September 3, 2013 CBCC Conference Call
Community-Based Collaborative Care Working Group Meeting
- Yes - Aadli Abdul-Kareem
- Michael Alonso
- Matthew Arnheiter
- Yes - Wende Baker
- Bill Braithwaite, MD
- Daniel Crough
- Yes - Steve Eichner
- Suzanne Gonzales-Webb CBCC Co-chair
- Yes - Brian Handpicker
- Yes - Adrianne James
- Jim Kretz
- Yes - Mary Ann Juurlink
- Yes - Michael Lardiere
- Tracy Leeper
- Yes - Tom Lipcsey
- AJ Peterson
- Yes - Diana Proud-Madruga
- Yes - Ken Salyards
- Yes - Ioana Singureanu
- Yes - Richard Thoreson CBCC Co-chair
- Yes - Serafina Versaggi
- Yes - Kate Wetherby
- Tony Weida
- (05 min) Roll Call, Approve Minutes & Accept Agenda
- (15 min) Item1: LOINC and SNOMED-CT Privacy Protection value sets - Aadli Abdul-Kareem (Prince Georges County)
- (15 min) Item2: Agenda for Sept HL7 WGM
- (15 min) Item3: Trusted Value Sets for Privacy Protection Framework - Richard Thoreson
- (5 min) Other Business
Item1: LOINC and SNOMED-CT Privacy Protection value sets - Aadli Abdul-Kareem (Prince Georges County)
Aadli Abdul-Kareem shared background information on the process used to generate a list of LOINC codes and SNOMED-CT data that need to be locked down with an extra layer of security to protect it against unauthorized disclosure.
Aadli talked about the public health exchange being deployed in Maryland where the health dept has deployed an Electronic medical record (EMR). They want to be able to use this to communicate with a lot of the agencies that they do business with. It didn’t seem possible to replace the current applications in use by these different agencies since the MD Smart system was already widely dispersed and the MD Smart system also fulfilled a different role from that of the MIE Web Charts or the clinical system. Instead, they decided to implement a data exchange so that the EMR/HIS MIE Web system could continue to do the diagnose, treat, order labs, etc things that it’s supposed to do and the MD SMART Mental Health system could interface with it as needed while still focusing on the assessments that it's designed to do.
Deployment method: A patient is presented across the community. We need to id them and figure out what info to collect and then give access to that data. Smart relies on consent driven transactions and there is this information we can’t access so we have to figure out how we are going to control this process. What data can we share, types of transactions can we run and how are we going to run them? To match patient across the community we use specific demographic data. Then ID what data each system can share, what data can we absolutely not touch that needs to be protected with an extra layer of security. We then identified the LOINC codes and SNOMED data that would have to be blocked at the MIE Health Dept information system level. This is how they produced the data sets. This data should be completely blocked unless the patient has given consent for disclosure. Consent has expiration dates.
With consent at the point of care, the information can be shared.
Subsequent conversation revolved around issues involved in implementing this across multiple and diverse systems. One idea is to group the data into larger groups and then over time the data can become more granular.
Richard mentioned that what SAMHSA is working on is a system that can handle this type of data and consent issues that would sit on top of other systems.
Item2: Agenda for Sept HL7 WGM
Discussed the joint CBCC/Security portions of the HL7 WGM Agenda. Agreed to meet with Security on Tuesday, Q2 for the DS4P ballot reconciliation.
Item3: Trusted Value Sets for Privacy Protection Framework - Richard Thoreson
Richard reviewed his Trusted Value Sets for Privacy Protection Framework document. This paper lays out reasons for needing value sets that can be used for incremental implementation of consent to share. It would be good to have an agreed upon workflow that will lead to a reusable group of value sets that people can use in other systems. The key part of our values added is having this process that is very concrete and easy to understand that can be shared.
Richard proceeded to step through the document.
Ioana described what we might show people regarding the privacy annotation process using metadata to identify restricted data and cannot be re-disclosed without consent. This metadata could track provenance and intended recipient of documents and record that those documents can't be re-disclosed without consent.
This is leveraging the HCS schema from the Security WG and includes concrete examples of how HIEs may apply the information provided by the annotations.
Other Business: None discussed.