Difference between revisions of "November 23, 2010 CBCC Conference Call"
Finaversaggi (talk | contribs) |
|||
(31 intermediate revisions by 2 users not shown) | |||
Line 4: | Line 4: | ||
==Attendees== | ==Attendees== | ||
+ | * [mailto:jfarmer@apelon.com Jon Farmer] | ||
+ | * [mailto:gonzaleswebs@saic.com Suzanne Gonzales-Webb] CBCC Co-chair | ||
+ | * [mailto:maryann@majassociates.com Mary Ann Juurlink] Scribe | ||
+ | * [mailto:Jim.Kretz@samhsa.hhs.gov Jim Kretz] | ||
+ | * [mailto:ioana@eversolve.com Ioana Singureanu] | ||
+ | * [mailto:richard.thoreson@samhsa.hhs.gov Richard Thoreson] '''CBCC Co-chair''' | ||
+ | * [mailto:serafina@eversolve.com Serafina Versaggi] | ||
+ | * [mailto:weida@apelon.com Tony Weida] | ||
==Agenda== | ==Agenda== | ||
Line 14: | Line 22: | ||
*'''Complete''' - Walter Suarez shared the [http://www.ncvhs.hhs.gov/101110lt.pdf '''NCVHS Letter of Recommendations Regarding Sensitive Health Information'''] mentioned when the concept of "data segmentation" was first raised in the context of the SHIPPS project during the Nov. 2nd CBCC WG Meeting. | *'''Complete''' - Walter Suarez shared the [http://www.ncvhs.hhs.gov/101110lt.pdf '''NCVHS Letter of Recommendations Regarding Sensitive Health Information'''] mentioned when the concept of "data segmentation" was first raised in the context of the SHIPPS project during the Nov. 2nd CBCC WG Meeting. | ||
**In this letter, recently posted on the HHS website, NCVHS defines the categories of sensitive health information recommended for use by HHS as a basis for research, technical development, pilot testing, and potential future demonstration projects | **In this letter, recently posted on the HHS website, NCVHS defines the categories of sensitive health information recommended for use by HHS as a basis for research, technical development, pilot testing, and potential future demonstration projects | ||
+ | |||
+ | *Serafina to circulate CBCC scope statement to selected HL7 WGs to gauge level of interest and to solicit participation in the SHIPPS project. Approach: | ||
+ | **Circulate to WG s (Security, PHER, SD, EHR) and to Dr. Floyd Eisenberg (NQF) and Walter Suarez (KP/NCVHS) | ||
+ | **Comments to CBCC list welcomed | ||
+ | **Continue discussion next week | ||
===2. Resolution=== | ===2. Resolution=== | ||
+ | November 16, 2010 minutes approved | ||
+ | |||
+ | Motion: CBCC approves to circulate the scope statement to other potential interested parties. | ||
+ | Vote: 7/0/0 | ||
===3. Updates/Discussion=== | ===3. Updates/Discussion=== | ||
+ | In discussing the intersection between privacy, performance and the SHIPPs project '''we are looking at the way clinical and other related data are captured in the electronic record'''. Other related support data includes e.g. privacy data, monitoring treatment process data, and all public health and safety issues data. As much as possible we need to have reusability of the information that is in the record. These support areas have separate reporting activities that require effort not normally part of the clinical service delivery. This means time savings, cost savings and quality of information need to be looked at, for example; any time we have a separate reporting process from the clinical process there is a chance the meaning of the data will be distorted. | ||
+ | |||
+ | == 4.a. Project Scope == | ||
+ | '''Performance issues''' include quality of care for public health reporting and safety. They also involve cost containment issues e.g., the value of services delivered and/or problems of the underserved. Concerning clinical decision support you have to have the right information in the record so the automated reports work properly. We need to be able to make use of the information e.g. case managers being able to do their job. We need to be able to do waste monitoring and abuse monitoring. | ||
+ | |||
+ | The term ‘'''identify metadata and data quality’ – it’s not additional meta-data''', it’s the quality of data stored in the electronic record itself that makes it possible to measure outcomes. If you don’t encode diagnosis, if you are using free text for diagnosis – the data is there but not at the right level of quality and encoding. One thing we were considering is to define the levels of quality data e.g. a '''Maturity Model'''. | ||
+ | |||
+ | * Narrative unstructured data to structured data. If you are using narrative unstructured data there is only so much quality measurement you can derive automatically. | ||
+ | *If you are using structured data with local codes then you have to support some sort of mapping and additional processing before the data can be used to automate real time quality measures | ||
+ | If you encode data using standards and standard-based terminologies, you can automate real time quality measurements | ||
+ | So this project doesn’t intend to define additional metadata, we want to define that the data itself is at a certain level of quality in terms of structure and encoding | ||
+ | *This includes structure and vocabulary | ||
+ | *Completeness e.g. the meta data required to do real time performance evaluation (NQF measures e.g. patients who have had an episode of depression and are receiving certain medications or percentage of people who have seen a primary care physician who receive medication) | ||
+ | **Completeness as it refers to a set of quality measures that are in scope for behavioral health is part of SHIPPS. In other words the information that is required to automate that quality measurement | ||
+ | **Completeness from the definition of the data/information required is not in scope for SHIPPS | ||
+ | |||
+ | '''The metadata associated with the quality measure should be in the data itself or else the quality measure cannot be automated''' | ||
+ | |||
+ | Richard – We need to have a notion of the scope of information that is collected somewhere | ||
+ | |||
+ | Ioana – Ideally there will be a lot of data collected some of which is structured, a subset of the data will be required to be complete in order to evaluate certain aspects of quality. However whether all the different diagnosis codes, which physicians care about are included is less important than those diagnostic codes referred to in the quality measures that are included. Maybe clinically there is other information that the physician needs and they may think the data set is not complete but for the SHIPPS project we need the subset that is relevant to performance e.g. quality of care. | ||
+ | |||
+ | Richard - Reference of quality of care maybe be outdated | ||
+ | |||
+ | Ioana – That’s what the quality of measure is for but if there are best practices that exceed what the quality of measure is interested in that’s fine. It’s complete if it covers everything that helps people to do their job, even if it is more than the quality of measure. The quality measure looks for specific facts that determine quality. We as non-clinical people can’t aspire completeness. That will come from the detailed domain model work that says: this is what physicians care about and how it should be encoded. '''We are looking at aspects of that data that are relevant for policy makers, outcome measurements and management'''. This is more refined than the whole universe of data. | ||
+ | |||
+ | Richard – Using a standard’s placeholder for the purposes of a problem diagnosis there should be some insertion of specific quality measures to assess quality of service. We don’t do this but the access control service or system that is used to extract information or some policy is not something we want to do by hand. The request that is made for information from the EHR e.g the quality of cardiac care in some facility could go in with the structure we are talking about in terms of automated segmentation or filtering of data and we would know exactly what to extract. This could be done with various levels of identification. | ||
+ | |||
+ | Jon – This could be very sophisticated rules driven or some heuristic so the implementations will vary in quality but hopefully quality will improve over time | ||
+ | |||
+ | Richard – This is a long term process | ||
+ | |||
+ | Ioana – '''SHIPPS will raise awareness in producing good quality data'''; hopefully help implementers by providing them with an idea of what the end game will look like | ||
+ | |||
+ | Richards – Segment the information for various reasons not just for privacy | ||
+ | |||
+ | Jon – We are going to create an analytic framework and implementers will use it as their capabilities grow | ||
+ | |||
+ | Richard – the pressure will be on implementers from the people that buy systems needing to report on NQF measures | ||
+ | |||
+ | Ioana – This will allow partners to know the '''data quality levels''' they are dealing with one. In order to exchange data in an automated meaningful way they may need to get to a Maturity Level of 2 or 3. This will provide a quantifiable cause and effect. Why can ‘xyz’ be done with the data? The data is not at the right level | ||
+ | |||
+ | Richard – Reimbursement rates may depend on it | ||
+ | |||
+ | Ioana – '''The common thread that ties data segmentation and real time quality measures is the underlying data we are operating on''' | ||
+ | |||
+ | Richard – This operation is not different from one purpose or another. The kinds of things I might want to protect because they are sensitive, is that the same kind of segmentation process that we have to do in order to extract useful information for quality measurement. There is a lot of overlap. | ||
+ | |||
+ | Jon – The segmentation makes protecting sensitive data possible | ||
+ | |||
+ | Mary Ann – Are we defining a framework applied to fit all domains or topics in healthcare? | ||
+ | |||
+ | Ioana - '''Initially we are defining those elements that are common across domains, an inherent level of maturity and the quality of data that you are collecting in your EHR system'''. This is the pre-condition for segmenting data or for using it for quality measures in real time. We are initially looking specifically at behavioral health to show how to apply it. | ||
+ | |||
+ | Data segmentation could be driven from a number of policies not necessarily privacy. Other policy measures supported by data segmentation could be cost, waste, public health reporting. '''The EHR will have to support policies in all these areas.'''. | ||
+ | |||
+ | Ioana – We are aware of dual use of information e.g. for segmentation and for quality use. There may be other uses but segmentation and quality of use is the primary focus for the SHIPP’s project. | ||
+ | |||
+ | |||
+ | Richard - Building bridges to other HL7 WGs e.g. Public Health and CDC they must be trying to have multiple uses of records of information because they have all these increasing public health and safety reporting requirements. The '''burden of reporting''' is serious. | ||
+ | |||
+ | Ioana – Bring the scope statement to these other WG and other interested parties so they can co-sponsor or influence the work. Ioana motions: | ||
+ | |||
+ | '''Motion: CBCC approves to circulate the scope statement to other potential interested parties'''Serafina seconds motion; 7 yea/ none opposed / no abstentions - approved | ||
+ | |||
+ | Next Steps: | ||
+ | *Circulate scope statement to selected HL7 Work Groups to enlist Co-Sponsors and Interested Parties | ||
+ | *Once finalized, send scope statement to Steering Committee. Once approved by the Steering Division, send to the TSC for final approval | ||
+ | |||
+ | Richard – There are other WGs moving in a similar direction to what we are doing e.g. how to enable the functional model to have the capacity to implement consent and be able to manage the results of the information they have to produce | ||
+ | |||
+ | Ioana - From a functionally standpoint the EHR is going to have to support real time automated reporting of quality measures. This will have to be reflected in the functional model. Currently capturing the patient’s privacy consent directive is not called out specifically as a supporting function in the EHR Functional Model | ||
+ | |||
+ | Jim – The Direct Care Chapter support for consent | ||
+ | |||
+ | Serafina - The Direct Care functions of EHR-FM does address the mechanics of creating a health record and refer to the concepts of managing externally generated (including patient originated) health data. So this appears to be the area of the FM to address managing privacy consent directives. | ||
+ | |||
+ | Ioana – The Infrastructure section refers to supporting consent but it does not say anything about how to record consent | ||
+ | |||
+ | Serafina action item: outreach to possible co-sponsors for this project – figure out who is an interested party and who do they represent (e.g. KP), | ||
+ | *Reach out to Floyd Isenberg (NQF), Structured Documents, Security, Public Health and Emergency Response, EHRs WGs and to follow up with Walter Suarez to confirm his interest | ||
+ | *Richard to reach out to John Ritters | ||
+ | *Ioana to follow up with MITRE Corporation – open source. They’ve had a privacy project for a year covering much of the same territory we’re covering. | ||
+ | |||
+ | == Summary From Security == | ||
+ | Tony – Rob McCLure was concerned with the use of the word ‘segmentation’ in the CBCC meeting notes from last week | ||
+ | *'''Amenable to using segmentation as a verb e.g. an activity to identify information of interest for segregation''' | ||
+ | *Staying clear of using segmentation as a noun to suggest portions of the patient record are actually separated out in some persistent way for privacy or other purposes | ||
+ | |||
+ | Richard – e.g. separate out substance abuse data before my record is forwarded | ||
+ | ony – filter out or a masking action opposed to moving aside or moving the data into a special area | ||
+ | |||
+ | Ioana – These are '''implementation details''' e.g. how to accomplish that which may be exchanged vs not exchanged is outside the scope of SHIPP | ||
+ | |||
+ | Jon – segmentation defined too narrowly to tagging data to delineate the segment | ||
+ | |||
+ | Ioana – Using the word ‘tagging’ data implies implementation. '''We don’t want implementation to lead, focus on requirements''' | ||
+ | |||
+ | Jon – That is Rob’s point | ||
+ | |||
+ | Ioana – How we do it is a different issue – this is implementation | ||
+ | |||
+ | Jon – Question – '''Will the structure and encoding be in content or expressed in the consent themselves''' | ||
+ | |||
+ | Ioana – The consent will refer to the diagnosis of substance abuse and the data has to be able to trace back to diagnosis to substance abuse. Based on current policy if I express a reasonable consent, how will it be done in automated way - what sort of data do you need to be able to store in your EHR system to be able to automatically tease out which record is substance abuse related and which one is not. | ||
+ | |||
+ | Jon- I think this is what Rob was objecting to e.g. deciding what you have to '''store in the EHR system''' but not the data | ||
+ | |||
+ | Ioana – You have to store all the data, the question is what data can be exchanged. For records management you will store all the data you are producing, the question is when you disclose data most of the privacy policies kick in. For example if the patient meets certain criteria and the data happens to be substance abuse related consent is required | ||
+ | *We have to store all the data, the question is what information needs to be exchange? | ||
+ | *We need to guide implementations through best practices | ||
+ | *We could consider maturity levels – MITA does this effectively | ||
+ | |||
+ | Richard - Security framework – what is the relationship between security and privacy. Security is responsible for enforcing privacy at implementation. There is a level of access control service that enables the appropriate exchange of information and potential sharing of information within an enterprise. '''Access control includes exchange and what is going on within the enterprise.''' | ||
+ | |||
+ | John - There do not have to be security artifacts or privacy formalism in the security models | ||
+ | |||
+ | Jon – Based on the Ioana’s clarification of segmentation Rob should be ok e.g. he objected to the notion that we would mandate new segment structures that would get introduced into things like documents e.g. segmentation in CDA | ||
+ | |||
+ | Richard - '''We need to more rigorously define segmentation''' – in my mind segmentation is the process by which the access control service actually implements different policies | ||
+ | |||
+ | Jon – referring to the scope statement - change ‘manage’ to ‘control sharing of health information for policy reporting purposes’ | ||
+ | |||
+ | Serafina - Review letter NCVHS. The term segmentation is defined as the ability to protect specific and sensitive IIHI within the electronic record from disclosure. The NCVHS recommendation includes definitions of specific categories of information and the context in which that data occurs. | ||
+ | |||
+ | Jon – it does not include Richard’s point e.g. segmentation is the process by which the access control service actually implements different policies, it needs to include exchange and what is going on within the enterprise | ||
+ | |||
+ | Richard - Circulate scope statement as is and get people’s attention. This is an emerging / evolving subject. | ||
+ | |||
+ | Jon – I would like to see use change the word ‘manage’ to protect certain. Manage means too many things | ||
+ | |||
+ | Richard – I am going in the other direction, from a policy view you want to incorporate a lot of different requirements | ||
+ | |||
+ | Jon – How about ‘control sharing’ so it is not just one way. | ||
+ | |||
+ | Possible change for future: ''' The ability to control sharing of health information for privacy and policy related to reporting.''' | ||
− | + | Meeting was adjourned at 3:05 PM Eastern |
Latest revision as of 17:05, 30 November 2010
Contents
Community-Based Collaborative Care Working Group Meeting
Attendees
- Jon Farmer
- Suzanne Gonzales-Webb CBCC Co-chair
- Mary Ann Juurlink Scribe
- Jim Kretz
- Ioana Singureanu
- Richard Thoreson CBCC Co-chair
- Serafina Versaggi
- Tony Weida
Agenda
- (05 min) Roll call, approve minutes November 16th, call for additional agenda items & accept agenda
- (55 min) Continue review of the Draft Semantic Health Information Performance and Privacy Standard Project Scope Statement Updated 11/16/2010
Minutes
1. Action Items
- Complete - Walter Suarez shared the NCVHS Letter of Recommendations Regarding Sensitive Health Information mentioned when the concept of "data segmentation" was first raised in the context of the SHIPPS project during the Nov. 2nd CBCC WG Meeting.
- In this letter, recently posted on the HHS website, NCVHS defines the categories of sensitive health information recommended for use by HHS as a basis for research, technical development, pilot testing, and potential future demonstration projects
- Serafina to circulate CBCC scope statement to selected HL7 WGs to gauge level of interest and to solicit participation in the SHIPPS project. Approach:
- Circulate to WG s (Security, PHER, SD, EHR) and to Dr. Floyd Eisenberg (NQF) and Walter Suarez (KP/NCVHS)
- Comments to CBCC list welcomed
- Continue discussion next week
2. Resolution
November 16, 2010 minutes approved
Motion: CBCC approves to circulate the scope statement to other potential interested parties. Vote: 7/0/0
3. Updates/Discussion
In discussing the intersection between privacy, performance and the SHIPPs project we are looking at the way clinical and other related data are captured in the electronic record. Other related support data includes e.g. privacy data, monitoring treatment process data, and all public health and safety issues data. As much as possible we need to have reusability of the information that is in the record. These support areas have separate reporting activities that require effort not normally part of the clinical service delivery. This means time savings, cost savings and quality of information need to be looked at, for example; any time we have a separate reporting process from the clinical process there is a chance the meaning of the data will be distorted.
4.a. Project Scope
Performance issues include quality of care for public health reporting and safety. They also involve cost containment issues e.g., the value of services delivered and/or problems of the underserved. Concerning clinical decision support you have to have the right information in the record so the automated reports work properly. We need to be able to make use of the information e.g. case managers being able to do their job. We need to be able to do waste monitoring and abuse monitoring.
The term ‘identify metadata and data quality’ – it’s not additional meta-data, it’s the quality of data stored in the electronic record itself that makes it possible to measure outcomes. If you don’t encode diagnosis, if you are using free text for diagnosis – the data is there but not at the right level of quality and encoding. One thing we were considering is to define the levels of quality data e.g. a Maturity Model.
- Narrative unstructured data to structured data. If you are using narrative unstructured data there is only so much quality measurement you can derive automatically.
- If you are using structured data with local codes then you have to support some sort of mapping and additional processing before the data can be used to automate real time quality measures
If you encode data using standards and standard-based terminologies, you can automate real time quality measurements So this project doesn’t intend to define additional metadata, we want to define that the data itself is at a certain level of quality in terms of structure and encoding
- This includes structure and vocabulary
- Completeness e.g. the meta data required to do real time performance evaluation (NQF measures e.g. patients who have had an episode of depression and are receiving certain medications or percentage of people who have seen a primary care physician who receive medication)
- Completeness as it refers to a set of quality measures that are in scope for behavioral health is part of SHIPPS. In other words the information that is required to automate that quality measurement
- Completeness from the definition of the data/information required is not in scope for SHIPPS
The metadata associated with the quality measure should be in the data itself or else the quality measure cannot be automated
Richard – We need to have a notion of the scope of information that is collected somewhere
Ioana – Ideally there will be a lot of data collected some of which is structured, a subset of the data will be required to be complete in order to evaluate certain aspects of quality. However whether all the different diagnosis codes, which physicians care about are included is less important than those diagnostic codes referred to in the quality measures that are included. Maybe clinically there is other information that the physician needs and they may think the data set is not complete but for the SHIPPS project we need the subset that is relevant to performance e.g. quality of care.
Richard - Reference of quality of care maybe be outdated
Ioana – That’s what the quality of measure is for but if there are best practices that exceed what the quality of measure is interested in that’s fine. It’s complete if it covers everything that helps people to do their job, even if it is more than the quality of measure. The quality measure looks for specific facts that determine quality. We as non-clinical people can’t aspire completeness. That will come from the detailed domain model work that says: this is what physicians care about and how it should be encoded. We are looking at aspects of that data that are relevant for policy makers, outcome measurements and management. This is more refined than the whole universe of data.
Richard – Using a standard’s placeholder for the purposes of a problem diagnosis there should be some insertion of specific quality measures to assess quality of service. We don’t do this but the access control service or system that is used to extract information or some policy is not something we want to do by hand. The request that is made for information from the EHR e.g the quality of cardiac care in some facility could go in with the structure we are talking about in terms of automated segmentation or filtering of data and we would know exactly what to extract. This could be done with various levels of identification.
Jon – This could be very sophisticated rules driven or some heuristic so the implementations will vary in quality but hopefully quality will improve over time
Richard – This is a long term process
Ioana – SHIPPS will raise awareness in producing good quality data; hopefully help implementers by providing them with an idea of what the end game will look like
Richards – Segment the information for various reasons not just for privacy
Jon – We are going to create an analytic framework and implementers will use it as their capabilities grow
Richard – the pressure will be on implementers from the people that buy systems needing to report on NQF measures
Ioana – This will allow partners to know the data quality levels they are dealing with one. In order to exchange data in an automated meaningful way they may need to get to a Maturity Level of 2 or 3. This will provide a quantifiable cause and effect. Why can ‘xyz’ be done with the data? The data is not at the right level
Richard – Reimbursement rates may depend on it
Ioana – The common thread that ties data segmentation and real time quality measures is the underlying data we are operating on
Richard – This operation is not different from one purpose or another. The kinds of things I might want to protect because they are sensitive, is that the same kind of segmentation process that we have to do in order to extract useful information for quality measurement. There is a lot of overlap.
Jon – The segmentation makes protecting sensitive data possible
Mary Ann – Are we defining a framework applied to fit all domains or topics in healthcare?
Ioana - Initially we are defining those elements that are common across domains, an inherent level of maturity and the quality of data that you are collecting in your EHR system. This is the pre-condition for segmenting data or for using it for quality measures in real time. We are initially looking specifically at behavioral health to show how to apply it.
Data segmentation could be driven from a number of policies not necessarily privacy. Other policy measures supported by data segmentation could be cost, waste, public health reporting. The EHR will have to support policies in all these areas..
Ioana – We are aware of dual use of information e.g. for segmentation and for quality use. There may be other uses but segmentation and quality of use is the primary focus for the SHIPP’s project.
Richard - Building bridges to other HL7 WGs e.g. Public Health and CDC they must be trying to have multiple uses of records of information because they have all these increasing public health and safety reporting requirements. The burden of reporting is serious.
Ioana – Bring the scope statement to these other WG and other interested parties so they can co-sponsor or influence the work. Ioana motions:
Motion: CBCC approves to circulate the scope statement to other potential interested partiesSerafina seconds motion; 7 yea/ none opposed / no abstentions - approved
Next Steps:
- Circulate scope statement to selected HL7 Work Groups to enlist Co-Sponsors and Interested Parties
- Once finalized, send scope statement to Steering Committee. Once approved by the Steering Division, send to the TSC for final approval
Richard – There are other WGs moving in a similar direction to what we are doing e.g. how to enable the functional model to have the capacity to implement consent and be able to manage the results of the information they have to produce
Ioana - From a functionally standpoint the EHR is going to have to support real time automated reporting of quality measures. This will have to be reflected in the functional model. Currently capturing the patient’s privacy consent directive is not called out specifically as a supporting function in the EHR Functional Model
Jim – The Direct Care Chapter support for consent
Serafina - The Direct Care functions of EHR-FM does address the mechanics of creating a health record and refer to the concepts of managing externally generated (including patient originated) health data. So this appears to be the area of the FM to address managing privacy consent directives.
Ioana – The Infrastructure section refers to supporting consent but it does not say anything about how to record consent
Serafina action item: outreach to possible co-sponsors for this project – figure out who is an interested party and who do they represent (e.g. KP),
- Reach out to Floyd Isenberg (NQF), Structured Documents, Security, Public Health and Emergency Response, EHRs WGs and to follow up with Walter Suarez to confirm his interest
- Richard to reach out to John Ritters
- Ioana to follow up with MITRE Corporation – open source. They’ve had a privacy project for a year covering much of the same territory we’re covering.
Summary From Security
Tony – Rob McCLure was concerned with the use of the word ‘segmentation’ in the CBCC meeting notes from last week
- Amenable to using segmentation as a verb e.g. an activity to identify information of interest for segregation
- Staying clear of using segmentation as a noun to suggest portions of the patient record are actually separated out in some persistent way for privacy or other purposes
Richard – e.g. separate out substance abuse data before my record is forwarded ony – filter out or a masking action opposed to moving aside or moving the data into a special area
Ioana – These are implementation details e.g. how to accomplish that which may be exchanged vs not exchanged is outside the scope of SHIPP
Jon – segmentation defined too narrowly to tagging data to delineate the segment
Ioana – Using the word ‘tagging’ data implies implementation. We don’t want implementation to lead, focus on requirements
Jon – That is Rob’s point
Ioana – How we do it is a different issue – this is implementation
Jon – Question – Will the structure and encoding be in content or expressed in the consent themselves
Ioana – The consent will refer to the diagnosis of substance abuse and the data has to be able to trace back to diagnosis to substance abuse. Based on current policy if I express a reasonable consent, how will it be done in automated way - what sort of data do you need to be able to store in your EHR system to be able to automatically tease out which record is substance abuse related and which one is not.
Jon- I think this is what Rob was objecting to e.g. deciding what you have to store in the EHR system but not the data
Ioana – You have to store all the data, the question is what data can be exchanged. For records management you will store all the data you are producing, the question is when you disclose data most of the privacy policies kick in. For example if the patient meets certain criteria and the data happens to be substance abuse related consent is required
- We have to store all the data, the question is what information needs to be exchange?
- We need to guide implementations through best practices
- We could consider maturity levels – MITA does this effectively
Richard - Security framework – what is the relationship between security and privacy. Security is responsible for enforcing privacy at implementation. There is a level of access control service that enables the appropriate exchange of information and potential sharing of information within an enterprise. Access control includes exchange and what is going on within the enterprise.
John - There do not have to be security artifacts or privacy formalism in the security models
Jon – Based on the Ioana’s clarification of segmentation Rob should be ok e.g. he objected to the notion that we would mandate new segment structures that would get introduced into things like documents e.g. segmentation in CDA
Richard - We need to more rigorously define segmentation – in my mind segmentation is the process by which the access control service actually implements different policies
Jon – referring to the scope statement - change ‘manage’ to ‘control sharing of health information for policy reporting purposes’
Serafina - Review letter NCVHS. The term segmentation is defined as the ability to protect specific and sensitive IIHI within the electronic record from disclosure. The NCVHS recommendation includes definitions of specific categories of information and the context in which that data occurs.
Jon – it does not include Richard’s point e.g. segmentation is the process by which the access control service actually implements different policies, it needs to include exchange and what is going on within the enterprise
Richard - Circulate scope statement as is and get people’s attention. This is an emerging / evolving subject.
Jon – I would like to see use change the word ‘manage’ to protect certain. Manage means too many things
Richard – I am going in the other direction, from a policy view you want to incorporate a lot of different requirements
Jon – How about ‘control sharing’ so it is not just one way.
Possible change for future: The ability to control sharing of health information for privacy and policy related to reporting.
Meeting was adjourned at 3:05 PM Eastern