HIPAA Controlled Patient Information Exchange and Traceability in Clinical Processes

The digital transformation of healthcare processes is deeply changing the quality of healthcare services offered to the patient. Although it is often seen as highly beneficial, the move to digital connected health systems exposes both health providers and individuals to many risks ranging from privacy violations to medical identity usurpation Throughout this process of digitisation, it is essential that privacy protection and systemic compliance to personal data regulations such as HIPAA and GDPR are ensured by all healthcare stakeholders. This is essential to setup the boundaries and limitation imposed by the legislative framework with relation to the legitimate processing of sensitive data. In this paper, we are aiming to represent privacy and security controls as tags/labels to data elements highlighted in clinical processes and their automation as privacy protection filters to the data at user interface layers of the healthcare information system. As a data model we rely on the HL7-CDA standard for medical documents architecture thanks to its seamless and extensible data integration capabilities while exchanging EHR data.