Term
|
Definition
IHE Profiles define “use cases” that solve user needs
- Describes the use case and a conceptual view of how the profile addresses it. IHE profiles model the business process problem and the solution to the problem. |
|
|
Term
|
Definition
| interactions between actors that transfer the required information through standards-based messages. - ITI-8 Transaction |
|
|
Term
|
Definition
| Defines the data in any documents to be exchanged in each profile. |
|
|
Term
|
Definition
| Each domain’s technical framework brings together all the IHE Profiles for that domain and describes how they can be implemented together in the real world. It describes overall workflows of information sharing, where each IHE Profile makes its appearance, and how it works with all the others. The frameworks generally are broken up into three parts: Profiles, Transactions and Content Modules |
|
|
Term
|
Definition
| information systems or applications that manage, act on or produce on information - MAP |
|
|
Term
| EHR/HIE interactions (eCW & Orion) |
|
Definition
Part 1: Register a Patient in eCW “Houston” and Store a CCD in the Orion “Central Texas” HIE
Part 2: Perform Patient Matching and observe CCDs in the Orion “Central Texas” HIE
Part 3: Observe and compare CCDs in the Orion HIE with the eCW EHR Progress Note and the Orion “Snapshot CCD” |
|
|
Term
| HL7 messages for lab orders and results |
|
Definition
1. Transmit laboratory orders from eClinicalWorks EHR to LabCorp (HL7 ORM)
2. Receive laboratory results (HL7 ORU) from LabCorp into eClinicalWorks EHR
3. Publish the laboratory results (after review) to the EHR Patient Portal |
|
|
Term
| The HIE Interoperability Standards |
|
Definition
| Information Transfer Standards, Data Transmission Security and Semantic Standards |
|
|
Term
| Information Transfer Standards |
|
Definition
- HL7 (Health Level 7
- IHE (Integrating the Healthcare Enterprise)
- FHIR (Fast Healthcare Interoperability Resources) |
|
|
Term
| Data Transmission Security |
|
Definition
- Transport Layer Security (TLS, used by the ICA HIE)
- Virtual Private Network (VPN, used by the Orion HIE) |
|
|
Term
|
Definition
| - ICD-9/10, LOINC, RxNorm, SNOMED, CPT, DICOM, etc. |
|
|
Term
| IHE Profiles consist of three parts: |
|
Definition
- Actors
- Transactions
- Content Modules |
|
|
Term
| The first transaction (IHE & HL7 names) and type of data transferred between EHRs and HIEs for a patient are |
|
Definition
| EHR eCW Houston Sends patient local ID w/ demographics to HIE (Houston) using a ITI8 (HL7: ADT^A04, ^108) transaction -> Orion central Texas Regional HIE receives it and does a PIX cross reference to assign a MATER patient ID# (Global ID) |
|
|
Term
| Know what a PIX query is (what information is sent from the EHR, what is returned from the HIE in this "handshake" of information |
|
Definition
| The PIX Query provides a “handshake” between the EHR and the HIE in which the EHR sends the local patient EHR ID and demographics and the HIE returns the patient “global ID” (XDS.b ID). |
|
|
Term
| What is an HIE? Texas Law: |
|
Definition
A. assists in the transmission or receipt of health related information among organizations transmitting or receiving the information according to nationally recognized standards and under an express written agreement
B. As a primary business function, compiles or organizes health-related information that is designed to be securely transmitted by the organization among physicians, health care providers, or entities with a region, state, community, or hospital system
C. Assists in the transmission or receipt of electronic health related information among physicians, health care providers, or entities within a hospital system, physician organization, healthcare collaborative, [certain ACOs]. |
|
|
Term
| Parts of the HIPAA/HITECH Final Omnibus Rule |
|
Definition
- Privacy Rule
- Security Rule
- Breach Notification |
|
|
Term
|
Definition
- Prohibits sale of PHI
- Audits of covered entities
- Creates covered entity certification program
- Consumer access to EHR
- Consumer information website & consumer complaint report
- Expands state-level breach notice to individuals from other states (amended in later session)
- Updates notice and authorization requirements
- Increases penalties (but adds caps and mitigating factors)
- Increases criminal penalties for identity theft involving PHI
PACCCE UII |
|
|
Term
| DURSA – Data Use and Reciprocal Support Agreement |
|
Definition
- Multi-party trust agreement for public and private organizations in HIE
- Establishes permitted purposes for exchange similar to HIPPAA
- Establishes duty to respond to requests
- Required to sign if connecting to the eHealth Exchange
MEERv |
|
|
Term
| Restrictions on sharing Behavioral Health (BH) data and the name of the federal law covering this |
|
Definition
HIPPA does not prohibit use/disclosure of behavioral health information for treatment purposes.
- Behavioral Health information that can be shared without patient consent excludes: Psychotherapy Notes and Substance Abuse Diagnosis |
|
|
Term
| Models of Patient Consent in HIE |
|
Definition
Opt – In – no health information is shared through HIE unless patient takes specific action to allow it
Opt – Out - Health info will be shared (within bounds of state and federal law) unless patient takes specific action to stop it
Hybrid – Some take Hybird to opt-out for general health information but may take opt-in approach for certain sensitive health data (HIV/Aids, mental health etc.) |
|
|
Term
| Privacy and Security concerns related to data governance: |
|
Definition
- HIPAA risk assessment
- Architecture matters
- Data in transit: encryption required
- Data at rest: encryption not required
- Data integrity (patient matching, corruption)
- Availability: potential liability if data not available at point of care
- Technical security measure
+ Identity-proofing, passwords, account timeouts, account lockdowns
HADD DAT |
|
|
Term
| Patient’s rights to access PHI under HIPAA: |
|
Definition
• Individuals have a right of access to inspect and obtain a copy of their PHI.
• Unless the covered entity meets an exception for refusing access (e.g., psychotherapy notes), then PHI must be provided within 30 days (one 30-day extension allowed).
• NOTE: This applies to covered entities – not business associates (e.g., HIEs). Therefore, likely handled through a business associate agreement if the requested PHI is maintained by the HIE. |
|
|
Term
| Legal and policy issues that HIEs must address: |
|
Definition
- privacy and security requirements for system development and use (e.g., encryption, HIPAA risk assessment, patient consent, patient matching, handling of breaches, liability);
-laws and regulations (e.g., multi-state and multi-jurisdictional legal and policy harmonization activities).
- organizational and technical structure/purpose (e.g., non-profit vs. for-profit, enterprise vs. community/regional/state, query-based vs. direct);
- organizational and data governance; policy frameworks (e.g., policies regarding jurisdiction and types of data covered, such as behavioral health data, information related to minors);
- data sharing agreements (e.g., who, when, where, and how can data be accessed, and Business Associate Agreements)
PLOOD |
|
|
Term
|
Definition
The eHealth Exchange, formerly known as the Nationwide Health Information Network (NHIN or NwHIN), was developed by the ONC. It was established in 2004 to improve the quality and efficiency of healthcare by establishing a mechanism for nationwide health information exchange. In 2012 management of the NHIN was transferred to a public-private coalition headed by Healtheway, a non-profit organization.
The eHealth Exchange is a rapidly growing community of exchange partners, who share information under a common trust framework and a common set of rules. Currently, there are 34 participants including 4 federal agencies, 5 states, 8 beacon communities and more than a dozen Health Information Organizations (HIOs) and health systems, which represent hundreds of hospitals, thousands of providers and millions of patients. The eHealth Exchange helps to improve the health and welfare of all Americans through health information exchange that is trusted, scalable and enhances quality of care and health outcomes by supporting comprehensive longitudinal health records.
The eHealth Exchange utilizes a set of standards, services, and policies that enable the secure exchange of health information over the Internet. It is NOT a physical network that runs on servers at the U.S. Department of Health & Human Services, nor is it a large network that stores patient records. |
|
|
Term
|
Definition
• Multi-Party Agreement
• Participants Actively Engaged in Health Information Exchange
• Privacy and Security Obligations
• Requests for Information Based on a Permitted Purpose
• Duty to Respond
• Future Use of Data Received from Another Participant
• Respective Duties of Submitting and Receiving Participants
• Autonomy Principle for Access
• Use of Authorizations to Support Requests for Data
• Participant Breach Notification
• Mandatory Non-Binding Dispute Resolution
• Allocation of Liability Risk
MMAAD UPP RAF |
|
|
