HIPAAT’s policy enforcement solution, the Privacy Manager, enforces consent directives established by the patient, facility or jurisdiction. Functioning across disparate applications in single- or multi-vendor environments, the software allows or denies access to personal health information (PHI).
When a user or provider attempts to access a patient’s PHI and Privacy eSuite determines that the user is authorized, Privacy Manager automatically provides access to the user – with no interruption to workflow and no change to the user's screen.
If Privacy eSuite determines that the user is not authorized, i.e. the patient has blocked the user from accessing their PHI, Privacy Manager does one of two things:
1. |
provides a message to alert the user that access to the PHI is denied, but permits emergency override (“break the glass”) access – and generates a security message to the Universal Audit Repository when override is selected |
2. | provides a message (optional) to alert the user that access to the PHI is denied, and blocks the user from accessing the PHI (e.g. patient has “opted-out” of the EHR) |
Privacy Manager
 |
user interface |
|
appropriate at the point of service and for all levels of health data exchange, e.g. PHR, CDO, portal, EHR, HIE, RHIO, LHIN (Canada), NHIN (U.S.), PCT (UK) |
|
integrates with application architecture via simple application interface (API) or via HL7 CCOW |
|
issues IHE audit messages (e.g. “break the glass” access) to the Universal Audit Repository, which generates immediate security alerts as appropriate |
For additional information |
Sales |
