© 2011 The MITRE Corporation. All rights Reserved.Approved for Public Release 11-0953. Distribution Unlimited.
The MITRE Corporation
Peter Mork, PhD
Kairon: Granular Patient Consent Management
1
© 2011 The MITRE Corporation. All rights Reserved.Approved for Public Release 11-0953. Distribution Unlimited.
2
■ MITRE:– Private, independent non-profit organization– Chartered to work solely in the public interest– Provide support to governmental sponsors– Four Federally Funded Research and Development Centers
■ MITRE Research:– Internal competition– Approximately 6% of revenue (provided by FAR)– Targeted to specific focus areas, including health care– Advances technologies for transition to public and private sectors
About MITRE Research
© 2011 The MITRE Corporation. All rights Reserved.Approved for Public Release 11-0953. Distribution Unlimited.
Consent Research
Request Server
Record Holder Server
EHR
Browser
Consent Server
Consent DB
Policy Reasoner
Policy Enforcer
3
© 2011 The MITRE Corporation. All rights Reserved.Approved for Public Release 11-0953. Distribution Unlimited.
4
Objective: Efficient Consent Management
■ Globally Accessible by:– Patients and
– Record Holders
■ Intuitive User Interface
■ Platform Adaptable
■ Modular Design adapts to:– Technology or
– Legal Changes
Consent Directive Analysis Model
Privacy Policy Reference
Consent specifications- allow/disallow action- purpose of consent- effective period- additional conditions
Information Sender-OrganizationInformation Receiver
- Role- Identity
Health Information Affected- Related to a diagnosis- Data Sensitivity- Coverage Type- Type of information (e.g., lab, rx)
Medical Record Reference- Patient Identification- Medical Record Identification
Action Specification- hierarchy of operations applied to information
Consent Directive Form
© 2011 The MITRE Corporation. All rights Reserved.Approved for Public Release 11-0953. Distribution Unlimited.
7
Mobile App Interface
© 2011 The MITRE Corporation. All rights Reserved.Approved for Public Release 11-0953. Distribution Unlimited.
John Smith’s Privacy Preferences
Recipient Purpose Allowed Types
Disallowed Topics
Primary Care Provider = Dr. Blass
Treatment Any None
Drs. referred byDr. Blass
Treatment Allergies, Medications
Mental Health
Any Research Not Imagery PII, Mental Health
8
© 2011 The MITRE Corporation. All rights Reserved.Approved for Public Release 11-0953. Distribution Unlimited.
Preference Simplification(through Rule Minimization)
Allow
Direct Care Providers
X = Primary Care
Provider
Referral fromX to
RecipientPurpose =Treatment
Allowed Categories
Medications
Allergies
¬ Mental Health
Purpose =Treatment
Dr. Blass
Research
Purpose =Research
Anonymized
¬ Imagery
¬ Mental Health
Dr. Walsh:
Purpose = Treatment
(Medications or Allergies) and not Mental Health
9
© 2011 The MITRE Corporation. All rights Reserved.Approved for Public Release 11-0953. Distribution Unlimited.
Rewritten Preferences
10
<AND> <OR> <String-is-in(‘medication’, Select(datatype))/> <String-is-in(‘allergy’, Select(datatype))/> </OR> <String-is-in(‘NOT-mental-health’, Select(topic)))/></AND>
Blass Walsh Nelson
Treatment Any (Allergies or Medications) and
NOT Mental Health
None
Research NOT Imagery, NOT PII and NOT Mental Health
© 2011 The MITRE Corporation. All rights Reserved.Approved for Public Release 11-0953. Distribution Unlimited.
Consent Form CDA Document
• Produced by the form
• Conforms to the Implementation
Guide
© 2011 The MITRE Corporation. All rights Reserved.Approved for Public Release 11-0953. Distribution Unlimited.
Electronic Consent Directive: CDA Document (rendered as HTML)
© 2011 The MITRE Corporation. All rights Reserved.Approved for Public Release 11-0953. Distribution Unlimited.
13
Sample Response
© 2011 The MITRE Corporation. All rights Reserved.Approved for Public Release 11-0953. Distribution Unlimited.
14
■ Peter Mork, PhD– [email protected]– 703-983-1465
■ Jean Stanford– [email protected]– 301-814-4934
■ Source Forge Site:– http://kaironconsents.sourceforge.net/
Contacts
© 2011 The MITRE Corporation. All rights Reserved.Approved for Public Release 11-0953. Distribution Unlimited.
15
Backup Slides
© 2011 The MITRE Corporation. All rights Reserved.Approved for Public Release 11-0953. Distribution Unlimited.
16
Sample Consent Form
© 2011 The MITRE Corporation. All rights Reserved.Approved for Public Release 11-0953. Distribution Unlimited.
17
Trust
• Relationships
• Delegation
Constraints on Consent
Legal
• HIPAA / Privacy Act
• State Laws
Compliance
• Auditing
• Enforcement
Authentication
• Credentials
• Identity Management
© 2011 The MITRE Corporation. All rights Reserved.Approved for Public Release 11-0953. Distribution Unlimited.
Implementation Landscape
Policy MaturityAccepted Practices Inchoate
Tech
nic
al C
om
ple
xity
Lo
wH
igh
Preemptory Access
Patient Review & Approve
Integrate with State Mandates
Intelligent Redaction
Credential Matching
Eliciting Patient Preferences
Automated Enforcement
Implemented
Grand Challenges
Under Development
Integrate Care Relationships
Audit
18