This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Difference between revisions of "September 3, 2013 CBCC Conference Call"

From HL7Wiki
Jump to navigation Jump to search
 
(4 intermediate revisions by the same user not shown)
Line 8: Line 8:
 
==Attendees==(expected)
 
==Attendees==(expected)
  
* Yes - [mailto:aadliak#healthstik.com Aadli Abdul-Kareem]
+
* Yes - [mailto:aadliak@healthstik.com Aadli Abdul-Kareem]
 
* [mailto:michael_alonso@senecacenter.org Michael Alonso]
 
* [mailto:michael_alonso@senecacenter.org Michael Alonso]
 
* [mailto:marnheiter@ntst.com Matthew Arnheiter]
 
* [mailto:marnheiter@ntst.com Matthew Arnheiter]
Line 14: Line 14:
 
* [mailto:bbraithwaite@anakam.com  Bill Braithwaite, MD]
 
* [mailto:bbraithwaite@anakam.com  Bill Braithwaite, MD]
 
* [mailto:Daniel.Crough@azdhs.gov Daniel Crough]
 
* [mailto:Daniel.Crough@azdhs.gov Daniel Crough]
* Yes - [steve.eichner@dshs.state.tx.us Steve Eichner]
+
* Yes - [mailto:steve.eichner@dshs.state.tx.us Steve Eichner]
 
* [mailto:sgonzales-webb@drc.com Suzanne Gonzales-Webb] CBCC Co-chair
 
* [mailto:sgonzales-webb@drc.com Suzanne Gonzales-Webb] CBCC Co-chair
 
* Yes - [mailto:bd@handspicker.net Brian Handpicker]
 
* Yes - [mailto:bd@handspicker.net Brian Handpicker]
Line 38: Line 38:
 
#''(15 min)'' '''Item1: LOINC and SNOMED-CT Privacy Protection value sets''' - Aadli Abdul-Kareem (Prince Georges County)  
 
#''(15 min)'' '''Item1: LOINC and SNOMED-CT Privacy Protection value sets''' - Aadli Abdul-Kareem (Prince Georges County)  
 
#''(15 min)'' '''Item2: Agenda for Sept HL7 WGM '''  
 
#''(15 min)'' '''Item2: Agenda for Sept HL7 WGM '''  
#''(15 min)'' '''Item3: Trusted Value Sets for Privacy Protection Framework''' - Richard Thorsen
+
#''(15 min)'' '''Item3: Trusted Value Sets for Privacy Protection Framework''' - Richard Thoreson
 
#''(5 min)'' '''Other Business'''
 
#''(5 min)'' '''Other Business'''
  
 
==Meeting Minutes==
 
==Meeting Minutes==
  
'''Item1: Agenda for Sept HL7 WGM'''  
+
'''Item1: LOINC and SNOMED-CT Privacy Protection value sets''' - Aadli Abdul-Kareem (Prince Georges County)
 
  
'''Item2: Consent2Share Demonstration'''
+
Aadli Abdul-Kareem shared background information on the process used to generate a list of LOINC codes and SNOMED-CT data that need to be locked down with an extra layer of security to protect it against unauthorized disclosure.
  
'''Other Business: '''
+
Aadli talked about the public health exchange being deployed in Maryland where the health dept has deployed an Electronic medical record (EMR). They want to be able to use this to communicate with a lot of the agencies that they do business with. It didn’t seem possible to replace the current applications in use by these different agencies since the MD Smart system was already widely dispersed and the MD Smart system also fulfilled a different role from that of the MIE Web Charts or the clinical system. Instead, they decided to implement a data exchange so that the EMR/HIS MIE Web system could continue to do the diagnose, treat, order labs, etc things that it’s supposed to do and the MD SMART Mental Health system could interface with it as needed while still focusing on the assessments that it's designed to do.
 +
 
 +
Deployment method: A patient is presented across the community. We need to id them and figure out what info to collect and then give access to that data. Smart relies on consent driven transactions and there is this information we can’t access so we have to figure out how we are going to control this process. What data can we share, types of transactions can we run and how are we going to run them? To match patient across the community we use specific demographic data. Then ID what data each system can share, what data can we absolutely not touch that needs to be protected with an extra layer of security. We then identified the LOINC codes and SNOMED data that would have to be blocked at the MIE Health Dept information system level. This is how they produced the data sets. This data should be completely blocked unless the patient has given consent for disclosure. Consent has expiration dates.
 +
 
 +
With consent at the point of care, the information can be shared.
 +
 
 +
Subsequent conversation revolved around issues involved in implementing this across multiple and diverse systems. One idea is to group the data into larger groups and then over time the data can become more granular.
 +
 
 +
Richard mentioned that what SAMHSA is working on is a system that can handle this type of data and consent issues that would sit on top of other systems.
 +
 
 +
 
 +
'''Item2: Agenda for Sept HL7 WGM '''
 +
 
 +
Discussed the joint CBCC/Security portions of the HL7 WGM Agenda. Agreed to meet with Security on Tuesday, Q2 for the DS4P ballot reconciliation.
 +
 
 +
 
 +
'''Item3: Trusted Value Sets for Privacy Protection Framework''' - Richard Thoreson
 +
 
 +
Richard reviewed his Trusted Value Sets for Privacy Protection Framework document. This paper lays out reasons for needing value sets that can be used for incremental implementation of consent to share. It would be good to have an agreed upon workflow that will lead to a reusable group of value sets that people can use in other systems. The key part of our values added is having this process that is very concrete and easy to understand that can be shared.
 +
 
 +
Richard proceeded to step through the document.
 +
 
 +
Ioana described what we might show people regarding the privacy annotation process using metadata to identify restricted data and cannot be re-disclosed without consent. This metadata could track provenance and intended recipient of documents and record that those documents can't be re-disclosed without consent.
  
 +
This is leveraging the HCS schema from the Security WG and includes concrete examples of how HIEs may apply the information provided by the annotations.
  
  
 +
'''Other Business: ''' 
 +
None discussed.
  
 
[[Community-Based_Collaborative_Care|Back to CBCC Main Page]]
 
[[Community-Based_Collaborative_Care|Back to CBCC Main Page]]

Latest revision as of 14:56, 5 September 2013

Community-Based Collaborative Care Working Group Meeting

Back to CBCC Main Page

Meeting Information

==Attendees==(expected)

Back to CBCC Main Page

Agenda

  1. (05 min) Roll Call, Approve Minutes & Accept Agenda
  2. (15 min) Item1: LOINC and SNOMED-CT Privacy Protection value sets - Aadli Abdul-Kareem (Prince Georges County)
  3. (15 min) Item2: Agenda for Sept HL7 WGM
  4. (15 min) Item3: Trusted Value Sets for Privacy Protection Framework - Richard Thoreson
  5. (5 min) Other Business

Meeting Minutes

Item1: LOINC and SNOMED-CT Privacy Protection value sets - Aadli Abdul-Kareem (Prince Georges County)

Aadli Abdul-Kareem shared background information on the process used to generate a list of LOINC codes and SNOMED-CT data that need to be locked down with an extra layer of security to protect it against unauthorized disclosure.

Aadli talked about the public health exchange being deployed in Maryland where the health dept has deployed an Electronic medical record (EMR). They want to be able to use this to communicate with a lot of the agencies that they do business with. It didn’t seem possible to replace the current applications in use by these different agencies since the MD Smart system was already widely dispersed and the MD Smart system also fulfilled a different role from that of the MIE Web Charts or the clinical system. Instead, they decided to implement a data exchange so that the EMR/HIS MIE Web system could continue to do the diagnose, treat, order labs, etc things that it’s supposed to do and the MD SMART Mental Health system could interface with it as needed while still focusing on the assessments that it's designed to do.

Deployment method: A patient is presented across the community. We need to id them and figure out what info to collect and then give access to that data. Smart relies on consent driven transactions and there is this information we can’t access so we have to figure out how we are going to control this process. What data can we share, types of transactions can we run and how are we going to run them? To match patient across the community we use specific demographic data. Then ID what data each system can share, what data can we absolutely not touch that needs to be protected with an extra layer of security. We then identified the LOINC codes and SNOMED data that would have to be blocked at the MIE Health Dept information system level. This is how they produced the data sets. This data should be completely blocked unless the patient has given consent for disclosure. Consent has expiration dates.

With consent at the point of care, the information can be shared.

Subsequent conversation revolved around issues involved in implementing this across multiple and diverse systems. One idea is to group the data into larger groups and then over time the data can become more granular.

Richard mentioned that what SAMHSA is working on is a system that can handle this type of data and consent issues that would sit on top of other systems.


Item2: Agenda for Sept HL7 WGM

Discussed the joint CBCC/Security portions of the HL7 WGM Agenda. Agreed to meet with Security on Tuesday, Q2 for the DS4P ballot reconciliation.


Item3: Trusted Value Sets for Privacy Protection Framework - Richard Thoreson

Richard reviewed his Trusted Value Sets for Privacy Protection Framework document. This paper lays out reasons for needing value sets that can be used for incremental implementation of consent to share. It would be good to have an agreed upon workflow that will lead to a reusable group of value sets that people can use in other systems. The key part of our values added is having this process that is very concrete and easy to understand that can be shared.

Richard proceeded to step through the document.

Ioana described what we might show people regarding the privacy annotation process using metadata to identify restricted data and cannot be re-disclosed without consent. This metadata could track provenance and intended recipient of documents and record that those documents can't be re-disclosed without consent.

This is leveraging the HCS schema from the Security WG and includes concrete examples of how HIEs may apply the information provided by the annotations.


Other Business: None discussed.

Back to CBCC Main Page