Академический Документы
Профессиональный Документы
Культура Документы
Department of Health and Human Services
Office of the National Coordinator for Health Information Technology
Consumer Preferences
Draft Requirements Document
October 5, 2009
Consumer Preferences Draft Requirements Document
Table of Contents
1.0 Preface........................................................................................ 3
1.1 Approach ..................................................................................................................... 3
1.2 Document Overview ......................................................................................................... 3
1.3 Requirements Document Review Guidance ................................................................................ 5
1.0 Preface
1.1 Approach
Recognizing that the creation and exchange of consumer preferences is a highly sensitive
and complex topic, the Office of Interoperability and Standards (OIS) has amended its
approach to developing the Requirements Document (formerly known as a Use Case) to
ensure a more coordinated and collaborative process between requirements development
and standards harmonization. This updated approach includes gaining input from a greater
number of stakeholders and greater collaboration across Office of the National Coordinator
for Health Information Technology (ONC), the Healthcare Information Technology Standards
Panel (HITSP) and the Nationwide Health Information Network (NHIN) for developing the
requirements that may inform future development of certification criteria, including those
for electronic health records (EHRs) and health information exchange (HIE).
Policies surrounding consumer preferences are expected to evolve over time. This
document will enable standards development organizations to harmonize standards in a
manner that will accommodate potential future policy decision outcomes. This
Requirements Document is designed to be forward thinking and highlights both a
progressive current and future state scenario that is supported by electronic systems.
1.2 Document Overview
OIS has refined the development process and format of the Requirements Document, to
improve the facilitation of the standards development and harmonization process. This
Requirements Document is focused on information needed to facilitate the electronic
exchange of consumer preferences regarding the use and management of their associated
health information. The 2009 Consumer Preferences Requirements Document is divided
into the following sections:
• Section 2.0, Introduction and Scope, describes the background, progress to date, the
request being made to HITSP and the scope of that request.
• Section 3.0, Stakeholders, lists the individual stakeholders and organizations that
participate in the activities described in this Requirements Document.
• Section 4.0, Issues and Policy Implications, describes issues, obstacles and policy
considerations and/or implications related to accommodating and supporting
consumer preferences.
• Section 6.0, Process Diagrams, depicts the business processes surrounding consumer
preferences that may or may not involve health information exchange; the process
diagrams are described in the Events and Actions component of this section.
• Section 7.0 Information Exchanges; depicts the focused information exchanges that
standards development organizations should address.
• Section 8.0, Functional Needs, describes the combination of end-user needs and
system behaviors that support interoperability and information exchange.
1.3 Requirements Document Review Guidance
The Consumer Preferences Requirements Document describes a framework for the
electronic exchange among multiple stakeholders of the preferences consumers may have
regarding the management of and controlling access to their information and potentially
sensitive health information (SHI) utilizing standard message formats, terminologies and
data sets (further defined in Sections 2.0 and 9.0). Further, it is intended to support
current and future health information exchange activities as these concepts and associated
terminologies evolve.
In order to best support multiple stakeholders, guidance on how to review this document is
included below. The guidance highlights the sections that may be most pertinent to a given
stakeholder. These sections can be utilized separately or in combination.
2.0 Introduction
As the healthcare system moves toward the adoption of electronic health records, the need
to protect the privacy of health information and promote security is paramount. In
accordance with the American Recovery and Reinvestment Act of 2009 (ARRA), which
includes the Health Information Technology for Economic and Clinical Health (HITECH) Act,
privacy and security protections are essential to building public trust and encouraging the
use of Health Information Technology (HIT). Without appropriate protections, consumers
may be less willing to participate in information exchange and the benefits of an
electronically enabled healthcare delivery system may not be fully realized.
The electronic exchange of consumer preferences is an integral step on the path towards
enhanced privacy, security and public trust in the exchange of health information.
For the purposes of this document, the term “consumer preferences” is used to collectively
represent several interrelated capabilities including, but not limited to:
• the ability for a consumer to define permissions for who is permitted to access
information in their electronic health record (EHR) and under what circumstances
this access is appropriate,
• the ability for consumers to express preferences regarding how and under what
circumstances their health information should or should not be made available to
others by their healthcare providers;
• the ability for consumers to authorize the release of their health information to
another provider or third party; and
• the ability to establish various types of consumer preferences including but not
limited to consents, advance directives and other potential types outlined in Section
9.0, Data Set Considerations.
The identification and harmonization of standards for exchanging consumer preferences will
create a foundation which may facilitate and encourage consumers to participate in health
information exchange activities, to authorize the release of their data and to determine what
information should be released to a specialist, hospital, personal health record (PHR), a
surrogate such as a Medical Home or a health record bank. While different consumer
preferences may be applicable in different jurisdictions and settings, a standardized
approach to the exchange and use of those preferences will support common HIT
implementations as well as interactions between disparate organizations.
2.1 Progress to Date
In April and June of 2008, the American Health Information Community (AHIC) approved a
recommendation to develop documents that address Extensions/Gaps from the Use Cases
published between 2006 and 2009. One of the Extensions/Gaps prioritized for subsequent
processing in the national health information technology (HIT) agenda activities in early
2009 was consumer preferences. AHIC requested that the 2009 Consumer Preferences
Extension/Gap address the electronic exchange of information describing consumer
preferences between consumers, healthcare providers, healthcare entities, entities involved
in health information exchange activities and with other entities as authorized by the
consumer.
In the development of this Requirements Document the AHIC priorities, 2009 Consumer
Preferences Extension/Gap and other previous publications were referenced. This Consumer
Preferences Requirements Document will provide further context for the national health
information technology agenda activities, beginning with the selection of harmonized
standards by HITSP. Therefore, this Requirements Document is intended to expand upon
the Consumer Preferences Extension/Gap Document that was published in early 2009.
In subsequent activities, the harmonized standards will be tested, refined and implemented.
Components that need to be considered during the standards identification and
harmonization activities include a standardized vocabulary, data elements, data sets and
technical standards that support the information needs and processes of consumers and
those involved in implementing consumer preferences. During the development of the
document there will be an opportunity for review and feedback by interested stakeholders
within both the public and private sectors.
To date, neither the ONC Coordinated Federal Health IT Strategic Plan, nor the national
health information technology agenda, including the activities of AHIC and HITSP, has
formally addressed all of the interoperability considerations for the communication of
consumer preferences to support the goal of patient/consumer focused healthcare and
population health.
Therefore, the purpose of this document is to support the ONC Strategic Plan and the
national HIT agenda related to standards development and harmonization process by
describing business processes, information exchanges, stakeholders, functional
requirements, issues and policy implications involving consumer preferences.
Previously published AHIC Use Cases and HITSP work products should also be leveraged
during standards harmonization for this Requirements Document.
• The 2006 Consumer Empowerment – Registration and Medication History Use Case
describes the needs for a consumer to be able to establish permissions and access
rights for viewing their data;
• The 2007 Consumer Access to Clinical Information Use Case describes the needs for
a consumer to identify those providers who are permitted to access information in
the consumer’s PHR and what data they are permitted to access. Also describes the
capabilities needed to communicate a consumer's decisions to other entities which
also hold data about the consumer.
2.2 Scope
The Consumer Preferences Requirements Document describes a framework for the
electronic exchange among multiple stakeholders of the preferences consumers may have
regarding the management of and controlling access to their information and potentially
sensitive health information (SHI) utilizing standard message formats, terminologies and
data sets. The scope of this Requirements Document includes a high-level description
detailing:
• Key actors involved in the expression and creation of consumer preferences, namely
the consumers, providers and organizations handling this information
• Descriptions of the expression, transmission and application of consumer preferences
• How consumer preferences are exchanged between electronic systems
• The exchange of health information authorized by a consumer preference
• The potential types of consumer preferences
• The location of a consumer preference’s origin and storage
Certain aspects of the handling of consumer preference data are outside of the scope of this
document including:
• The details surrounding consumer education processes and requirements
• The process for reconciling situations where multiple, conflicting preferences exist for
one consumer/patient
• Policies regarding whether or not a consumer preference is expected to be honored
or accepted when sent from one entity to another
• The consequences of not following appropriate consumer preference procedures as
prescribed by state, local or entity policy
• The process and requirements for classifying and segmenting an individual’s
demographic and clinical information in a way that supports that individual’s
expressed preferences regarding what information or data types should be
designated as sensitive health information
• The mechanics of consumer auditing and tracking of this information, which has been
addressed in the 2007 Consumer Access to Clinical Information Use Case
These out-of-scope issues may best be handled by laws in particular jurisdictions, policies
the entities sending or receiving this information and, in some cases, by the Department of
Health and Human Services (HHS).
The policies for supporting consumer preferences are expected to evolve in the coming
years, which will necessitate the leverage and expansion of current standard to support
evolving needs.
At the highest level, consumers, require the capability to “opt in” or “opt out” of the
exchange of their health information. Consumers may also request that only certain
information, episodes of care or classes of information be shared. These classes of
information could be classified at varying levels of granularity. Defining the needed levels of
granularity is not the main focus of this Requirements Document.
For the purposes of organizing consumer preference information for increased levels of
granularity, the information may be broadly classified. Section 9.0 of this document (Data
Set Considerations) discusses classification in greater detail.
This Requirements Document focuses on processes, functional needs and data set
considerations relating to consumer preferences in order to help in the development of
standardized data exchanges. The Office of Interoperability and Standards (OIS)
acknowledges that there are still key policy issues which need to be defined and developed
in the area of consumer preferences. While these policy decisions are beyond the scope of
this document, the implications of these policy decisions will be addressed in Section 4.0 of
this document (Issues and Policy Implications).
3.0 Consumer Preferences Stakeholders
Examples of stakeholders that may be directly or indirectly involved in the exchange of
consumer preference information are listed below. Contextual descriptions of each type of
stakeholder can be found in the Glossary (Appendix A).
Additional Stakeholders
Research Entities
4.0 Issues and Policy Implications
A number of issues in today’s health information technology environment may present
obstacles to achieving healthcare data standardization and interoperability. Many issues
and policy implications common to all exchanges of health information were presented and
discussed within the 2006 – 2009 AHIC Use Cases. Examples of specific issues and
obstacles more specifically related to exchanging consumer preferences are outlined below.
4.1 Consumer Participation
1. Additional guidance from ONC may be needed in the area of consumer participation in
electronic health information exchange. A national policy may be needed to address
the variations in policies regarding opt-in/opt-out, classifications and granularity
requirements across health information exchanges and healthcare organizations. The
variations could make integration and the implementation of electronic exchange of
consumer preferences more difficult.
4.2 Consumer Education
1. For the optimal execution of consumer preferences, consumers must understand the
content of their electronic health record, their rights regarding the protection and use
of their information and the implications of disclosing or not disclosing their medical
information.
4.3 Access, Control and Disclosure
1. While consumers may express preferences for who can view and exchange their
personal health information, privacy controls as well as the means for restricting data
access are not standardized nor are they entirely supported by existing policies or
regulations. In addition, the policies and regulations that do exist vary widely from
state to state and among providers and healthcare entities.
3. A clear standard or policy may be needed to identify that a category or type of data
has been withheld due to the expression of a consumer preference. There may be a
need to communicate this event without specifying the category or type of data that
has been withheld.
4. Information sharing and access policies are not standardized among providers or HIEs
and may present challenges to interoperability regarding conflicts that arise.
5. Additional policy guidance may be needed to address the use of health information
data after it has been received or generated by a covered entity. Protections to
individually identifiable health information (policy and technical) may be required to
ensure that consumers are informed of and approves any secondary uses of their
health information.
8. Currently states have differing “break the glass” access regulations and restrictions.
Standardized guidance may be required to establish “break the glass” protocols that
can be consistently interpreted across state lines.
4.4 Segmentation of Health Information
1. Clarification may be needed for consumers to explain the protections relating to and
the differences between Sensitive Health Information (SHI), Protected Health
Information (PHI) and Individually Identifying Health Information (IIHI). A national
discussion that explores the definition of sensitive health information and how that
information might be classified would help to advance the meaningful creation and
use of standards and policies for identifying and managing these different classes of
information.
4.5 Liability and Accountability
1. Additional guidance may be needed to reconcile and resolve situations where
consumer preferences are in conflict. Situations may arise from consumers providing
multiple preferences or state laws may override or conflict with a consumer’s
preference.
3. Laws, policies and procedures regarding liability, oversight and accountability may
need to be established or standardized for handling breaches of consumer
preferences.
4. State laws regarding consumers’ ability to limit access to their health information to a
specific person, practitioner or department within a healthcare organization vary
widely. Additional policies may be needed to clarify this issue.
5. Providers have expressed concerns regarding potential liabilities they may assume in
instances where their patients withhold some portion of their health information.
Further discussion around potential policy approaches to addressing this issue is
warranted.
6. Entities may enforce policies which dictate the acceptance or honoring of consumer
preferences provided by other organizations or entities. These internal policies may
be subject to federal, state and local law, which may hinder the electronic exchange
of consumer preferences.
5.0 Perspectives & Scenarios
This section describes the actors participating in the events, their roles or perspectives and
their actions in the context of the underlying scenarios. These scenarios are supported by
the Process Diagrams (Section 6.0) and Information Exchanges (Section 7.0).
• The Process Diagrams (Section 6.0) outline the business processes surrounding
consumer preferences, which include descriptions of events and actions.
• The Information Exchanges (Section 7.0) compliment the process diagrams and
are meant to express the focused information exchange events that HITSP should
address.
5.1 Perspectives/Roles:
• Consumer: Any recipient or legal proxy of a recipient of healthcare who wishes to
create preferences regarding aspects of their care and how their health-related
information (HRI) is accessed or shared.
• Primary Receiving Organization: Any organization (provider, information
exchange or other information recipient) who receives and may act on or manage a
consumer preference and its related health information.
• Secondary Receiving Organization: Any organization (provider, information
exchange or other information recipient) who receives from another organization and
may act on or manage a consumer preference and its related health information.
5.2 Scenarios
Figure 5.2 Consumer Preferences Scenarios
6.0 Process Diagrams
This section depicts the business processes surrounding consumer preferences and not necessarily information exchanges; the
process diagrams are described in the Events and Actions component of this section.
6.1 Scenario 1: Creation of a Preference
Figure 6.1 Scenario 1: Creation of a Preference Process Diagram
Consumer
Organization
Receiving
Primary
Organization
Secondary
Receiving
6.2 Events and Actions for Scenario 1: Creation of a Preference
Code Event Perspective
Action Description
6.1
Event: Provide Education
Primary Receiving Organization
Materials
6.1.1
Action: Primary receiving In order for consumers to make informed choices regarding their
organization provides educational preferences for the classification and handling of their health-
materials to the consumer related information, they may need to be educated regarding their
choices and the content of their EHR. The primary receiving
organization may need to provide educational materials to
consumers prior to the expression of their preferences explaining
the choices they could make regarding the sharing or sequestering
of information they might consider sensitive as well as information
that may be pertinent in the delivery of their healthcare. This
information may be in the form of printed documents, videos, on-
line or live interactive sessions. The details of the delivery and
content of this information will likely vary from state to state and
from organization to organization.
6.2
Event: Receive/Review Consumer
Education Materials
6.2.1
Action: The consumer receives In order to make informed choices regarding their preferences for
and reviews the education handling their health-related information, the consumer may need
materials before creating a to acquire some level of education, likely provided by their
preference with the primary healthcare provider, PHR or HIE. This step may need to precede
receiving organization any specific decisions or actions taken by the consumer in
expressing their preferences for handling their HRI. The details of
the delivery and content of this information will likely vary from
state to state and from provider to provider.
6.3.1
Action: Provider has a discussion The consumer may have a discussion regarding the choices and
with the consumer to provide mechanisms available for expressing their preferences for handling
assistance with consumer their health-related information. The primary receiving
preference choices organization may provide a medical professional or counselor to
discuss these choices which may help the consumer make
appropriate informed decisions.
Note: This action is out of scope
6.4
Event: Identity Verification Consumer + Primary Receiving Organization
6.4.1
Action: Consumer’s identity is Prior to interacting with the primary receiving organization’s
verified by the primary receiving electronic system, the consumer must be positively identified within
organization that system. The authentication process takes place within the
providing entity and must be completed before the consumer can
express their preferences.
6.5.1
Action: Consumer decides to The consumer decides, after sufficient education and discussion, to
express preferences express their preferences. The consumer expresses their
preferences from the available choices regarding the sharing of
pertinent medical information. The options the consumer has
regarding what information can be restricted and with whom the
information should or should not be shared may be different
depending on the state and the provider organization. There are
multiple technical mechanisms by which the preferences may be
exchanged. These mechanisms are described in the following
alternative actions and correspond to information flows 1a through
1e as depicted in Section 7.0, Information Exchanges. Each of the
following alternatives is dependent on positive identification and
authentication of the consumer or the recipient or legal proxy of a
recipient of healthcare.
6.5.1.1
Alternative Action: Consumer If the consumer has a PHR or other patient-controlled repository,
preferences expressed via a PHR they may express the preferences directly into the PHR. These
preferences can then be shared from the PHR in various ways which
are described in section 6.5.1.3 and 6.5.1.4. The consumer may
have set these preferences prior to, during or subsequent to an
encounter with a primary receiving organization.
6.5.1.2
Alternative Action: Consumer The consumer may express their preferences via a provider’s EHR
preferences expressed via a system. This process may be accomplished either by the provider
provider’s EHR entering information directly into the system or by the consumer
filling out a paper form. The information on the form is then
transferred to the provider’s system by a representative from the
provider’s organization.
6.5.1.3
Alternative Action: Consumer This alternative aligns with activities described in section 6.5.1.1.
preferences exchanged through Once the preferences have been expressed and stored on the
direct connection between PHR consumers PHR, the PHR may be connected directly to the
and provider’s EHR provider’s EHR system and the preferences previously set may be
exchanged directly between those two systems.
6.5.1.5
Alternative Action: Consumer In this alternative, the consumer preferences are shared directly via
preference is shared via an an information exchange. The information may be entered directly
information exchange via a web portal to the information exchange or it may be first
expressed on the provider’s EHR and then sent to or through an
information exchange.
6.5.2
Action: Consumer decides not to In some instances the consumer specifically decides against
express preferences expressing any preference. When this choice is made, the primary
receiving organization must act on that information and assign its
own default consumer preference profile to that particular
consumer. The default profile may vary from entity to entity as
well as from state to state.
6.5.3
Alternative Action: Expression of In some instances, a desired preference option may not be
consumer preferences is not available – either because the technology is not available or
available because a particular provider chooses not to offer this option to the
consumer. In this situation, the primary receiving organization
must act on that information and assign its own default consumer
preference profile to that particular consumer. This default profile
may vary from entity to entity as well as from state to state.
6.6
Event: Assign Appropriate Primary Receiving Organization
Default Policy
6.6.1
Action: Primary receiving Each primary receiving organization may have a default consumer
organization assigns the preference profile. This profile can be used if the conditions of
appropriate default consumer 6.5.2 or 6.5.3 are present.
preference profile
6.7.1
Action: Primary receiving Once the primary receiving organization has received the
organization creates the preferences as expressed by the consumer, the preferences are
preference(s) based on the created within their system.
instructions from the consumer.
6.8
Event: Store Preference Primary Receiving Organization
6.8.1
Action: Primary receiving The primary receiving organization may retain the preference
organization stores the profile for later use by storing it in accordance with federal, state
preferences and local internal policies and procedures.
6.9
Event: Audit and Reporting of Primary Receiving Organization
the Preference and/or
Associated Information
6.9.1
Action: Audit reports of the Audit reports are generated in the primary receiving organization’s
preference and/or associated system. These audit reports may be used in the future by the
information are generated entity itself, they may be requested by a consumer or may be
utilized by an outside auditing, certifying or accreditation
organization.
6.3 Scenario 2: Preference Management
Figure 6.3: Scenario 2: Preference Management: Application, Exchange and Replacement Process Diagram
Consumer Preferences
Scenario 2: Preference Management: Application, Exchange and Replacement
Request Request to
Request of Audit Receipt of
Preference Amend Existing
Consumer Empowerment: Reconciliation
Action Preference
Consumer Access to Clinical Notice
Information Use Case
6.14
6.11 Opt
6.13
Out Stop Flow of
Identify Information
Apply Preference
Preference
Receiving Organization
6.17
6.15 6.16
Revoke Relay
Identify Relevant
Replacement
Replace Existing Secondary
Primary
Status to
Preference Receiving
Appropriate
Opt In With Organization(s)
Organization(s)
Classification
Opt In
6.20 6.23
6.18 6.19 6.21
Audit and Transfer/
Reporting of the Transmission of
Identity
Classification Share Preference Preference and/ Preference and/
Verification
or Associated or Associated
Information Information
Receiving Organization
6.28
Out of Scope Event Audit and
Reporting of the
Preference and/or
Associated
Information
6.4 Events and Actions: Scenario 2 Management and Exchange of Preferences
6.10.1
Action: Consumer requests an update to their Once a consumer has expressed their preferences
profile and a profile has been established, the consumer
may wish to amend these preferences or share them
with another organization. The consumer must
submit a request to the primary receiving
organization to begin this process. The process
begins by retrieving the profile from the primary
receiving organization’s electronic system.
6.11
Event: Identify Primary Receiving Organization
6.11.1
Action: Primary receiving organization identifies Prior to the application of the consumer preference,
the consumer preference the primary receiving organization identifies the
preferences in their own system and/or retrieves
them from a PHR or other system.
6.12
Event: Request to Amend Existing Preference Consumer
6.12.1
Action: Consumer makes request to amend their Once the consumer’s preference profile has been
profile identified, they must direct the system to begin the
process of amending the preference profile. If a
replacement is desired, then the process continues
down the alternative path to Event 6.15.
6.12.2
Alternative Action: Consumer makes request to If the consumer’s request is to amend their
amend their profile preference profile, the process starts with the
revocation of the preference profile. Once the profile
has been revoked, the process continues down this
alternative path through Event 6.15 through 6.17
then returns back to Event 6.5 in which the
consumer expresses their amended preferences.
6.13.1
Action: Consumer preferences are applied The consumer preferences must be applied to the
appropriate SHI. The primary receiving organization
must take the preferences and implement them.
This step represents a decision point. Depending on
the wishes of the consumer, the instructions for
medical information may be to opt in, opt out or to
opt in with certain restrictions on the information
based on the classifications and choices offered to
the consumer. HITSP TP20 and TP30 address the
general opt in and opt out situations, but there are
gaps in the standards where specific classifications
of the data are utilized for consumer preferences.
6.13.1.1
Alternative Action: Opt in This alternative represents the choice to opt in to
sharing the consumer’s medical information in its
entirety. In this case the data may be shared with
providers as necessary, including secondary
receiving organizations. No restrictions are put on
the information beyond the standard restrictions
afforded all SHI based on national, state, local or
entity policy depending on the context of care.
HIPAA rules must always apply to this information.
6.13.1.2
Alternative Action: Opt out This alternative represents the most restrictive
choice on the part of the consumer, where no data
sharing may take place outside of the primary
receiving organization. However, there may be
provisions at the entity site whereby providers can
utilize a “break the glass” protocol (i.e. – access the
EHR in opposition to the patients preference) if an
emergency warrants the sharing of this information.
However, if a provider “breaks the glass” it may be
necessary to let the consumer know about this
situation as soon as possible. This issue is
addressed in the 2007 Consumer Empowerment:
Clinical Access to Clinical Information Use Case in
Event/Action: 7.1.4.
6.14
Event: Stop Flow of Information Primary Receiving Organization
6.14.1
Action: Primary receiving organization stops the If the consumer decides to Opt Out of
flow of information based on the consumer opting sharing/exchanging their EHR, the primary receiving
out organization must not allow for or stop the flow of
this information to exchanges and/or to other
healthcare providers. The EHR will remain with the
primary receiving organization and the record may
be used according to federal, state and local internal
policies and procedures.
6.15
Event: Replace Existing Preference Primary Receiving Organization
6.15.1
Action: Primary receiving organization’s system Once the consumer has expressed their wishes to
replaces the consumers preference profile replace or amend the preference profile, the
instructions are given to the primary receiving
organization and the status of the consumer’s
preference profile is replaced.
6.16
Event: Identify Relevant Secondary Receiving Primary Receiving Organization
Organization(s)
6.16.1
Action: Primary receiving organization identifies The primary receiving organization must identify any
secondary receiving organizations and all secondary receiving organizations to which
the consumer’s preference profile was transmitted.
The audit report may be used to determine all
relevant entities.
6.17.1
Action: Relay the replacement order to all the The primary receiving organization notifies the
appropriate secondary receiving organizations. secondary receiving organizations of the inactivation
of the consumer preference profile and of its
replacement.
6.18
Event: Classification Primary Receiving Organization
6.18.1
Action: Consumer’s health information is classified The Primary receiving organization must be able to
prior to data exchange exchange information based upon the classification
specified by the consumer’s preferences and
recognized standards.
6.19
Event: Share Preference Primary Receiving Organization
6.19.1
Action: Preferences are prepared for sharing with The primary receiving organization’s EHR system
information exchange or secondary receiving gathers the preferences and relevant associated
organization medical information and processes this information
into a transmittable packet of data to be exchanged
via an information exchange or other provider.
6.20.1
Action: Audit reports of the preference and/or Audit reports are generated in the primary receiving
associated information are generated organization’s system. They may also be generated
in subsequent systems. These audit reports may be
used in the future by the entity itself, they may be
requested by a consumer or may be utilized by an
outside auditing or accreditation organization.
6.21
Event: Identity Verification Primary Receiving Organization
6.21.1
Action: Identity is verified in the primary receiving Prior to transmission of the consumer preferences,
organization’s system the identity of the consumer, whose data is being
exchanged and the secondary receiving
organization, must be positively verified. This
verification is required to take place prior to
exchange.
6.22
Event: Identity Verification Secondary Receiving Organization
6.22.1
Action: Identity is verified in the secondary Prior to completion of the transmission of the
receiving organization’s system consumer preferences, the identity of the consumer
whose data is being exchanged, and the secondary
receiving organization must be positively verified a
second time; this time the verification takes place
upon receipt by the secondary receiving
organization.
6.23.1
Action: The consumer preferences are transmitted Once events 6.21 and 6.22 have been completed,
along with associated information the consumer preferences and all pertinent
associated medical information are transmitted from
the primary receiving organization to the secondary
receiving organization. The secondary receiving
organization may be a health information exchange,
a national or regional information network or simply
another provider who requires the electronic health
record of the consumer.
6.24
Event: Receipt of the Preference Secondary Receiving Organization
6.24.1
Action: The consumer preferences are received by The consumer preferences and associated
the secondary receiving organization information is received by the secondary receiving
organization’s electronic system. At this time the
information may be integrated into a new or existing
EHR and may then be used by care coordinators or
clinicians working at the secondary receiving
organization.
6.25
Event: Acknowledgment of Receipt and Secondary Receiving Organization
Reconciliation
6.25.1
Action: Acknowledgment of receipt of consumer Once the consumer preferences are received at the
preferences secondary receiving organization, an electronic
acknowledgement is transmitted back to the primary
receiving organization and the consumer. This is a
simple acknowledgement of the receipt of the
electronic information by the secondary receiving
organization’s system. It is not necessarily an
agreement to abide by the preferences. These
policies are addressed in the Issues and Policy
Implications Section 4.0.
6.26 and
Event: Receipt of Reconciliation Notice Consumer and Primary Receiving Organization
6.20
6.26.1
Action: The consumer and primary receiving If reconciliation is necessary (action 6.25.2) and a
organization receives a notice of consumer notice is sent out by the secondary receiving
preference reconciliation. organization’s system, the consumer and the
primary receiving organization may receive this
notice.
6.27
Event: Store Preference Secondary Receiving Organization
6.27.1
Action: Secondary receiving organization stores The secondary receiving organization may retain the
the preferences in their data repository consumer preference profile for later use by storing
it in accordance with federal, state and local internal
policies and procedures.
6.28
Event: Audit and Reporting of the Preference Secondary Receiving Organization
and/or Associated Information
6.28.1
Action: Audit reports of the preference and/or Audit reports are generated in the secondary
associated information are generated receiving organization’s system. These audit reports
may be used in the future by the entity itself, they
may be requested by a consumer or may be utilized
by an outside auditing, certifying or accreditation
organization.
6.29.1
Action: Consumer requests an audit of their The consumer may request an audit of their
expressed consumer preferences consumer preferences. This request may be for the
primary, secondary or other receiving organizations
or providers that are storing the consumer’s
preferences. This issue has been addressed in the
2007 Consumer Empowerment: Consumer Access to
Clinic Information Use Case in Event/Action 7.1.4.
The process involved with a consumer requesting an
audit has been deemed out of scope for this
Consumer Preferences Requirements Document.
Note: This action is out of scope
7.0 Information Exchanges
Information exchanges depict the focused information exchanges that standards
development organizations should address.
1a
1c
6.5, 6.12 1d 1d
6.6, 6.7, 6.24
Express or
1b Receipt of
Revoke
Preference
Preference 1e
6.26 6.25
Receipt of Acknowledgement
2b 2a
Reconciliation of Receipt and
Notice Reconciliation
EHR
6.23
Transfer/ HIE PHR
Transmission of Intermediary 3
3
Preference and/or or Healthcare Entities
Associated Point to Point
Information Social Agencies
Other Providers
6.25
Acknowledgement
4 4
of Receipt and
Reconciliation
6.20, 6.28
Audit and
6.29 Reporting of the
6 5 5
Request of Audit Preference and/or
Associated
Information
7.1 Legend
The Information Exchange Diagram extracts the events from the Process Diagram where
consumer preference information is actually exchanged between entities in order to
illustrate the flow of a consumer’s preference more clearly. The exchanges of information
are explained below.
Information Exchange
1a The request to initially express, replace or amend a consumer preference is
completed via a PHR.
6 The consumer requests and receives a copy of the audit log for their preference.
8.0 Functional Needs
The Functional Needs Section describes the combination of end-user needs and system
behaviors that support interoperability and information exchange.
8.1 Universal Functional Needs
1. Identity Verification (Events 6.4, 6.21, 6.22)
a. The ability to positively identify the consumer is required by:
i. The primary receiving organization: to verify that they are creating,
retrieving or transmitting the preference and/or the associated
information for the correct consumer
ii. The secondary receiving organization: to verify that they have
received the consumer preferences and/or the associated information
for the correct consumer
b. The ability to positively identify the primary receiving organization is required
by:
i. The secondary receiving organization: to ensure they are receiving a
preference from the correct organization
ii. The consumer: to verify that they are expressing or transmitting a
preference to the correct organization
c. The ability to positively identify the secondary receiving organization is
required by:
i. The primary receiving organization: to ensure the preference is
transmitted to the correct organization
ii. The consumer: to verify that their preference was transmitted to the
correct organization
8.2 Consumer Functional Needs
1. Express Preference (Event 6.5)
a. The ability for the consumer to express preference choices to a primary
receiving organization and have that preference applied and exchanged
appropriately.
9.0 Data Set Considerations
It is important to note that consumers, at the highest level, require the capability to opt in
or opt out of the exchange of their health information. Consumers may also request that
only certain classes of information be shared. These classes of information and preferences
could be classified at varying levels of granularity. Defining the needed levels of granularity
is not focus of this Consumer Preferences Requirements Document.
This Data Set Considerations Section provides a comprehensive (not exhaustive) list of
classes of consumer preferences that should be considered in identifying, harmonizing and
developing standards. This section is only intended to be a guide for the development of
standards, however, it does not preclude, the use of existing standards approved by
standards development bodies such as HITSP.
They include:
9.1 Identity and Preference Verification
1. Consumer Information - addressed in 2006-2009 AHIC Use Cases
2. Primary/Secondary Receiving Organization Information
a. Provider Information
b. EHR information
c. HIE information
d. PHR information
3. Consumer Preference Information
a. Consumer preference identification information
b. Consumer preference audit information
i. Date and locations where the consumer preference was created,
received, applied, stored, shared, transmitted, amended or replaced
9.2 Data Classification
Possible types of consumer preferences classifications
1. Access Restriction & Management
a. Consent & Disclosure of Information – Sequestering or disclosing protected
health and/or sensitive health information, categories may include:
i. HIV/AIDS
1. Status or diagnosis
2. Medications
3. Treatment
4. Test results, etc
ii. Mental Health
1. Medications
2. Psychotherapy notes
3. Counseling or treatment
4. General information, etc.
10.0 Appendix A: Glossary
Clinicians: Healthcare providers with patient care responsibilities, including physicians,
advanced practice nurses, physician assistants, nurses, psychologists, pharmacists and
other licensed and credentialed personnel involved in treating patients.
Comfort Needs: Includes attention to the psychological, lifestyle and spiritual needs of the
patient.
Consumers: Any recipient or legal proxy of a recipient of healthcare who wishes to create
preferences regarding aspects of their care and how their medical information is accessed or
shared.
Electronic Health Record (EHR): The electronic health record is a longitudinal electronic
record of patient health information generated in one or more encounters in any care
delivery setting.
Government Agencies: Federal, state, local, territorial or tribal departments within the
United States government responsible for the oversight and administration of a specific
function; government agencies may include: Department of Health and Human Services
(DHHS), Food & Drug Administration (FDA), Centers for Disease Control and Prevention
(CDC), Centers for Medicare & Medicaid Services (CMS), Department of Defense (DoD),
Department of Veterans Affairs (VA), Substance Abuse and Mental Health Services
Administration (SAMHSA), Indian Health Services (IHS) and Department of Homeland
Security (DHS).
Health Information: According to HIPAA, any information, whether oral or recorded in any
form or medium, that is created or received by a health care provider, health plan, public
health authority, employer, life insurer, school or university or health care clearinghouse;
and relates to the past, present or future physical or mental health or condition of an
individual; the provision of health care to an individual; or the past, present or future
payment for the provision of health care to an individual.
Healthcare Payors: Insurers, including health plans, self-insured employer plans and third
party administrators, providing healthcare benefits to enrolled members and reimbursing
provider organizations.
HIT Vendors and Providers: Organizations that develop and provide health information
technology solutions. These solutions may include personal health records, applications,
data repositories, and web services.
Laboratories: A laboratory (often abbreviated lab) is a setting where specimens are sent
for testing and analysis are resulted and then results are communicated back to the
requestor. The types of laboratories may include clinical/medical, environmental,
veterinarian and may be both private and/or public.
Medical Home: A model for providing care that is “accessible, comprehensive and
coordinated and delivered in the context of family and community.” A patient’s medical
home includes a clinician, referred to as the medical home provider, who is the central point
of planning, coordination and management of the patient’s health promotion, acute illness
care and chronic condition management.
Personal Health Record System Suppliers: Organizations which provide specific PHR
solutions to clinicians and patients such as software applications and software services.
These suppliers may include developers, providers, resellers, operators and others who may
provide these or similar capabilities.
Protected Health Information (PHI): According to HIPAA, PHI is any information about
health status, provision of healthcare or payment for healthcare that can be linked to an
individual.
Providers: The healthcare clinicians within healthcare delivery organizations with direct
patient interaction in the delivery of care, including physicians, nurses and other clinicians.
This can also refer to healthcare delivery organizations.
Sensitive Health Information (SHI): For the purposes of this document, SHI is
personally identifiable health information that is deemed by the individual (or their
designee) as requiring protections and particular care in its handling or dissemination that is
greater than the protections afforded other personally identifiable health information. What
information an individual considers to be “sensitive” is not necessarily the same set of
information that another individual considers sensitive, nor is it necessarily the same as the
information designated under HIPAA to be Protected Health Information (PHI).
Specialty Networks: Networks that are accessed directly by the PHR to feed information
into the PHR. These information providers may interface directly with participating entities:
i.e. – healthcare entities, ancillary entities, laboratory, etc.
Standards Development Organizations (SDO): Any entity whose primary activities are
developing, coordinating, promulgating, revising, amending, reissuing, interpreting or
otherwise maintaining standards that address the interests of a wide base of users outside
the standards development organization. HITSP is an example of an SDO.