Consent and Privacy Audit
A consent directive is defined as express instruction(s) from a health care client (or someone authorized to act on the client’s behalf) to his/her HIC, regarding the collection, use, or disclosure of the client’s PHI.
When a request for PHI disclosure comes through eHealth Ontario’s HIAL segment, a check is made for consent directives against release of the data. The degree of control available to individuals is determined by provincial policy.
The components of the consent management solution are shown in figure 23.
Figure 23: Consent Management
Consent Management components are:
- External inputs: include legislation, regulation, and policy direction from MOHLTC and eHealth Ontario, and consent requests from health care clients
- Consent system administration: an administrative application restricted to a small group of authorized users for reporting and configuration purposes
- Point of service (POS) applications: clinical systems requiring interaction with the consent management solution
- Portals: websites providing a single point of access to online services for a target group of users, aggregating information from multiple sources and presenting it as a unified whole
- eHealth Ontario HIAL segment: the key interface point for all access to PHI in eHealth Ontario’s clinical repositories. Service orchestration through this segment requires that consent management is invoked for any request for PHI access.
- Audit log: provides PHI auditing services and generates notifications to privacy officers in eHealth Ontario when specific transactions occur (e.g. consent override)
- Registries: used in the application and evaluation of consent directives – for example to normalize client identifiers from POS applications to the corresponding provincial identifiers
- Domain repositories: the provincial stores of clinical data that contain PHI for a domain
- Consent management registry and services: the core of the consent management solution. Services include:
- Consent management directory: stores health care client consent directives, as well as legislation-based rules and policy-based rules that control consent directive processing
- Transaction processing: the main processing engine invoked by the consent interface to apply consent, allowing or blocking a transaction or masking its content
- Reporting: reports on the management of consent directives, which can include information on the directives in force for a health care client at a point in time
- Publish/subscribe: allows partner clinical systems to be notified of consent directives collected by eHealth Ontario
Planned features of the consent management solution include:
- Health care clients will be able to create, modify, and revoke consent directives, withdrawing or withholding consent for the use or disclosure of their PHI via the EHR, as directed by policy and/or the law. They will also be able to reinstate this consent if required.
- The solution will have the flexibility to implement more finely detailed degrees of access control, as determined by the MOHLTC through regulation or provincial policy.
- Standards will be applied for both the types of consent directives that can be created, and the processes by which they are implemented and managed.
- Transactions relating to the implementation, viewing, modification, revocation, or overriding of consent directives will be logged.
PHI audit trails are an important part of the EHR privacy compliance and security implementation. All transactions relating to PHI that consume EHR-related services through the eHealth Ontario HIAL segment will be logged in a centralized audit repository for privacy purposes. This repository is maintained separately from the system and other logs managed by the other EHR components. The solution is based in part on requirements set out in PHIPA O. Reg. 329/04, requiring the ability to respond to requests for information on accessed PHI in eHealth Ontario’s systems and who has accessed the information.
The components of the privacy audit solution are shown in figure 24. Many of them are similar to those in the consent management solution (HIAL segment, registries, domain repositories).
Figure 24: Privacy Audit
Authorized users will access the solution through an interface for administration, management of business rules, and reporting. The core functionality of the solution will include:
Back to Top
- Logging of all PHI-related transactions, for privacy auditing purposes
- Reporting and analytics: tools to present information in standard format
- Monitoring and alerting: detection of inappropriate use based on configurable business rules and system configurations. Includes the ability to correlate audit events and the generation of intelligent, context-based alerts, for suspicious events or behaviour.
- Security mechanisms to prevent unauthorized access to, and unauthorized use of, audited information