Community-Based Collaborative Care Working Group

• Back to September 2009 WGM

Attendees

1. Steven Connolly
2. Suzanne Gonzales-Webb
3. Andrew Howard
4. Ray Krasinski
5. Nancy LeRoy
6. Patrick Pyette
7. Gordan Raup
8. Harry Rhodes
9. Richard Thoreson Co-Chair
10. Serafina Versaggi Scribe
11. Max Walker Co-Chair

Updates

V2 ballot for v2.7

• Patient Care and Referral complete

Composite Privacy DAM Discussion - international differences

• Much of the CBCC committee's work in terms of Consent Directives messaging, had it’s start in the Canadian effort
• The ONC is taking Privacy very seriously and has started a new processes called the Consumer Preferences requirements document
• HITSP, NHIN and ONC are collaborating on “national” Privacy technology policy to be formulated within the next 4-5 months
• CBCC working closely with Security Work Group. Privacy has to be enforced through the Access Control Service; all working through XACML (HITSP accepted standard)
• HL7 looking for a standard that is a more generic version of XML, a V3 message that will carry Privacy Consent Directives.
  • The CBCC is migrating from a V3 Message to CDA document since the CDA Architecture is being done in terms of an XDS repository
  • CDA can transmit the representation of a document that contains a Wet signature
  • CBCC will re-use the V3 messaging analysis for the CDA Implementation Guide in an attempt to enable the computable exchange of policies anywhere via a CDA document
    • Three levels of Privacy Policy which need to be negotiated:
      • Jurisdiction – in US - multiple states jurisdiction
      • Provider/organization
      • Patient/client
• The difficulty presented by the need to address different Privacy policies across US states’ jurisdictions is also an issue for Australia
• Canada – no thought about harmonizing legislation. Provinces call the shots. Federal Privacy legislation exists but the Provinces create equivalent legislation and that trumps federal legislation
• Identity Management
  • In Australia, as of July 2010, there will be a single, unique patient identifier. To handle sensitive information there’s the concept of a pseudonym that allows patients to create their own identifier whenever time they grant access to provider to their sensitive information. Patients can therefore have multiple identifiers which are managed solely by the patient (they can chose to merge these identifiers or not)
    • Australia is also setting up a national directory of providers – a national registration and accreditation scheme that goes with them for life. Each provider has a smart card containing a digital certificate which can be used as an Access Control mechanism for any message – which pieces of information a provider may look at.
    • There is also audit control that reveals what information has been accessed by whom. So a consumer could see through a consumer portal who has accessed their records. No standards have been defined as to how we’re going to do this however.
  • From the US perspective, in addition to the political issues around issuing a single, unique person/patient identifier, from the Health Information Management point of view, are concerns around administration of unique patient identifiers. How much it would cost to keep the data clean? How do you issue identifiers on-the-fly?

Meeting adjourned at 3:00 PM EST, no significant decisions or motions made

Back to CBCC Main Page

[Top]