Dr. John Halamka gave a great overview of the metadata discussion on his blog:
Stan Huff led the metadata discussion and reviewed the work that has been done to date on patient ID and provenance standards. For patient ID, we considered many options but selected a very simple XML construct based on a streamlined CDA R2 header. This XML has nothing healthcare specific such as OIDs in it. For provenance, we considered many options but selected a very simple XML construct based on a streamlined CDA R2 header and X.509 certificates for digital signature. The signature could be an institution, a department, or an individual, as needed by the use case. For Privacy we considered many options and recommended a CDA R2 Header with a simple vocabulary to indicate that sensitive data is present. The list of sensitive data types could include mental illness, substance abuse, sexually transmitted disease data, HIV data, domestic violence data etc. or it could be a simple indicator that sensitive data is present. Specifying such a vocabulary is future work.Below is the slide deck and audio from the Metadata Power Team presentation at the June 22, 2011 HIT Standards Committee meeting:
A robust discussion followed about privacy flags. Here are important clarifications:
- During transmission, the envelope of metadata plus the payload of content is fully encrypted and so the metadata is not readable until it arrives inside the organization or to the person authorized to read it.
- Much of the time, no privacy flags are needed because the patient will be the source of the data and will elect what to disclose to whom. Privacy flags would likely be needed when data is assembled from multiple sources and is received by a provider who needs to obtain special consent before viewing it or apply special protections before storing it.
- A privacy flag would enable data to be automatically routed to specially protected areas of the EHR.
- The CDA R2 header standards are used millions of times per day throughout the world but this subset of them and constrained specifications of how/when they are used should be tested before regulations require them for specific transactions.
- The recommendation to use CDA R2 headers for metadata is the beginning of a formal ONC process to seek comment, feedback and stakeholder engagement regarding their use.
Based on all these clarifications, the HIT Standards Committee approved the use CDA R2 header for metadata as a formal recommendation to ONC as it begins the NPRM process.