FL – April 2, 2009 – HIPAAT International
Inc. (HIPAAT), provider of consent management and security
auditing solutions to the healthcare industry, today announced
it will introduce its enhanced privacy solution in booth
6864 at the Healthcare Information and Management Systems
Society (HIMSS) Annual Conference, April 5-8, 2009 in Chicago.
The vendor-neutral solution leverages industry standards
to enable the creation, management, validation and enforcement
of health information privacy policies for health data
myConsentMinder is HIPAAT’s new Web-based,
consumer-facing privacy repository. It allows consumers to
record their privacy policies using conventional, user-friendly
forms. To access myConsentMinder, individuals will
typically log in through a personal health record or patient
portal. They will then create, edit and store their privacy
preferences, which are expressed in OASIS eXtensible Access
Control Markup Language (XACML) and Health Level 7 (HL7)
standards. From these specialized consent templates, standards-based
access rules and policies are created and can be applied
in any health information exchange (HIE) environment.
Privacy eSuite, HIPAAT’s consent engine,
has been enhanced to support the XACML/HL7 protocol for personal
health information (PHI) access control. This is accomplished
through two service-oriented architecture (SOA)-based Web
services: a Consent Management Service that enables consumer,
organizational and jurisdictional privacy rules to be created
and administered, and a Consent Validation Service that adjudicates
PHI access requests.
Privacy Manager is a point of service software
application that integrates with clinical applications through
context management or via application interface to enforce
privacy policies. It too has been enhanced to support XACML/HL7.
HIPAAT’s Universal Audit Repository (UAR) is a standards-based
repository that logs all access – and attempted access – to PHI.
V2.0 is Java-based, providing more sophisticated, customizable search and report
capabilities and a more powerful user interface. The UAR provides automatic,
immediate breach reporting of override (unauthorized) access to PHI.
Next on the product roadmap is the Java Consent Validation
Interface (JCVI). The JCVI is a Java-based toolkit allowing
electronic medical record (EMR)/electronic health record
(EHR) solutions to communicate with outside Consent Validation
Services to become further ‘privacy aware’ of
patient, organizational and jurisdictional policies. The
JCVI is based on XACML/HL7 standards.
“The pressing mandate for EHRs, most recently highlighted
by the American Recovery and Reinvestment Act (ARRA), reinforces
the need for patient privacy protections in health information
exchange,” said Terry Callahan, HIPAAT managing director. “Consumers
must have privacy choices for EHRs to be successful, and
providers must be confident they’ll have access to
the PHI they need to treat their patients. Each of our standards-based
components takes that balance into account, from consumer
consent policy creation through to policy enforcement at
the point of care.”