Session Name: Data Sharing Policies and Protocols
OHIE18 Event Page -  ohie.org/OHIE18 
Time / Room: 9:30 - 10:30 Faru
Presenter:Brian Dixon; Terry Cullen
Attendees: ( please sign up if  you want to be on a policy workgroup)
    terry cullen.. thcullen@regenstrief.org

What did people want from the session:
  1. standard approach to sharing

  2. security within /for OpenHIE

  3. data sharing policies /data exchange/ data sharing template

  4. MoH guidance

  5. what are the 'best practices' that can be evaluated and re-used

  6. what is the/ a policy development process that can be invoked

  7. what are the policy gaps (TC added this) 

 

Notes:
  • Introduction and desired outcomes for the session
  • Not everything is going to be addressed unfortunately
  • Tech implementation usually runs ahead of policy
  • Nobody is doing data sharing policies very well in our review of the data policies and procedures 
  • India just published national guidelines, link to be provided by Terry
  • india is assuming the development of a 'policy engine' and policy repository 
  • Most countries assume that a patient presenting for treatment counts as consent to use data, very few implement explicit patient consent systems
  • There has been some work on creating a standard template for consent forms
  • Robust consent forms have granular selection of data usage (e.g. Clinical care, research, 3rd party health systems, clinical quality and dta aggregation)
  • Countries involved have all signed consent to use the contents of this resource
  • Brian's presentation
  • work is based on trust 
  • framework for governance 
  • governing body
  • policies and procedures
  • data sharing agreements
  • procedures:
  • Tech ops: to say how the organization will manage the data center where data willbe stored 
  • keep data safe, show the process management to the partners 
  • purpose of use and users:
  • define the use cases, permitted purposes
  • identify permitted users and their roles; it will allow to know who to give data access 
  • P&P documentation:
  • governance charter, partners to agree to share data for specific use cases, data sharing agreement 
  • How to keep data confident, secured and accessible at the same time
  • Clinical team has access to admitted patient's data for 72 hours
  • 6 mths for patient who scheduled appointment with GP
  • and 3mths to nurse epidomiologists for patient with notifiable disease
Questions:
  1. how do you engage citizens
    1. have people on the governing board
    2. public advertisement- here is what we do and why it is important
    3. 'lay people' have some concerns about sharing my data
  2. monitoring for appropriate use
    1. specific queries that have been developed
    2. patients can get transcribed auditlog for their patient data use (and notification to partners that a patient has requested it)
    3. thresh holds of queries and use of the data
  3. opting out of the HIE
    1. if you opt out, you dont get any data shared 
    2. granular access is tricky (patients dont want to give access to specific data information sets) 
  4. phased approach to patient consent
    1. how do we atart a consent maturity process
    2. not necessary because patients 'are happy to get care'
    3. health sector
      1. legal framework and policy network
      2. implement from where the patient is
      3. information security- less granluar and then move and evolve over time
  5. legislation that reflects the reality of where we are
    1. maturity model that is developed
  6. lag in policy- 'pilot policy' development and evaluation
    1. test and implement policies 
    2. use cases
  7. what is our responsibility as HIS people
    1. policies, procedures, governance and security- policies may be delayed as the technology advances
  8. HIPAA/GDPR- and what to do with GDPR
    1. comparison of GDPR and HIPAA
  9. Policies developed-- who is policy meant for? (guidance and how we learn/how to move forward) 
    1. usually not based on reality
    2. organizational capacity/reality (institution that starts implementing)
    3. patient and infrastructure- doesnt allow things to happen
    4. use this within an entire health system context

 

    Next Steps:
  1. balance practical experiences with the realities on the ground

    1. practical guidance to countries

    2. looking at what is available; different laws and studies

    3. implement and learn from the guidance

    4. risks and risk assessment/ risk tolerance 

  2. cross border sharing of data

  3. how do we help each other move forward

    1. what is everyone doing and how are they implementing it

    2. what are the best practices 

  4. capability maturity model that is based on reality

    1. where are we, and how do we move forward 

SIGN UP FOR MORE INFO/COMMS:
    
Daniel Futerman (daniel.futerman@jembi.org)
  • No labels

This work is licensed under a Creative Commons Attribution 4.0 International License.