Transcript Slide 1
Use Case 6 Care Theme: Transitions of Care Use Case: Respecting the Patients Privacy Concerns During EMS & Physician Encounters Primary Goal: To demonstrate how behavioral health information is protected through patient-supplied privacy preferences. Key Points: • This demonstration illustrates how the IHE profile BPPC (Basic Patient Privacy Consents) allows patients to specify privacy rules for sensitive data, which is in this case behavioral health data. • The HIE (Health Information Exchange) honors the patient’s privacy settings and restricts access to the content depending on who is attempting to access the sensitive information. • Later, a patient may ask the HIE to provide a list of authorized users who saw their sensitive records using “break the glass”. Domain Profile IHE Profiles and Actors ATNA CT PDQ, PDQv3 IT Infrastructure (ITI) PIX, PIXv3 XDS Patient Care Coordination (PCC) BPPC MS Vendors Actor Oracle eClinicalWorks, InterSystems eClinicalWorks, InterSystems, Oracle eClinicalWorks, InterSystems InterSystems eClinicalWorks, InterSystems eClinicalWorks InterSystems eClinicalWorks, InterSystems Oracle InterSystems eClinicalWorks InterSystems eClinicalWorks InterSystems eClinicalWorks InterSystems eClinicalWorks Repository Secure Application Time Client Consumer Supplier Consumer Identity Source Manager Consumer Registry Repository Source Consumer Creator Recipient Source Consumer Creator Care Theme: Transitions of Care Use Case 6: Respecting the Patients Privacy Concerns During EMS & Physician Encounters Clinical Workflow: 1- HIE 2- PCP 4- EMS at Accident Scene 3- 911 Operator 5- Audit Officer at HIE 1. In formulating its privacy and consent strategy, a statewide HIE considers the pros and cons of opt-in and opt-out models. After careful consideration, it selects an “opt-out” model which states that a patient’s Personal Health Information (PHI) may be disclosed unless that patient explicitly opts out of the HIE as a whole, or opts out specific content. 2. A patient visits the PCP to discuss his state of mental health. Due to the sensitive nature of the encounter, the patient wishes to keep all information related to his mental health condition confidential. To enforce this, the patient explicitly defines a consent policy that declares his mental health condition as highly confidential, and only accessible in emergency situations. 3. Some time later, the patient is in a car accident. A witness calls 911 and passes the injured patient’s driver’s license information to the 911 phone operator. The 911 operator dispatches the ambulance, and at the same time views the patient in the community’s clinical portal. The 911 operator is able to see the non-sensitive content, but not the sensitive content. 4. EMS staff arrive at the accident scene and attend to the patient. Using the community’s clinical portal, the EMS staff view the patient’s clinical history and, using “break the glass”, also see the patient’s sensitive data. 5. Concerned about who might have seen his confidential data, the patient calls the local HIE to obtain a record of attempted and successful views of his data. The HIE’s Audit Officer assists the patient, and produces a report of all accesses to his PHI, including accesses performed using “break the glass”. Visit the IHE Product Registry at: ihe.net/registry