DOC

Recommendation for HL7 RIM Change

By Calvin Austin,2014-10-29 19:32
8 views 0
Recommendation for HL7 RIM Change

High-Level Overview of the Health Level Seven (HL7) Consent related

    vocabulary including Confidentiality Codes

The HL7 v3 confidentiality code vocabulary is a “structured code set” designed to restrict

    access to healthcare information. The confidentiality codes can be used to associate consent directive rules relating to privilege and access permission rights with document, message, record, and data element level metadata. The application of the codes enables organizations within a HIE to establish a uniform vocabulary that can be referenced to restrict information access by context, role, rule, permission, purpose, information type and patient type through a structure terminology that can be convey through consent directive rules at a granular level for various types of artifacts. The confidentiality vocabulary is leveraged to declare cross-domain policies that apply special access requirements and requires the vocabulary to manage and enforce relative validation of access requirements for data marked with specific sensitivity attributes. Confidentiality codes can be applied in various situations to protect information by:

    - Restricting access based on the specific role of the requestor

    - Restricting access by the patient’s consent directive

    - Restricting access by the type of information (general access directives)

HL7 concept domains include:

    ; ConfidentialityCodes,

    ; ActInformationCategoryCode,

    ; ActInformationAccessType,

    ; ActInformationAccessContextCode,

    ; AuthorizedParticipationFunctionCode,

    ; ActPolicyType,

    ; ActConsentType, and

    ; ActMaskableCode.

Recommendation for HL7 RIM Change (continued)

     RECOMMENDATION ID: Recommendation for HL7 RIM Vocabulary

    March 2007 For Harmonization During: CO6-0082

    Financial Management Sponsor’s Draft: Sponsored by: v.2 2-19-07

    row 43 Date Approved by Sponsor: <> Sponsor’s Status

    Editor/ Author: Kathleen Connor

    New confidentialityCodes PROPOSALNAME:

     Class Model Change Structural Vocabulary Change

     Datatypes Change Other Vocabulary Change

SUMMARY RECOMMENDATION

    POSITION OF CONCERNED ORGANIZATIONS:

     ORG RECOMMENDATION APPROVAL STATUS AFFECTED ELEMENTS OF INTEREST TO ORG FM TC Pending FICR Release 2

    FIAB Release 2

    FICO

ISSUE:

    Current confidentialityCode hierarchy needs more codes.

    CURRENT STATE:

OPTIONS CONSIDERED:

Recommendation for HL7 RIM Change (continued)

RATIONALE:

RECOMMENDATION DETAILS:

New codes are shaded

Type L Code Print Name Definition

    VOCABULARY Values that control disclosure of information. Example: 1 Confidentiality

    DOMAIN Normal, restricted, substance abuse related. Code

    Systems: Confidentiality (2.16.840.1.113883.5.25)

    Value Set: Confidentiality

    Used in attributes:

    Act.confidentialityCode Role.confidentialityCode

    ABSTRACT 2 ConfidentialityByABy accessing subject / role and relationship based rights VALUE SET ccessKind (These concepts are mutually exclusive, one and only

    one is required for a valid confidentiality coding.)

    CODED 3 B business Since the service class can represent knowledge CONCEPT structures that may be considered a trade or business secret, there is sometimes (though rarely) the need to

    flag those items as of business level confidentiality.

    However, no patient related information may ever be of

    this confidentiality level.

    CODED 3 L low No patient record item can be of low confidentiality. CONCEPT However, some service objects are not patient related and therefore may have low confidentiality.

    ABSTRACT 2 ConfidentialityRelaAccess restrictions placed on a record of health VALUE SET tedToHealthInforminformation

    ation

    CODED 3 D clinician Only clinicians may see this item, billing and CONCEPT administration persons can not access this item without special permission.

    CODED 3 I individual Access only to individual persons who are mentioned CONCEPT explicitly as actors of this service and whose actor type warrants that access (cf. to actor type code).

    CODED 3 N normal Normal confidentiality rules (according to good health CONCEPT care practice) apply, that is, only authorized individuals with a legitimate medical or business need may access

    this item.

    SPECIALIZABLE 3 R restricted Restricted access to a record.

    VALUE SET

    CODED 4 RD Restricted by Access to a record is restricted by the provider because CONCEPT provider of potential harm to the patient or third parties.

    SPECIALIZABLE 4 CDA Restricted by Access to a record is restricted per the subject’s consent VALUE SET consent directive directive.

    CODED 5 MA Masked access Access to a record is restricted to users or roles specified CONCEPT by the subject of the record. Users who are not authorized to access the record will not be notified that

    the record is masked. Organizational policy or

Recommendation for HL7 RIM Change (continued)

    jurisdictional law may specify conditions under which

    locked restriction on access may be overridden.

    CODED 5 FMA Flagged Masked Access to a record is restricted to users or roles specified CONCEPT access by the subject of the record. However, users who are not authorized to access the record will be notified that

    the record is masked. Organizational policy or

    jurisdictional law may specify conditions under which

    locked restriction on access may be overridden.

    CODED 5 L Locked access Access to a record is restricted to author and subject of CONCEPT the record. Organizational policy or jurisdictional law may specify conditions under which locked restriction

    on access may be overridden.

    CODED 5 SSA Shared secret Access to a record is restricted to users to whom the CONCEPT access patient has shared a secret password or token that unlocks the sealed or masked record. Organizational

    policy or jurisdictional law may specify conditions

    under which shared secret restriction on access may be

    overridden.

    SPECIALIZABLE 5 RBA Role-based access Access to a record is restricted to users playing specified VALUE SET roles, e.g., members of a care team, provider with direct

    care relationship

    CODED 6 CT Care team access Access to a record is restricted to a group of providers CONCEPT coordinating a direct care relationship to the patient.

    CODED 6 DCR Direct care Access to a record is restricted to provider with direct CONCEPT provider access care relationship to the patient.

    CODED 5 UBA User based access Access to a record is restricted to identified users.

    CONCEPT

CODED 5 CBA Context based Access to a record is restricted by security relevant

    CONCEPT access properties of the context in which an access request occurs, e.g, explicit time, location, route of access, and

    quality of authentication. For example, access restricted

    to emergencies when the patient is unable to grant

    consent.

    CODED 4 V very restricted Very restricted access as declared by the Privacy Officer CONCEPT of the record holder.

    ABSTRACT ConfidentialityByIBy information type, only for service catalog entries VALUE SET nfoType (multiples allowed). Not to be used with actual patient

    data!

CODED ETH substance abuse

    CONCEPT related Alcohol/drug-abuse related item

    CODED HIV HIV related HIV and AIDS related item

    CONCEPT

CODED PSY psychiatry related Psychiatry related item

    CONCEPT

CODED SDV sexual and Sexual assault / domestic violence related item

    CONCEPT domestic violence related

Recommendation for HL7 RIM Change (continued)

CODED A alternative lifestyle Information related to a subject’s choice of alternative

    CONCEPT religious or philosophical beliefs, personal relationship or family structures; or sexual orientation that the

    patient does not wish to have disclosed

    ABSTRACT ConfidentialityModModifiers of role based access rights (multiple allowed)

    VALUE SET ifiers

CODED C celebrity Celebrities are people of public interest (VIP) including

    CONCEPT employees, whose information require special protection.

    CODED S sensitive Information for which the patient seeks heightened CONCEPT confidentiality. Sensitive information is not to be shared with family members. Information reported by the

    patient about family members is sensitive by default.

    Flag can be set or cleared on patient’s request.

    CODED T taboo Information not to be disclosed or discussed with patient CONCEPT except through physician assigned to patient in this case. This is usually a temporary constraint only, example use

    is a new fatal diagnosis or finding, such as malignancy

    or HIV.

DISCUSSION:

    << OPTIONAL - Any additional information needed to understand, evaluate or implement the recommendation, such as model fragments or other context that demonstrates use of the requested change. Include implications.>>

Report this document

For any questions or suggestions please email
cust-service@docsford.com