Difference between revisions of "201809 Consumer Mediated Data Exchange (CMDE)"
(13 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
==Submitting WG/Project/Implementer Group== | ==Submitting WG/Project/Implementer Group== | ||
[mailto:andy.stechishin@gmail.com Andy Stechishin] | [mailto:andy.stechishin@gmail.com Andy Stechishin] | ||
− | [mailto:kathleen_connor@comcast.net Kathleen Connor] | + | |
+ | [mailto:kathleen_connor@comcast.net Kathleen Connor] | ||
+ | |||
[mailto:Aaron.Seib@newwave.io Aaron Seib] | [mailto:Aaron.Seib@newwave.io Aaron Seib] | ||
Line 15: | Line 17: | ||
==Proposed Track Lead== | ==Proposed Track Lead== | ||
+ | |||
+ | [mailto:andy.stechishin@gmail.com Andy Stechishin] | ||
+ | |||
+ | [mailto:kathleen_connor@comcast.net Kathleen Connor] | ||
+ | |||
+ | [mailto:Aaron.Seib@newwave.io Aaron Seib] | ||
+ | |||
<!-- Name, email and Skype id of individual who will coordinate the track at the connectathon --> | <!-- Name, email and Skype id of individual who will coordinate the track at the connectathon --> | ||
See [[Connectathon_Track_Lead_Responsibilities]] | See [[Connectathon_Track_Lead_Responsibilities]] | ||
Line 22: | Line 31: | ||
==Roles== | ==Roles== | ||
− | + | ===Role 1=== | |
− | + | Source of Record Acts as intermediary | |
− | ===Role | + | |
− | + | Actor: HIE, EHR, immunization registries | |
+ | |||
+ | Stores | ||
+ | |||
+ | ===Role 2=== | ||
+ | Electronic Consent Management System (eCMS) | ||
+ | |||
+ | Actor: Form filler FHIR SDC Questionnaire & QuestionnaireResponse, resource transformer, consent directive repository | ||
+ | |||
+ | Captures e-consent form and turns it into a computable consent directive | ||
+ | |||
+ | ===Role 3=== | ||
+ | IZ Client: Immunization record viewer or client app | ||
+ | |||
+ | Actor: EHR, patient portal, school documentation systems, personal health apps | ||
+ | |||
+ | Allows record to be viewed, managed and further distributed | ||
+ | |||
+ | ===Role 4=== | ||
+ | ACS/SLS: Access control system / security labeling service | ||
+ | |||
+ | Actor: Rules Engine | ||
+ | |||
+ | Pulls consent directive to get policy, apply security label, and enforce filtering to the requested IZ resource | ||
==Scenarios== | ==Scenarios== | ||
<!-- What will be the actions performed by participants? --> | <!-- What will be the actions performed by participants? --> | ||
− | ===Scenario | + | ===Scenario 1=== |
− | + | ||
− | :Precondition: | + | Linda May Shannon, an 18-year-old enrolling freshman is “on her own” for the first time and needs to find and collect her immunization records so that she can share them with her parents. |
− | + | • Linda wants her family to access some information, but not all | |
− | + | ||
+ | • She will create a Right of Access (ROA) consent directive that allows her parents to view her non-sensitive information (i.e. restricts access to HPV) | ||
+ | |||
+ | • IZ Client will request Linda’s immunizations information from SLS for access by her parents | ||
+ | |||
+ | • ACS / SLS will filter what is returned to IZ Client based on Linda’s ROA consent directive | ||
+ | |||
+ | Action: | ||
+ | |||
+ | Precondition: | ||
+ | |||
+ | Success Criteria: | ||
+ | |||
+ | Bonus point: Use CDS Hooks to pull IZ into EHR from IZ registry | ||
+ | |||
+ | ===Scenario 2=== | ||
+ | |||
+ | Linda May Shannon, has been accepted to study fine arts during a semester abroad at Sorbonne University in Paris | ||
+ | • Linda wants to share her immunization records with the university | ||
+ | |||
+ | • She feels comfortable sharing her sensitive information because it’s governed under the General Data Protection Regulation (GDPR), further use requires consent | ||
+ | |||
+ | • She will create a ROA consent directive for her disclosure of immunizations to the Sorbonne University labeled with GDPR privacy tags | ||
+ | |||
+ | • IZ Client will request Linda’s immunizations information from ACS/SLS so that Linda can send her immunizations to Sorbonne when she’s ready | ||
+ | |||
+ | • ACS / SLS will apply a GDPR label to the immunization resource based on Linda’s ROA consent directive | ||
+ | |||
+ | |||
+ | Action: | ||
+ | |||
+ | Precondition: | ||
+ | |||
+ | Success Criteria: | ||
+ | |||
+ | Bonus point: | ||
+ | |||
+ | |||
+ | ===Scenario 3=== | ||
+ | |||
+ | Linda May Shannon is attending the Sorbonne in Paris and steps on a rusty nail. She visits the school clinic to receive a tetanus booster. | ||
+ | |||
+ | • The school clinic asks for Linda’s GDPR consent to file a claim with TriCare | ||
+ | • Claim processor applies GDPR Security label and sends to TriCare | ||
+ | • TriCare processes the claim and persists the GDPR security label | ||
+ | |||
+ | Action: | ||
+ | |||
+ | Precondition: | ||
+ | |||
+ | Success Criteria: | ||
− | + | Bonus point: | |
==TestScript(s)== | ==TestScript(s)== |
Latest revision as of 19:05, 2 August 2018
Consumer Mediated Data Exchange
Contents
Submitting WG/Project/Implementer Group
Justification
Related tracks
Proposed Track Lead
See Connectathon_Track_Lead_Responsibilities
Expected participants
Roles
Role 1
Source of Record Acts as intermediary
Actor: HIE, EHR, immunization registries
Stores
Role 2
Electronic Consent Management System (eCMS)
Actor: Form filler FHIR SDC Questionnaire & QuestionnaireResponse, resource transformer, consent directive repository
Captures e-consent form and turns it into a computable consent directive
Role 3
IZ Client: Immunization record viewer or client app
Actor: EHR, patient portal, school documentation systems, personal health apps
Allows record to be viewed, managed and further distributed
Role 4
ACS/SLS: Access control system / security labeling service
Actor: Rules Engine
Pulls consent directive to get policy, apply security label, and enforce filtering to the requested IZ resource
Scenarios
Scenario 1
Linda May Shannon, an 18-year-old enrolling freshman is “on her own” for the first time and needs to find and collect her immunization records so that she can share them with her parents. • Linda wants her family to access some information, but not all
• She will create a Right of Access (ROA) consent directive that allows her parents to view her non-sensitive information (i.e. restricts access to HPV)
• IZ Client will request Linda’s immunizations information from SLS for access by her parents
• ACS / SLS will filter what is returned to IZ Client based on Linda’s ROA consent directive
Action:
Precondition:
Success Criteria:
Bonus point: Use CDS Hooks to pull IZ into EHR from IZ registry
Scenario 2
Linda May Shannon, has been accepted to study fine arts during a semester abroad at Sorbonne University in Paris • Linda wants to share her immunization records with the university
• She feels comfortable sharing her sensitive information because it’s governed under the General Data Protection Regulation (GDPR), further use requires consent
• She will create a ROA consent directive for her disclosure of immunizations to the Sorbonne University labeled with GDPR privacy tags
• IZ Client will request Linda’s immunizations information from ACS/SLS so that Linda can send her immunizations to Sorbonne when she’s ready
• ACS / SLS will apply a GDPR label to the immunization resource based on Linda’s ROA consent directive
Action:
Precondition:
Success Criteria:
Bonus point:
Scenario 3
Linda May Shannon is attending the Sorbonne in Paris and steps on a rusty nail. She visits the school clinic to receive a tetanus booster.
• The school clinic asks for Linda’s GDPR consent to file a claim with TriCare • Claim processor applies GDPR Security label and sends to TriCare • TriCare processes the claim and persists the GDPR security label
Action:
Precondition:
Success Criteria:
Bonus point: