Identity-Enabled Patient Consent Management

Mark Dixon — Thu, 28 Jan 2010 22:47:27 +0000

Last Thursday, January 21st, I gave a presentation at the Sun Horizons conference, “Healthcare Integration Through a New Perspective.” The title of my talk was “Identity Management: Securing Information in the HIPAA Environment.” I explored how the complementary functionality of Identity Management and Master Patient Index technologies can enable effective Patient Consent Management, a vital requirement for online health information networks.

A copy of my presentation deck is available for download here.

At the heart of my the presentation was the following diagram, which illustrates major components required in a Patient Consent Management system:

A brief explanation of key components follows:

Identity and Role Repository

IAM technology and methods provide the foundation for an effective patient consent management system. An Identity and Role Repository contains Identities, roles and access control credentials necessary to support the consent system. This repository includes:

Patients
Providers
Access Rights
Roles (map business responsibilities to access rights)
Override Rights (Only users with specific roles can perform override without consent)

Consent Registry

A consent registry is required to specify what permissions have been granted by patients, within the allowable limits specified by each applicable jurisdiction. Some of the key attributes include:

Consent Permissions for

Patients
Organizations
Users

System-wide mask (everyone)
Fine gained access
Include or exclude attributes
Accommodation for multiple jurisdictions

Master Patient Index

A Master Patient Index enables correlation of patient data across multiple repositories. This is essential because patient records are typically help in multiple locations. In other cases, if patient records exist in the same physical data warehouse, they are often logically separated.

Federated Data Access

If patient data is located in physically or logically separate locations, Federated data access controlled allows access across domain boundaries without compromising the privacy or integrity of individual patient record repositories.

Data Access Services

By providing a set of centralized data access services governed by IAM, the Consent Registry and the Master Patient Index, a secure method of patient data access is possible.

Technorati Tags: Identity, IdentityManagement, Healthcare, PatientConsent, MasterPatientIndex

Identity Management: Securing Information in the HIPAA Environment

Mark Dixon — Fri, 15 Jan 2010 22:53:56 +0000

Next Thursday, January 21st, I will be giving a presentation at the Sun Horizons conference, “Healthcare Integration Through a New Perspective.” My topic will be “Identity Management: Securing Information in the HIPAA Environment,” I will explore how the complementary functionality of Identity Management and Master Patient Index technologies can enable effective management of Patient Consent Management, a vital requirement for online health information networks.

If you would like to discuss the topic or meet me in Washington, DC, please drop me a line. After the event, I’ll post my presentation deck for review.

Technorati Tags: Identity, IdentityManagement, DigitalIdentity, HIPAA, ConsentManagement, MasterPatientIndex

Discovering Identity » MasterPatientIndex

Identity-Enabled Patient Consent Management

Identity Management: Securing Information in the HIPAA Environment