protection of personal information under their control. Identifying purposes. The purposes for which the personal information is being collected must be identified during or prior to the collection. Consent. Information must be collected with the knowledge and consent of the individual and for a reasonable purpose. Limiting collection. The collection of personal information is to be limited to what is necessary for the identified purposes and be collected by fair and lawful means. Limiting use, disclosure and retention. Information can only be used and disclosed for the purpose for which it is collected and be retained only as long as it is necessary to fulfil the purpose. Accuracy. Information must be as accurate, complete and up-to-date as possible. Safeguards. Information must be protected by adequate safeguards. Openness. Information about an organization’s privacy policies and practices is to be readily available. Individual access. Information must be accessible for review and correction by the individual whose personal information it is. Challenging compliance. Organizations are to provide means to an individual to challenge an organization’s compliance with the above principles.
- #10: Child protection acts: requirement to disclose potential abuse. Health Act may contain a duty to warn.