Download - Nationwide Health Information Network Exchange and the SSA Patient Authorization June 18, 2012
Nationwide Health Information Network Exchange and the
SSA Patient Authorization
June 18, 2012
SSA Background
• Over 3 million initial disability applications a year• Over 15 million requests for medical evidence each
year (3-4 medical records per case)• 500,000 sources: doctors, hospitals, etc• SSA is not a HIPAA covered entity• Require a patient’s authorization to obtain medical
records• Initial Federal Agency on the Nationwide Health
Information Network (NwHIN) Exchange
2
Authorized Release of Informationto a Trusted Entity Use Case
• Use Case Scenario– Social Security Administration requests medical
documentation from a healthcare provider with the patient’s authorization
3
ClaimantClaimant SSA/DDSSSA/DDS ProvidersProviders
File Disability ClaimFile Disability Claim Request EvidenceRequest Evidence
Claim DeterminationClaim Determination Medical EvidenceMedical Evidence
Patient Authorization Patient Authorization
SSA – 827 (Patient Authorization)
• Requestor• Responder• Purpose• Effective Date• Effective Timeframe• Type of Information
Requested• Signed
4
NwHIN Specifications & Standards• Content Structure
– HL7 CDA Release 2 CCD – HITSP C32– HITSP C62– Unstructured Documents (pdf,
txt, doc, tif, jpg, gif, png)
• Vocabulary & Code Sets– ICD-9-CM– Systematized Nomenclature of
Medicine--Clinical Terms (SNOMED-CT)
– Logistical Observation Identifiers names and Codes (LOINC)
5
• Consent Structure– IHE Basic Patient Privacy
Consents
• Transport and Security– Messaging Platform – Authorization Framework – Patient Discovery – Query for Documents– Retrieve Documents– Access Consent Policy
NwHIN Exchange Transaction Flow
6
SSAHealth IT Partner
(NHIE)
1. Patient Discovery Request
9. Query for Documents Request (Clinical Document)
11. Retrieve Document Request (Clinical Document)
12. Retrieve Document Response (Clinical Document)
10. Query for Document Response (Clinical Document)
8. Patient Discovery Response
3. Query for Documents Request (Access Consent)
5. Retrieve Document Request (Access Consent)
6. Retrieve Document Response (Access Consent)
4. Query for Document Response (Access Consent)
2. Access Control
Decision
7. Access Control
Decision
PatientAuthorization
ClinicalDocuments
Security Assertion• Subject ID - MEGAHIT• Subject Organization - Social Security Administration• Subject Organization ID - 2.16.840.1.113883.3.184• Subject Role - SNOMED-CT (106328005) – Social
Worker• Purpose of Use - Coverage• Patient Identifier – encoded per the NwHIN
Authorization Framework specification
7
Authorization Decision Statement
• NwHIN Exchange uses a Authorization Decision Statement to allow an entity to assert the requester should be permitted to execute the transaction based on a specific security policy
• Access Consent Policy and Authorization Framework specifications define the format of the policy
8
Access Consent Policy XDS Metadata
XDS Metadata Value
availabilityStatus urn:oasis:names:tc:ebxml-regrep:StatusType:Approved
classCode 57016-8 (LOINC)
classCode DisplayName Privacy Policy Acknowledgement
confidentialityCode N (Normal)
formatCode urn:ihe:iti:bppc-sd:2007
formatCode codeSystem 1.3.6.1.4.1.19376.1.2.3
healthcareFacilityTypeCode 385432009 (SNOMED CT code for Not Applicable)
mimeType text/xml
practiceSettingCode 385432009 (SNOMED CT code for Not Applicable)
serviceStartTime Effective start date of privacy policy (authorization)
serviceStopTime Effective end date of privacy policy (authorization)
Title AUTHORIZATION TO DISCLOSE INFORMATION TO THE SOCIAL
SECURITY ADMINISTRATION9
Questions
10
For Further Information
• Contact - Marty Prahl at [email protected] - Bob Hastings at [email protected]
11
Reference Materials• NwHIN Exchange Technical Specifications (all of the specifications can be found at
http://www.nationalehealth.org/technical-specifications • Patient Discovery (requestor only) -
http://www.nationalehealth.org/ckfinder/userfiles/files/Technical%20Specs/Patient_Discovery_Production_Specification_v2_0.pdf
• Query for Documents (requestor only) - http://www.nationalehealth.org/ckfinder/userfiles/files/Technical%20Specs/QueryforDocumentsProductionSpecification_v3_0.pdf
• Retrieve Documents (requestor only) - http://www.nationalehealth.org/ckfinder/userfiles/files/Technical%20Specs/Retrieve_Documents_Production_Specification_v3_0.pdf
• Access Consent Policy (responder only) - http://www.nationalehealth.org/ckfinder/userfiles/files/Technical%20Specs/AccessConsentPoliciesProductionSpecification_v1_0.pdf
• Core Capabilities that support the above transactions Messaging Platform -
http://www.nationalehealth.org/ckfinder/userfiles/files/Technical%20Specs/MessagingPlatformProductionSpecification_v3_0.pdf
Authorization Framework - http://www.nationalehealth.org/ckfinder/userfiles/files/Technical%20Specs/AuthorizationFrameworkProductionSpecification_v3_0.pdf
12