This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

October 27, 2015 Security Conference Call

From HL7Wiki
Revision as of 15:06, 27 October 2015 by Suzannegw (talk | contribs) (Created page with "'''Draft CBCC and Security WG harmonization proposals for review on Tuesday’s CBCC and Security WG calls.''' Submitted proposals are attached along with the Summary shown b...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Draft CBCC and Security WG harmonization proposals for review on Tuesday’s CBCC and Security WG calls.

Submitted proposals are attached along with the Summary shown below.

I’ll walk through these during the calls as time permits.

Technical review of these initial proposals and input from the workgroups will be used to create the final proposals, which are due 11/08.

-K

Draft Nov 2015 Harmonization proposals.docx – Summary for posting to Oct 27 CBCC and Security wiki agenda

http://www.hl7.org/events/harmonization/

ActPrivacyLaw Technical Corrections

This is a Security Harmonization Proposal to make technical corrections on how this vocabulary was implemented

Proposal Summary: Rename ActPrivacyLawPrivacyPolicyType concept domain. Update binding to v:ActPrivacyLaw. Replace current ActPrivacyLaw definition, which is the definition of ActInformationSensitivity, with the correct one.


ActInformationAccessContextCode


This is a Security Harmonization Proposal to improve the definition of terms used to describe the policy context in which health information is collected/accessed/used/disclosed.

Proposal Summary:

ActInformationAccessContext code definition revision and creation of value set.


ActConsentDirectiveType Value Set

This is a CBCC Harmonization Proposal to enable the DPROV IG to list multiple types of consent rules that apply to a CDA.

Currently, HL7 vocabulary has separate value sets for Consent Directive types with slightly different types of Consent rules.

As a workaround, the DPROV IG created an IG specific value set to combine both of the value sets listed below, but it would be better to have an HL7 approved value set.

Proposal Summary:

Create the ActConsentDirectiveType Value Set as a union of the existing ActConsentType and ActConsentDirective ActCodes. Create parallel binding to the existing ActConsentDirectiveType Concept Domain, which is currently only bound to the ActConsentDirective value set.

VALUE SET: ActConsentDirectiveType Description: ActConsentDirective and ActConsentType codes are used to specify the type of Consent Directive or Consent Type to which, for example, a Consent Act conforms, to which a Security Observation (Security Label) refers to, or to which a Privacy or Security Act refers. V:ActConsentDirectiveType is the union of v:ActConsentDirective [2.16.840.1.113883.1.11.20425] and v:ActConsentType [2.16.840.1.113883.1.11.19897].

Supported Code Systems: ActCode (2.16.840.1.113883.5.4)

Contains 2 children of type unionWithContent

Bound to Domains: ActConsentDirectiveType and ActConsentType (CWE) in R1 (Representative Realm)

The combined ActConsentDirectiveType Value Set value set would include the following codes:

ABSTRACT CONCEPT: _ActConsentDirective [abstract term] Description: Definition: Specifies the type of consent directive indicated by an ActClassPolicy e.g., a 3rd party authorization to disclose or consent for a substitute decision maker (SDM) or a notice of privacy policy.

Usage Note: ActConsentDirective codes are used to specify the type of Consent Directive to which a Consent Directive Act conforms.

LEAF CONCEPT: EMRGONLY (emergency only) Description: This general consent directive specifically limits disclosure of health information for purpose of emergency treatment. Additional parameters may further limit the disclosure to specific users, roles, duration, types of information, and impose uses obligations. Definition: Opt-in to disclosure of health information for emergency only consent directive.

LEAF CONCEPT: NOPP (notice of privacy practices) Description: Acknowledgement of custodian notice of privacy practices. Usage Notes: This type of consent directive acknowledges a custodian's notice of privacy practices including its permitted collection, access, use and disclosure of health information to users and for purposes of use specified.

LEAF CONCEPT: OPTIN (opt-in) Description: This general consent directive permits disclosure of health information. Additional parameter may limit authorized users, purpose of use, user obligations, duration, or information types permitted to be disclosed, and impose uses obligations. Definition: Opt-in to disclosure of health information consent directive.

LEAF CONCEPT: OPTOUT (op-out) Description: This general consent directive prohibits disclosure of health information. Additional parameters may permit access to some information types by certain users, roles, purposes of use, durations and impose user obligations. Definition: Opt-out of disclosure of health information consent directive.

ABSTRACT CONCEPT: _ActConsentType [abstract term] Description: Definition: The type of consent directive, e.g., to consent or dissent to collect, access, or use in specific ways within an EHRS or for health information exchange; or to disclose health information for purposes such as research.

LEAF CONCEPT: ICOL (information collection) Description: Definition: Consent to have healthcare information collected in an electronic health record. This entails that the information may be used in analysis, modified, updated.

LEAF CONCEPT: IDSCL (information disclosure) Description: Definition: Consent to have collected healthcare information disclosed.

SPECIALIZABLE CONCEPT: INFA (information access) Description: Definition: Consent to access healthcare information.

LEAF CONCEPT: INFAO (access only) Description: Definition: Consent to access or "read" only, which entails that the information is not to be copied, screen printed, saved, emailed, stored, re-disclosed or altered in any way. This level ensures that data which is masked or to which access is restricted will not be.

Example: Opened and then emailed or screen printed for use outside of the consent directive purpose.

LEAF CONCEPT: INFAO (access only) Description: Definition: Consent to access or "read" only, which entails that the information is not to be copied, screen printed, saved, emailed, stored, re-disclosed or altered in any way. This level ensures that data which is masked or to which access is restricted will not be.

Example: Opened and then emailed or screen printed for use outside of the consent directive purpose.

LEAF CONCEPT: IRDSCL (information redisclosure) Description: Definition: Information re-disclosed without the patient's consent.

SPECIALIZABLE CONCEPT: RESEARCH (research information access) Description: Definition: Consent to have healthcare information in an electronic health record accessed for research purposes.

LEAF CONCEPT: RSDID (de-identified information access) Description: Definition: Consent to have de-identified healthcare information in an electronic health record that is accessed for research purposes, but without consent to re-identify the information under any circumstance.

LEAF CONCEPT: RSREID (re-identifiable information access) Description: Definition: Consent to have de-identified healthcare information in an electronic health record that is accessed for research purposes re-identified under specific circumstances outlined in the consent.

Example: Where there is a need to inform the subject of potential health issues.

Retrieved from "https://wiki.hl7.org/w/index.php?title=October_27,_2015_Security_Conference_Call&oldid=106429"