overview of onc’s consumer preferences requirements document a hitsp etown-hall meeting...

Overview of ONC’s Consumer Preferences Requirements Document

A HITSP eTown-Hall Meeting

Presenters: Co-Chairs/Facilitators of the ConsumerPreferences Tiger TeamMureen Allen, MD | Walter Suarez, MDJohnathan Coleman | Elliot Sloane

enabling healthcare interoperability

Tuesday October 13, 2009 | 11:00 am – 1:00 pm (Eastern)

Co-Sponsored by the HITSP Consumer Preferences Tiger Team and the HITSP Education, Communications and Outreach Committee

1enabling healthcare interoperability

HITSP – enabling healthcare interoperability

Outline

Overview, Process, Timeline (5 minutes)

Consumer Preferences Defined; What is in scope; What is out of scope

(20 minutes)

Stakeholders; Issues and Policy Implications; Perspectives and

Scenarios (20 minutes)

Process Diagrams and Information Exchanges (35 minutes)

Functional Needs and Dataset Considerations (35 minutes)

Concluding Comments (5 minutes)

[Slides will be available at the HITSP Webinars site - http://www.hitsp.org/webinars.aspx]


Learning and Discussion Objectives

During this 120-minute eTown-Hall, participants will:

— Learn about the Consumer Preferences (CPs) Requirements Document released by ONC for public comment

— Discuss specific areas of the document

— Provide comments, questions, requests for clarifications and suggestions for improving the document

— Focus discussion on information exchange needs and interoperability issues associated with CPs, as presented in the document

Comments, suggestions, clarifications will be brought to the Consumer Preferences Tiger Team (CP-TT)

— CP-TT performing a more in-depth analysis an discussion/comment on the document

— Consolidated comments will be prepared and finalized this week

Everyone encouraged to send comments to ONC

— http://www.hhs.gov/healthit - go to ‘Standards and Certification’ on left panel, then ‘Use Cases and Requirements Documents’


Overview

Consumer preferences and, in particular, privacy preferences has

been an important priority topic for ONC

— 2006-2007 – Use Cases included some of the core elements of CPs

2006 Consumer Empowerment

2007 Consumer Access to Clinical Information

— 2008 – AHIC recommendations on gaps/extensions included CP

— February, 2009 – Consumer Preferences Extension

— October, 2009 – Consumer Preferences Requirements Document


National Health IT Process

ONC develops a document defining the scope, business processes, information exchanges, stakeholders, and functional requirements related to consumer preferences

HITSP evaluates the requirements, identifies needs for interoperability standards, evaluates and recommends standards to meet interoperability needs, identifies gaps and a roadmap to address the gaps

Recommended harmonized standards are tested and refined

Standards are incorporated into the Nationwide Health Information Network (NHIN), Health Information Exchanges (HIEs) and Electronic Health Record (EHR) certification requirements


Timeline

Draft document issued October 5; comments due October 16

ONC addresses comments (October/November 2009); a final detailed requirements document is expected by December, 2009

HITSP performs its standards harmonization work between October, 2009 and January, 2010, prepares and delivers HITSP products (Interoperability Specifications, Capabilities, Service Collaborations, and Constructs)


Consumer Preferences Defined (2.0)

Per ONC document:

For the purposes of this document, the term “consumer preferences” is used to collectively represent several inter-related capabilities including, but not limited to:

— The ability for a consumer to define permissions for who is permitted to access information in their EHR and under what circumstances this access is appropriate,

— The ability for a consumer to express preferences for how and under what circumstances their health information would or would not be made available by their healthcare providers,

— The ability for a consumer to authorize the release of their health information to another provider or third party; and

— The ability to establish various types of consumer preferences including but not limited to consents, advance directives and other potential types outlined in the Dataset Considerations section of the document.


Consumer Preferences Defined (2.0)

Consumer expressions of choices, desires or directives in two general areas:

Health information privacy (consents or authorizations) Establishing access restrictions and management parameters on health information

Defining privacy preference “conditionants” including:

By type of information (all data, segmentation of data)

By role and criteria based access, including type of encounter, embargoed records (VIP, legal restrictions)

By time (start, end, duration)

By level of participation (opt-in, opt-out, with or without additional classifications, with or without additional granularity)

By purpose of use

Content, Communication and Representation Status and/or designation, including advanced directives, DNR orders, healthcare proxies, living

wills, medical surrogates, access to family members

Care or associated services needs and communication needs, including appointment reminders, lab results

Comfort needs, including non-medical dietary restrictions, language needs, cultural needs, clergy preferences


What is IN SCOPE? (2.2)

The Consumer Preferences Requirements Document describes a framework for handling the preferences that consumers may need in order to control access to their information and potentially sensitive health information (SHI). The scope of this Requirements Document includes a high level description detailing:

— Key actors involved in the expression and creation of consumer preferences, namely the consumers, providers and organizations handling this information,

— Descriptions of the expression, transmission and application of consumer preferences,

— How consumer preferences are exchanged between electronic systems,

— The exchange of health information authorized by a consumer preference,

— The potential types of consumer preferences;

— The location of a consumer preference’s origin and storage.


What is OUT OF SCOPE? (2.2)

Certain aspects of the handling of consumer preference data are outside of the scope of this document including:

The details surrounding consumer education processes and requirements,

The process for reconciling situations where multiple preferences exist for one consumer/patient

Policies regarding whether or not a consumer preference is expected to be honored or accepted when sent from one entity to another,

The consequences of not following appropriate consumer preference procedures as prescribed by state, local, or entity policy,

The process and requirements for classifying and segmenting demographic and clinical information supporting consumer preferences regarding what they have deemed as sensitive health information and;

The mechanics of consumer auditing and tracking of this information, this area has been addressed in the 2007 Consumer Access to Clinical Information Use Case.


Facilitated Guide to Q&A

Consumer Preferences Defined Is definition sufficiently clear?

What are the challenges of combining privacy preferences with content/communication/representation preferences?

Are there areas or ‘conditionants’ of the privacy preferences missing?

Are there other areas within the content preferences that need to be considered?

In Scope / Out of Scope Are there items currently in scope that need to be clarified or that need

to be defined as out of scope?

Are there other/additional items that need to be considered in scope?

Are there items currently out of scope that need to be clarified or that need to be reconsidered as in scope?

Are there other/additional items that need to be defined as out of scope, for clarity purposes?


Consumer Preferences Stakeholders (3.0)


Issues and Policy Implications (4.0)

Consumer Participation

A national policy may be needed to address the variations in policies regarding Opt In/Opt Out, classifications, and granularity requirements

Consumer Education

The consumer must be educated on the content of their electronic health record, their rights and the implications of disclosing or not disclosing their medical information

Access Control and Disclosure

Privacy controls as well as the means for restricting data access are not standardized nor entirely supported by policies or regulations

Segmentation of Health Information

There is a lack of a definition of sensitive health information and how that information might be classified

Liability and Accountability

Additional guidance may be needed to reconcile and resolve situations where consumer preferences are in conflict


Perspectives and Scenarios (5.0)

Perspectives/Roles

Consumer: Any recipient or legal proxy of a recipient of healthcare

who wishes to create preferences regarding aspects of their care and

how their health-related information (HRI) is accessed or shared. `

Primary Receiving Organization: Any organization (provider,

information exchange or other information recipient) who receives and

may act on or manage a consumer preference and its related health

information.

Secondary Receiving Organization: Any organization (provider,

information exchange or other information recipient) who receives

from another organization and may act on or manage a consumer

preference and its related health information.


Perspectives and Scenarios (5.0)

ScenariosThe Process Diagram explains business processes surrounding consumer preferences including descriptions of events and actions. The Diagram is broken into two scenarios and 29 events

Scenario 1: Creation of a Preference – The process by which the consumer

creates a preference by expressing their preference an organization.

Scenario 2: Preference Management: Application, Exchange and

Replacement – The process by which the an organization identifies and/or

retrieves, applies, and exchanges a consumer’s preference to another

organization.

Scenario 1:Creation of Preference

Scenario 2:Preference

Management: Application,

Exchange and Replacement



Stakeholders

Are there differences between stakeholders? Stakeholders missing?

Are the roles/relationships of ALL stakeholders clearly described and noted throughout the document?

Issues and Policy Implications

Comments on the issues and policy implications?

Perspectives and Scenarios

Are the Actors/Perspectives/Roles clear and sufficient? Are there any missing actors or perspectives?

Are the two scenarios sufficient? Is the second scenario too complex by including both the management of consumer perspectives the exchange of consumer perspectives?


Process Diagrams (6.0) – Scenario 1

Consumer Preferences

Se

co

nd

ary

Re

ce

ivin

g

Org

an

iza

tio

n

Pri

ma

ryR

ece

ivin

g

Org

an

iza

tio

nC

on

su

me

r

6.76.6

6.4

Express Preference

6.2 6.5

6.3

Provide Education Materials

Receive/Review Education Materials

Identity Verification

Store Preference

Assign Appropriate

Default PolicyCreate Preference

6.1

Scenario 1 : Creation of a Preference

Discussion Regarding Consumer Preference

Choices

Audit and Reporting of the

Preference and/or Associated Information

6.86.9

Yes

No

In Scope Event

Legend

Out of Scope Event



Consumer Preferences

Se

cond

ary

Re

ceiv

ing

Org

ani

zatio

nP

rim

ary

Re

ceiv

ing

Org

ani

zatio

nC

ons

ume

r

Share Preference

Stop Flow of Information

6.18

6.22

Audit and Reporting of the

Preference and/or Associated Information

Receipt of the Preference

6.28

Receipt of Reconciliation

Notice

Request of Audit

6.27

6.236.19

Consumer Empowerment: Consumer Access to Clinical

Information Use Case

Scenario 2: Preference Management: Application, Exchange and Replacement

Opt In

6.25

Classification


6.24

6.21

Apply Preference

6.20

6.11

6.29

6.14

Opt In With Classification

6.26

Store Preference

6.13

Transfer/Transmission of Preference and/or Associated Information

Audit and Reporting of the Preference and/or Associated Information

Identify Preference

Replace Existing Preference

Identify Relevant Secondary Receiving

Organization(s)

Request Preference

Action


Relay Replacement

Status to Appropriate

Organization(s)

6.15

Acknowledgement of Receipt and Reconciliation

6.10

6.16 6.17

Opt Out

Revoke

Request to Amend Existing

Preference

6.12

Out of Scope Event

In Scope Event

Legend


Information Exchanges (7.0)

6.5, 6.12 Express or

Revoke Preference

6.6, 6.7, 6.24Receipt of Preference

6.23Transfer/

Transmission of Preference and/or

Associated Information

6.25Acknowledgement

of Receipt and Reconciliation

HIEIntermediary

orPoint to Point

EHR

PHR

Healthcare Entities

Social Agencies

Other Providers

Consumer ProviderInformation Sources and

RecipientsInformation Exchange

4

3

1b

1e

1c

1d

3

4

1d

6.25Acknowledgement

of Receipt and Reconciliation

2a

1a

6.20, 6.28Audit and

Reporting of the Preference and/or

Associated Information

556.29

Request of Audit6

6.26Receipt of

Reconciliation Notice

2b


Information Exchanges (7.0)



Process Diagrams

Are there any elements from the process flow in Scenario 1 not clear, incorrectly positioned or missing?

Any comments on the Scenario 1 Events and Actions?

Are there any elements from the process flow in Scenario 2 not clear, incorrectly positioned or missing?

Any comments on the Scenario 2 Events and Actions?

Information Exchanges

Are there any information exchanges that are not clear, incorrectly positioned or missing from the chart?

Is there a need to clarity any of the 11 legends/descriptions of information exchanges? Any additions/missing ones?


Functional Needs (8.0)

Functional Needs describe the combination of end-user needs and system behaviors that support interoperability and information exchanges

Universal Functional Needs Identity Verification: Consumer, Primary Receiving Organization, Secondary Receiving

Organization

Consumer Functional Needs Express Preference

Amend Preference

Replace Preference

Primary/Secondary Receiving Organizations Functional Needs Create Preference

Transmit Preference

View Preference

Store Preference

Apply Preference

Amend Preference

Request Exchange

Request Audit

Replace Preference

Transmit Update of Preference

Reconcile Conflicting Preferences

Acknowledge Receipt of Preference (or Update)

Maintain Audit Log of Preferences

Classify Data


Dataset Considerations (9.0)

General Considerations:

Consumers, at the highest level, require the capability to opt in or opt

out of the exchange of their health information.

Consumers may also request that only certain classes of information

be shared.

These classes of information and preferences could be classified at

varying levels of granularity.

Defining the needed levels of granularity is not focus of this Consumer

Preferences Requirements Document.

Data Set Considerations, provides a comprehensive (not exhaustive)

framework that can be used to support standards development and to

accommodate the major types of consumer preferences



Examples of Dataset Types (1):

Identity and Preference Verification

Consumer ID Information - addressed in 2006-2009 AHIC Use Cases

Primary/Secondary Organizational ID Information

Consumer Preference Information (identification and audit)




Data Classification (possible types of consumer preferences/classifications)

Access Restriction & Management Consent & Disclosure of Information – Sequestering or disclosing PHI and/or

sensitive health information (categories may include HIV/AIDS, Mental Health, Substance Abuse, Genetic Information, STDs, etc.)

Role & Criteria Based Access (Organization, Role, Encounter Based Access & Authorization, Embargoed Records, Time Limited Access, etc.)

Content preference – The actual preference surrounding delivering care or associated services

Status and/or designation (advanced directives, DNR, etc)

Care or associated service needs – Communication needs (appointment reminders, lab results, etc)

Comfort Needs or Palliative Care (non-medical dietary restrictions, language needs, cultural needs, etc)




Components of Access Restrictions/Management and Content Preferences

Level/Status of Participation (opt-in/opt-out, with/without granularity)

Consent Information (by type of requestor, purpose, type of data, etc)



Functional Needs

Are there any changes, additions or considerations needed on the Universal Functional Needs?

Are there any changes, additions or considerations needed on the Consumer Functional Needs?

Are there any changes, additions or considerations needed on the Primary/Secondary Receiving Organization Functional Needs?



Dataset Considerations

Are there any issues of clarity or scope regarding the general dataset considerations?

Any questions about the Identify and Preferences Verification dataset examples/considerations?

Any questions about the Data Classification – Access Restriction and Management examples/considerations? (i.e., are there other types of data segmentation to consider?)

Any questions about the Data Classification – Content Preferences examples/considerations?

Any questions about the Data Classification – Components of Access Restrictions/Management examples/considerations?


Additional Discussion / Questions