Consent Management using HITSP TP30

I was asked to present today the HITSP TP30 solution to the "Upper Midwest HIE"  committee of ONC's State Health Policy Consortium. I was invited to speak with a recommendation from my HITSP "Security/Privacy/Infrastructure Workgroup" co-chair Walter Suarez. Walter also helped me by providing some of the slides.

HITSP TP30 is the construct that HITSP put together to capture and manage "consent".

The Manage Consent Directives Transaction Package describes the messages needed to capture, manage, and communicate rights granted or withheld by a consumer to one or more identified entities in a defined role to access, collect, use, or disclose Individually Identifiable Health Information (IIHI), and also supports the delegation of the patients right to consent. 

I was asked to cover:

1. Explain the basic functionality of the TP30.  What information does it have the capacity to send?
2. What are the business flow challenges to implementing the TP30?
3. What is the current status of the TP30 in the e-health world?   (For example: IHE Profile, NHIN, etc.  Is TP30 under consideration for future inclusion in the certification standards?)

The presentation was about TP30, but I also did cover some of the work that has happened since and some of the work still ongoing.  I could have use the HITSP Powerpoint template, but given that project is closed it didn't feel right. So I removed all background template. I am sure I will get a chance to further enhance them.

The Presentation is available in Powerpoint (PPTX) format


I am very proud of the committees that I have participated in to produce this solution. I excited to work through the gaps that continue to exist. We are not done, but we do have a good framework to get Health Information Exchanges going.

References
I had done a presentation on BPPC to the HIT Security committee in April. During that presentation I touch on all the aspects of TP30. The presentation and audio recording of that testimony is available:

• HIT Standards - Privacy & Security committee - Presentation of BPPC

In May there was further testimony to the HIT Standards committee on the current HL7 standards developments that have advanced the base standard. This testimony was given by Ioana, a member of the HL7 committee and major contributor to the work. This standards development is still underway. It does give a view of where the standards developments are:

• HIT Standards - Privacy & Security committee - Presentation of HL7 CDA Consent

Some other articles on my blog that might be informative.

• Designing a Secure HIE
• Stepping stones for Privacy Consent
• Consumer Preferences and the Consumer
• Redaction and Clinical Documentation
• Availability of Consent Documents and their rules
• The meaning of Opt-Out,
• Opt-In, Opt-Out.... Don't publish THAT!,
• Consent standards are not just for consent,
• Consumer Preferences and the Consumer,
• RHIO: 100,000 Give Consent.
• Accountability
  • Accountability using ATNA Audit Controls
  • ATNA and Accounting of Disclosures
• Data Classification
  • Data Classification - a key vector enabling rich Access Controls