Quick Links


DS4P Pilots



Feedback Welcome

We value your input!
Have a suggestion or idea for the initiative wiki? Send an email the Project Manager.
Need help using the Wiki? Send an email to Wiki Admin/Support.

Edit SidebarRight


  • Note: To access information about the SAMHSA Consent2Share (C2S) project, see the C2S Project page.

Overview

Open source, extensible, Access Control Service (ACS). Develop and test (within a sandbox) standards-based exchange, adjudication, and enforcement of privacy consents, as services in support of the exchange of privacy protected C32/CCDA records. Testing involves interaction between ACS clones that are each loosely coupled to an instance of an open source, MU 1 certified, EHRs clone (‘REM’, see below). This sandbox may test all “push” or “pull” scenarios defined in the IG.

Technical approach

  • Domain driven design, service component by service component
  • Components interact based on SOA APIs
  • Re-use open source resources whenever cost effective
  • Collaborative development by 3 partners

Objectives

SAMHSA and VA plan to pilot test all DS4P use cases, eventually. However, the short pilot test time period suggests that we set priorities, based on what other pilots are testing and what scenarios are most valuable to the DS4P Initiative. Below is a listing of the use cases scheduled for initial implementation.

Phase 1 (Sept 2012)

  • UC Scenario 1: User Story 1.1A
    Section 7332 of Title 38 Push (Directed Exchange) / Share Partial

Phase 2 (March 2013 HIMSS)

  • UC Scenario 2: User Story 1.1B
    Section 7332 of Title 38 Pull / Share all
  • UC Scenario 3: User Story 1C
    Pull
  • UC Scenario 4: User Story 1.1C
    Section 7332 of Title 38 Push (Directed Exchange) / Change Mind
  • UC Scenario 6: User Story 3
    Break the Glass

Stakeholders & Points of Contact

  • SAMHSA - Richard Thoreson
    REM Reference 'EHR', PUSH Sender, HCS/ACS Orchestration, HCS Rules Engine, HCS Document Processing(Tagging)
  • VA - Mike Davis
    Consent Locator, Access Control System(ACS), Clinical Rules, Organizational Rules, Push Receiver, XDS and XD*,Re-Disclosure ex.
  • Mitre - Anne Kling
    Patient Authorization and Restrictions
  • Jericho Systems - David Staggs
    Policy Decision Point, Enforcement, Patient Sensitivity Constraints/Obligations, Organizational/Juridictional, Applicable Privacy Law, Obligations and Refrain Policies
  • HIPAAT - Kel Callahan
    Patient Consent Policy Management

Demonstrated Standards

  • Tools and solution
    ACS, XACML-Based PDP/PEP, SAML, RBAC, HTML5, Drools
  • Payload
    CCDA, C32, SNOMED-CT, LOIC, RxNorm, DICOM
  • Transport
    DIRECT, NwHIN Connect (Modular) Specification
  • Federal Privacy Consent Policies
    42 CFR Part 2, Title 38 USC Section 7332 , ACA-mandated Proposed Rule 45 CFR Part 164.522(a)(1)(iv)
  • Security
    PKI, SSL/TLS/HTTPS

Ecosystem Diagram

VA-SAMHSA-Ecosystem.PNG

Pilot Project Timeline

VA-SAMHSA-ProposedTimeline.PNG

Anticipated Resources

  • SAMHSA
    Ioana Singureanu: OBHITA consultant, HL7 standards expert and systems architect
    FEISystems: OBHITA Open Source Contract (in 3rd year of planned 5 years)
  • VA
    Duane Decouteau: OASIS standards, systems architect, and programmer
    Kathleen Connor: HL7 standards & IHE profiles expert
  • Infrastructure
    Reference e-record Model (REM): SAMHSA/OBHITA-developed, MU1 Certified
    VA/Decouteau developed HIMSS demonstration of automated privacy protection
  • S&I Contractor Technical Assistance/Support Request
    Facilitate collaboration with other DS4P pilots and with other participating DS4P experts

Success Metrics

Our long term goal is ubiquitous privacy consent management. Eventually, we plan to fully develop and test a production-ready ACS, as a cost effective way to manage privacy-protected exchange of clinical records for coordination care, for public health reporting, for billing (e.g. es-MD), and for PCAST-like sharing of sensitive records for services. Success metrics for functionality scheduled for this pilot are:
  • Automated Data Tagging (POU, Data Confidentiality, Data Sensitivity) per Classification Scheme
  • Align with Data Segmentation Use Case(s)
  • Demonstrate HIT Policy Committee Metadata Standards
  • Use HL7 security and privacy metadata in a CDA header for C32 envelope
  • Demonstrate compliance with Title 38 Part 1/42 CFR Part 2 required prohibition against re-disclosure notification
  • Demonstrate segmentation of Title 38 Part 1/42 CFR Part 2 protected information in C32 based on tagging sensitive attributes

Reference Documents

Document
Description
DS4P VA/SAMHSA Pilot Demonstration Share Partial - 42 CFR Part 2
DEMO Video DS4P VA/SAMHSA Pilot Demonstration Share Partial - 42 CFR Part 2
DS4P VA/SAMHSA Pilot Demonstration Share Partial - Title 38 Section 7332
DEMO Video DS4P VA/SAMHSA Pilot Demonstration Share Partial - Title 38 Section 7332

Pilot presentation delivered by Mike Davis and Richard Thoreson to DS4P RI/Pilot WG to overview the proposed VA-SAMHSA pilot.

VA-SAMHSA Pilot Requirements Traceability Matrix tracking alignment with pilot to DS4P use cases and implementation guide. Reviewed at DS4P VA/SAMHSA RI/Pilot WG on 11/05/2012

VA-SAMHSA Pilot Requirements Traceability Matrix tracking alignment with pilot to DS4P use cases and implementation guide overview slides presented at DS4P VA/SAMHSA RI/Pilot WG on 10/29/2012.

VA-SAMHSA Pilot Team Sprint 4 Review presented to DS4P RI/Pilot WG on 7/17/2012

VA-SAMHSA Pilot Team Sprint 5 Review presented to DS4P RI/Pilot WG on 7/24/2012

VA-SAMHSA Pilot Team Sprint 6 Review presented to DS4P RI/Pilot WG on 8/13/2012

VA-SAMHSA Pilot Team Sprint 7 Review discussed at the DS4P RI/Pilot WG on 8/27/2012

VA-SAMHSA Pilot Team Sprint Review discussed at the DS4P RI/Pilot WG on 12/11/2012 Note: Please use a browser other than IE to download the mp4 video identified in the second slide.

VA-SAMHSA Decision Log

DS4P RI/Pilot Work Group Meeting slide presented on 09/17/2012


HL7 26th Annual Plenary and Work Group Meeting, September 09-14, 2012, Baltimore, MD

HL7 Conference Document
Description

VA-SAMHSA Pilot Presentation Material

ONC Publication - Data Segmentation for Privacy Pilot Demonstration

U.S. Department of Health & Human Services - Press Release on 09/17/2012
VA/SAMHSA HL7 Conference Pilot Review Recording
Vimeo recording of VA-SAMHSA Pilot Presentation Review at DS4P All Hands Meeting 09/26/2012

VA-SAMHSA Pilot Test Results and Feedback from HL7 conference.

HIMSS 2013 Interoperability Showcase - Data Segmentation Using Healthcare Privacy and Security Labels

Reference Material
Description
VA Produced YouTube Video
Interoperability Demonstration of Data Segmentation for Privacy

Overview of Uses Cases Demonstrated and Instructions to participants.

HL7 27th Annual Plenary and Work Group Meeting, September 20-27, 2013, Cambridge, MA

Reference Material
Description
VA Produced YouTube Video
HL7 Healthcare Classification System integration with HL7 Fast Healthcare Interoperability Resources (FHIR). Applying security labels to FHIR xml streams in real-time to segment and enforce patient consent, organizational, and jurisdictional policies.
HL7 Healthcare Privacy and Security Classification System
HL7 project scope and ballot information.
HL7 Healthcare Privacy and Security Classification System Overview
Mike Davis' tutorial presentation on HCS


PLEASE DO NOT DELETE WIDGET BELOW THIS LINE



Initiative Contacts

Name
Role
Contact Information
Johnathan Coleman
Initiative Coordinator
jc@securityrs.com
Julie Chua
ONC Sponsor
julie.chua@hhs.gov
Zachary May
Project Manager, RI/Pilot Lead
zachary.may@esacinc.com
Amanda Nash
Standards/Harmonization Lead
Standards Development Support Team Lead
amanda.j.nash@accenturefederal.com
Edit Contacts