HIT Standards Committee Mtg: Consumer Permissions, Consent Mgmt- March 24, 2010

Posted on by

HIT Standards Committee–Consumer Permissions, Consent Management
March 24, 2010
9:00 a.m. to 2:15 p.m. [Eastern Time]
Below agenda, key points are excerpted from Privacy and Security Workgroup about consumer permissions and consent management, including schedule for educational sessions.

A G E N D A (pdf)
Washington, DC

9:00 a.m. CALL TO ORDER – Judy Sparrow
Office of the National Coordinator for Health Information Technology
9:05 a.m. Opening Remarks – David Blumenthal, MD, MPP
National Coordinator for Health Information Technology
9:15 a.m. Review of the Agenda – John Halamka, Vice Chair
9:20 a.m. Priority Setting & Synchronization with the HIT Policy Committee
John Halamka, Vice Chair
9:45 a.m. Implementation Workgroup Report on Implementation Starter Kit Hearing
Aneesh Chopra, Chair
Liz Johnson, Workgroup member
Cris Ross, Workgroup member
10:30 a.m. NHIN Direct Interoperability Framework
Doug Fridsma, Office of the National Coordinator
11:15 a.m. Clinical Operations Workgroup/Vocabulary Task Force Update
Jamie Ferguson, Chair
11:45 a.m. Clinical Quality Workgroup Update
Janet Corrigan, Chair
Floyd Eisenberg, Workgroup member
12:15 p.m. LUNCH
1:00 p.m. Privacy & Security Workgroup Update (PPT)
Dixie Baker, Chair
Steve Findlay, Co-Chair
1:30 p.m. Report on Certification NPRM (PPT)
Carol Bean, Office of the National Coordinator
Steven Posnack, Office of the National Coordinator
2:00 p.m. Public Comment
2:15 p.m. Adjourn

To Participate
Webconference
Audio:
You may listen in via computer or telephone.
US toll free:   1-877-705-6006
International Direct:  1-201-689-8557
Confirmation Code: HIT Committee Meeting  

Key Notes Excerpted from
Privacy and Security Workgroup Slides
Focus on Consumer Permissions, Consent Mgmt
PPT Slides
Progress
–Updated IFR Review to incorporate comments from the HIT Standards Committee – submitted to HITSC Chairs
–Supporting HIT Policy Committee’s Privacy and Security Policy Workgroup, and aligning our standards efforts to their priorities
          Consent management
          Review of existing security policy inherent in HIPAA Security Rule
–Launching educational sessions on standards activities around consent management

Consumer Health Permissions
–Privacy Consent (or Consent Directive) – Consumer’s written or verbal permission to collect, use, and/or disclose individually identifiable health information (IIHI)
–Privacy Authorization – A signed, written document that contains all of the elements required by the HIPAA Privacy Rule and that gives a covered entity permission to use or disclose specified IIHI for specified purposes
–Informed Consent – Consumer’s written permission to perform a specific medical procedure, or to participate in a specific research study or clinical trial, that is given only after the consumer has been fully informed of the purposes, risks, benefits, confidentiality protections, and other relevant aspects of the activity

Consent Management Today
–Consumer permissions captured as manual signature on paper form
–Paper forms filed in each organization who holds consumer’s private health information

Consent Management Tomorrow
–Consent/Authorization: Consumer digitally signs consent or authorization
–Permissions and updates captured as part of health record
–Permissions interpretable by humans & computers
–Permissions cross-validated & translated into consent rules enforced by security access control mechanisms
–Rules inexorably tied to information exchanged – updates propagated to all data instances throughout life cycle

Standards Needed
–Digital signatures
–•Privacy policies •Data model & schema •Permission syntax & vocabulary
–•Cross-validation of consumer permissions •Maintaining and retrieving permissions •Translating permissions into access-control rules •Enforcement and auditing of permission-related activities
–•Exchanging permissions & access rules •Propagating permission revocations & modifications

Educational Sessions Re: Standardization Efforts Relating to Consent Management
April 1, 2:00-4:00pm ET:  Organization for the Advancement of Structured Information Standards (OASIS) / International Security Trust and Privacy Alliance (ISTPA) Privacy Management Reference Model (PMRM); Speakers – John Sabo, Michael Willett
April 23, 2:00-4:00pm ET:  Integrating the Healthcare Enterprise (IHE) Basic Patient Privacy Consents (BPPC) Profile; Speaker – John Moehrke
•[Schedule TBD]:  Health Level 7 (HL7) Version 3 Domain Analysis Model: Medical Records; Composite Privacy Consent Directive – Speaker (TBD)
[Schedule TBD]:  OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) and eXtensible Access Control Markup Language (XACML) – Speaker (TBD)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Spam Protection by WP-SpamFree