DS4P+Netsmart+Pilot

include component="page" wikiName="siframework" page="Data Segmentation HeaderPilots2" =Overview= toc This pilot will design, develop, test, and release to production solutions that implement the first 3 scenarios of the DS4P use cases, including: The enhancements to the various HIE and EHR solutions used in this pilot will focus on: The solutions will be implemented with two different groups across the country. The referral network in the Tampa Bay will implement the first two scenarios, managing the direct push or pull of information between the various organizations involved in the coordination of care of an individual. The Kansas HIE (KHIN) along with behavioral health providers in their network will implement scenario 3, introducing the registry and repository model to the pull of information. Each of these groups will manage restricted data associated with programs regulated by 42 CFR part 2 and ensure that all requirements of this regulation are met including the redisclosure rules.
 * Scenario 1 - User Story 1 – 42 CFR Part 2 Push / Share All / Partial
 * Scenario 2 - User Story 1B – 42 CFR Part 2 Pull between providers / Share All / Partial
 * Scenario 3 - User Story 1C – HIO Repository & Consent Repository
 * Ensuring that all data is correctly tagged in the payload and the protocols used to transport the payload,
 * The consent directive follows the data in transit, and
 * The receiving HIO or EHR can properly enforce the policies associated with the sensitive nature of the data received.

Technical approach
=Objectives= The 3 main objective of this pilot, as stated above, and relating the to 3 user stories are: Along with this, the impact of each feature will be measured for the complexity of the implementation whether it is in the EHR or in the HIE registry and repository. This will inform the efforts required in the larger HIT community to implement the various changes.
 * A standards based approach to the tagging, transmission, and security will be used throughout the solution
 * A SOA based infrastructure will be utilized to manage the integration between all of the organizations
 * Agile design and development between all organizations involved
 * Ensuring that all data is correctly tagged in the payload and the protocols used to transport the payload,
 * The consent directive follows the data in transit, and
 * The receiving HIO or EHR can properly enforce the policies associated with the sensitive nature of the data received.

All of the integration efforts will be based on existing standards or those developed as part of the DS4P initiative. Key standards used in this process will be the Direct Project, XDS.b, C32 CCD and the CDA, XACML, and SAML.

Phase 1 (Production - January 2013)
42 CFR Part 2 Push / Share All / Partial 42 CFR Part 2 Pull between providers / Share All / Partial
 * Scenario 1 - User Story 1**
 * Scenario 2 - User Story 1B**

Phase 2 (Pilot Release - January 2013)
HIO Repository & Consent Repository
 * Scenario 3 - User Story 1C**

Phase 3 (Production Release - February 2013)
HIO Repository & Consent Repository =Stakeholders & Points of Contact= Bill Connors Senior VP, General Manager, Behavioral Health 801 Warrenville Rd. Suite 350 Lisle, IL 60532 Role: Project Sponsor
 * Scenario 3 - User Story 1C**
 * Netsmart**

Matthew Arnheiter VP, Innovations 4950 College Boulevard Overland Park, KS 66210 Role: Lead Technical Architect

Laura McCrary, Ed.D 623 SW 10th Ave. Topeka, KS 66612 Role: HIE Sponsor
 * KHIN**

=Demonstrated Standards= > CCDA, C32, PDF > DIRECT, XDR, XDS > SSL, PKI, SAML > 42 CFR Part 2 > XACML =Ecosystem Diagram= =Pilot Project Timeline=
 * **Payload**
 * **Transport Protocols**
 * **Security**
 * **Privacy Consent Policies**
 * **Consent Standards**

=Anticipated Resources= > Matthew Arnheiter: Lead Architect > Mark Gromowsky: Lead Integration Engineer > KHIN > Informatics Corporation of America (ICA) > Netsmart CareConnect: Cloud Based Integration Engine > Netsmart myAvatar: MU1 Certified EHR > KHIN HIE utilizing ICA =Success Metrics= The goal is to provide an open standards based solution to exchange PHI information where the consent directive follows the data and is understood at each layer of the exchange, i.e. EHR and HIE. We are also testing the impact these standards have on an EHR, balancing the amount of change with a complete solution to properly secure sensitive information. Success metics for the pilot include: =Reference Documents= include component="page" wikiName="siframework" page="Data Segmentation for Privacy Initiative Contacts" include component="page" wikiName="siframework" page="space.template.inc_contentleft_end"
 * **Netsmart**
 * **Infrastructure**
 * Automated Data Tagging of the CCD with Data Confidentiality at the segment level
 * Demonstrate compliance with 42 CFR Part 2 prohibition against re-disclosure notification
 * Demonstrate segmentation of 42 CFR Part 2 protected information and the proper mechanisms in the EHR to not re-disclose the information without consent.
 * Implement the security and privacy metadata in the XD* envelope
 * __**Document**__ || __**Description**__ ||
 * [[file:Data Segmentation for Privacy Proposal Netsmart 2012 11 28-1.pdf]] || Netsmart DS4P Proposal Presentation to DS4P community on 11/28/2012. ||