Transcript No Slide Title

The Patient as Steward of Healthcare Data
Managing Consent Preferences
John D. Halamka MD
Louis Sullivan Lecture
Privacy is the Final Frontier
How do we record patient preferences
about information sharing?
How do we transfer consent preferences
among payers, providers, labs, pharmacies,
personal health record vendors and other
stakeholders?
How do we manage continually changing
privacy preferences, situations and use
cases?
1998 – Payer/Provider data
exchange
Health Insurance Portability and Accountability Act
(HIPAA)
2004 – Provider/Provider
data exchange
Regional Health Information network
Organizations (RHInOs)
2008 – The Patient as Data
Steward
Consent Assertion Markup Language
(CAML)
How it might work?
A Consent Wizard, available as an open
source web application, codifies all the
consent options inventoried by HISPC
The output of the Consent Wizard is a
transportable XML representation of patient
preferences that can be hosted by a payer, a
PHR, or a RHIO and used to guide all
information exchange
Flavors of Consent
Opt-Out = data is exchanged by default
unless restricted by the patient
Opt-In = data is not exchanged by default
until the patient consents
Quilted = a subset of data is exchanged
with patient consent based on institution,
data user, data producer, and situation
Scope of Consent
Institution
– Opt Out = I do not wish the information at this
institution to be shared
– Opt In = I agree to share all information from
this institution
– Quilted = I agree to share my medications and
labs but not my problem list and notes from this
institution
Scope of Consent
Data User
– Opt Out = I do not want to participate in this
research study
– Opt In = I want my data used by all
stakeholders with audit protections, to optimize
my health
– Quilted = I want all my data shared with
emergency providers, primary care physicians,
payers and public health agencies, but not with
pharmaceutical firms
Scope of Consent
Data Producer
– Opt Out = I do not want my laboratory records
shared
– Opt In = I want my data from labs, pharmacies
and payers shared with providers
– Quilted = I want my pharmacy records shared
except medications used for mental health, HIV,
and substance abuse treatment
Scope of consent
Situation
– Opt Out = I do not want my data shared for
simple office visits with one-time providers i.e.
out of town visit to an urgent care for a small
laceration repair
– Opt In = I want my data shared for all care
situations
– Quilted = I want my data shared for all
emergency visits but not for routine care
How it might appear
<consent>
<scope="Institution">
<code code="311570" displayName="Beth Israel Deaconess Medical
Center"/>
<statusCode code="opt-in"/>
<time value=’20041001132534-0500’/>
</scope>
<scope="DataUser">
<code code =“12345678" displayName="Harvard Clinical Research
Institute" />
<statusCode code="opt-out"/>
<time value=’20060923153527-0500’/>
</scope>
</consent>
How it might appear
<consent>
<scope="DataProducer">
<code code="987654321" displayName="Walgreens Pharmacy"/>
<statusCode code="quilted"/>
<time value=’20051103161524-0500’/>
<exclusion code="34343434" displayName="Mental Health"/>
</scope>
<scope="Situation">
<code code =“111111" displayName="Emergency Department Care" />
<statusCode code="opt-in"/>
<time value=’20060201113715-0500’/>
</scope>
</consent>
What this means
I opt-in to share all my data from Beth Israel
Deaconess Medical Center
I opt-out of participating in a clinical trial at
Harvard Clinical Research Institute
I opt-in to sharing my Walgreens prescription data
except mental health medications
I opt-in to sharing all data (including mental
health medications) for emergency care
The devil is in the details
The Consent Wizard would need to enforce
integrity of consent options to avoid conflicting
preferences i.e. patients cannot both opt-out and
opt-in for data sharing with the same data user
and situation
A hierarchy must be created to ensure consistent
interpretation of complex consent such as
situation > institution > data user > data producer
i.e. an opt-in for emergency department data
sharing overrides data producer opt-outs
How could this be
implemented?
A Payer implements a patient portal which
hosts the Consent Wizard and authenticates
the patient. When a provider does a
270/271 transaction, the CAML data is
returned with the 271 response or is
available as a 275 claims attachment
How could this be
implemented?
A Personal Health Record vendor provides
the Consent Wizard to patients but does not
need to verifiably authenticate the patient.
When the patient 'authenticates' with the
provider during the care registration
process, the patient provides the PHR
vendor name and account information
needed to access their CAML data
How could this be
implemented?
A RHIO, on behalf of the community, hosts
the Consent Wizard and provides access to
the CAML records of the community
Next steps
Consideration by the AHIC Security and
Privacy Working Group
If AHIC proposes a use case, then SDOs
would need to work on CAML or adapt
XACML (existing standard for access
control) to support CAML principles
Pilot projects for Consent Wizard
development