This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Basic "Simple" Consent Directive Use Cases from Current FHIR Change Proposal by John Moehrke

From HL7Wiki
Jump to navigation Jump to search

Back to CBCC Wiki: Meetings

Back to HL7 FHIR Consent Directive Project

Back to FHIR Consent Directive Use Cases

Basic "Simple" Consent Directive Use Cases from Current FHIR Change Proposal

  • [#6285 Summary: Proposal for ConsentDirective stepping stones]

Might I suggest that the ConsentDirective project include a "Basic-ConsentDirective" that supports blanket consents without exceptions. Essentially the common HIE policies from BPPC. These would be scoped to sharing beyond the original organization and purpose for which the health information was created. This form of a Consent Directive would need only (identifier, issued, applies, subject, authority, domain, type=consent, subtype=<some vocabulary>, and possibly friendly and legal). This Basic Consent Directive would support the following HIE subtypes:

1) Opt-In -- Agree to publish "All" healthcare information. Agree to Use and Disclosure to "any" authorized individual of a "Treatment" or "Payment" organization "For the Purpose" of "Treatment" or "Payment". No Redisclosure allowed without further authorization. This agreement does not authorize other accesses.

2) Opt-Out allowing break-glass -- Agree to publish "All" healthcare information. Agree to Use and Disclosure to "any" authorized individual of a Treatment organization for specifically "Emergency Treatment" PurpoeOfUse, and Payment of those treatment. This agreement does not authorize other accesses.

3) Opt-In summary access only -- Agree to publish "All" healthcare information. Agree to Use and Disclosure to "any" authorized individual of a "Treatment" or "Payment" organization "For the Purpose" of "Treatment" or "Payment"; to only the medications and allergies summary. No Redisclosure allowed without further authorization. This agreement does not authorize other accesses.

4) Opt-In break-glass summary access only -- Agree to publish "All" healthcare information. Agree to Use and Disclosure to "any" authorized individual of a "Treatment" organization "For the Purpose" of "Emergency Treatment" and Payment of those treatment; to only the medications and allergies summary. No Redisclosure allowed without further authorization. This agreement does not authorize other accesses.

5) Opt-Out no break-glass -- Agree to publish "All" healthcare information. This agreement does not authorize any accesses.

6) Opt-Out completely -- Agree to publish "No" healthcare information beyond originating organization intended use.

From <http://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=6285>

Real World Consent Directive Scenarios

The following scenarios are based on existing jurisdictional policy and are realized in existing systems in Canada. The default policy is one of implied consent for the provision of care, so these scenarios all deal with withdrawal or withholding consent for that purpose. In other jurisdictions, where an express consent model is used (Opt-In), these would be express consent rather than withdrawal.

1) Withhold or withdraw consent for disclosure of records related to specific domain (e.g. DI, LAB, etc.)

2) Withhold or withdraw consent for disclosure of a specific record (e.g. Lab Order/Result)

3) Withhold or withdraw consent for disclosure to a specific provider organization

4) Withhold or withdraw consent for disclosure to a specific provider agent (an individual within an organization)

5) Withhold or withdraw consent for disclosure of records that were authored by a specific organization (or service delivery location).

6) Combinations of the above, such as withhold or withdraw consent to disclose all of my Labs to every organization except for Good Health Clinic and Sunny Ways Hospital, and then only allow disclosure of records 1234 and 4567.