By Hans Buitendijk, Chair, EHR Association Privacy & Consent Task Force

In Part One of this two-part blog series, we introduced the challenges in today’s privacy and consent management landscape and discussed different approaches for rules management. In Part Two, we put forth a proposed roadmap for establishing the necessary framework for privacy and consent management. 

A Roadmap for a Complex Infrastructure

Defining the critical components and standards, and establishing the necessary infrastructure is no small undertaking. It is not sufficient to simply have standards on how to communicate any tags, such as HL7 DS4P for documents, FHIR Security Labels for FHIR resources, and the ARV segment for HL7 v2. Not only that, but more is needed when v2, CDA, or FHIR are used to communicate data that must have tags beyond the data itself to enable evaluation of rules by the receiving system. This is especially true when data can be exchanged in many other formats and ways, including proprietary formats, and when sensitivity is based on the context of multiple data elements that, on their own, would not be considered sensitive, as well as when a patient’s data sharing rules may not involve a well-defined set of data values.

The $64,000 question is, how can we make progress? 

The following key steps could move us in the right direction.

Step 1 – Focus on well-defined privacy rules.

Start with defining computable representations of jurisdictional privacy rules using clearly defined data values and sensitivity flags for tagging data sets and documents containing sensitive data. This allows each data holder to manage their data sharing regardless of format by:

• Tagging data sets and documents that would be shared with the applicable sensitivity flag(s)
• Evaluate any data about to be shared against applicable jurisdictional rules regardless of exchange format or method based on the target recipient’s authority and applicable jurisdiction.

Step 2 – Establish the Role of Networks

While the primary responsibility lies with the data holders to determine whether to share data with a target recipient, networks may also play a role, particularly record locator services and providing network participants with endpoints for their patients’ data. We must resolve how networks can be properly involved and aware of brokered queries requesting data across jurisdictions with known restrictions. Generally,  networks should only focus on routing, not accessing the content of a query or the response/payload of a transaction. The appropriate role of a network should therefore be carefully considered, while not ruled out. 

Step 3 – Enable the capture and management of computable patient data-sharing rules

Today a patient’s data-sharing rules are largely paper-based. For health IT to support automated sharing based on a patient’s data-sharing rules, patients must be able to document those rules in computable format and collaborate with the relevant providers to agree to conform to those rules. This calls for a patient-centric approach where a patient can manage their rules in one place while at the same time requiring a distributed approach to enable the multiple providers the patient interacts with to review and agree to those rules. Managing and implementing these capabilities are critical to adoption and enabling patients and providers to make informed decisions on the consequences of not sharing data or sharing it where privacy rules would otherwise not permit sharing.  

This step also involves resolving the question of whether the patient’s data sharing rules should be managed provider-centric, jurisdiction-centric, or in a patient-centric location of the patient’s choosing. While we may start with some provider-centric and jurisdiction-centric approaches, advancing a patient-centric approach would best serve the patient and their caregivers and help ensure a consistent set of rules.

Step 4 – Progress adoption across the variety of interoperability methods and formats

Considering the large volume of standards-based exchange, the focus can be on ensuring that the payload is properly limited/inclusive of all data that can be shared with the target recipient, including necessary sensitivity flags. Challenges will remain on how to address sharing data with recipients that do not (yet) have the health IT capable of interacting with the privacy and a patient’s data sharing rules repositories and applying the current rules when re-sharing data.

Conclusion

Progress has been made in aspects of these steps, but has not yet reached the point that either can be deployed in a nationally scalable manner.

Step 1 will be implementable by data holders’ health IT once the necessary rules are defined in a computable format. Step 2 requires substantially more effort to have clearly defined standards on how to interact with a patient’s data-sharing rules repository to maintain a cohesive and comprehensive set of consent directives regardless of where they receive care and thus have federated access to the most current patient’s consent directives on file.

Promising work continues. However, steps have not yet been sufficiently completed to support wide adoption that covers all manner of exchange based on computable rules.