Consent on FHIR and Patient Choice
Carol Robinson, Principal, CedarBridge Group
Kathleen Connor, President, Baycliffe Strategies
Privacy on FHIR
Behavioral Health data sharing has been limited by Technology and policy.
The culture will be changing.
Patients will have moe granular options for sharing.
Michigan E-Consent Management System (eCMS)
Use Case Principles:
– Patients should be able to determine when and with whom their sensiive health data is shared.
– Behavioral Health Providers should be able to fully participate in HIE
– MI Regional HIEs should be able to efficiently manage patient consent determinations via a federated model.
Two components:
- Statewide consent form
- eCMS
Technical Overview
Standard Consent Directives separate the content from the management:
– ONC Patient Choice
– HL7 v2, v3 and CDA Consent Directive standards
– IHE BPPC and APPC Consents
IHE tracks CD content in XD* Metadata
Metadata reflects whether a consent directive is active
Metadata is included in CON Segment of the ADT. eg. ADT Access Control Restrictions
ONC Data Segmentation for Privacy (DS4P)
- DS4P Security Labeling
- Consent Directive Content
- Consent Tracking Metadata
- Authentication
- Exchange Paradigms
- Access Control/Audit
ONC DS4P Standards
The Stack:
– Content Tagging (CDA R2 Header(
– Content Structure (Consolidated CDA)
– Manifest Metadata ((XDS Metadata)
– User Context
– Push or Query/Retrieve Transport Mechanism
– Foundational Security
Patient Choice:
Three levels of rules:
-
- HIPAA Runs in background
-
- Basic Choice
-
- Granular Choice
Basic Choice: Organizations/States can define Opt-in or Opt-out
FHIR Consent Tracker Resource
Capture Consent Directive Metadata (for workflow)
Standard method for consumer consent information to be stored and managed.
Metadata includes:
– Consent Directive Provenance (author, signer, custodian)
– Consent Directive prescribed DS4P Security Labels for Confidentiality and Security Controls for downstream controtl
– Consent Domain Authority
FHIR Consent Directive Profile
Different states and organizations have differing requirements on what is a signature.
eg. Minnesota requires a “wet signature” i.e. signed in ink on paper.
Consent Directive examples for FHIR:
http://2.healthca.mp/1UqNeDS
via WordPress http://2.healthca.mp/1XLCO8J