This wiki has undergone a migration to Confluence found Here

Difference between revisions of "201809 Consumer Mediated Data Exchange (CMDE)"

From HL7Wiki
Jump to navigation Jump to search
(Created page with "<noinclude>Category:StyleGuides<big>To use this Template: #Search (or Go to) for a page with name like '''yyyymm_Track Name''' (with a proper year/month combination for th...")
 
 
(16 intermediate revisions by the same user not shown)
Line 1: Line 1:
<noinclude>[[Category:StyleGuides]]<big>To use this Template:
+
 
#Search (or Go to) for a page with name like '''yyyymm_Track Name''' (with a proper year/month combination for the target connectathon)
+
Consumer Mediated Data Exchange
#Click on the '''RED''' link to the (previously) undefined page in order to edit it.
 
#Type '''<nowiki>{{subst::Template for FHIR Connectathon Track Proposals}}</nowiki>''' as the '''only content''' for the new page.
 
#Preview (if desired) to verify the reference was typed correctly
 
#"Save" the page.
 
#:At this point, the contents of this template (with the exception of these instructions) will '''replace''' the substitution link.
 
#Re-edit the page to fill in your proposal
 
#Save again
 
</big>
 
</noinclude>
 
[[Category:201809_FHIR_Connectathon_Track_Proposals|Sep2018 Proposals]]
 
__NOTOC__
 
=Track Name=
 
  
 
==Submitting WG/Project/Implementer Group==
 
==Submitting WG/Project/Implementer Group==
<!-- Who is asking for this track? -->
+
[mailto:andy.stechishin@gmail.com Andy Stechishin]
 +
 
 +
[mailto:kathleen_connor@comcast.net Kathleen Connor]
 +
 +
[mailto:Aaron.Seib@newwave.io Aaron Seib]
  
 
==Justification==
 
==Justification==
Line 25: Line 17:
  
 
==Proposed Track Lead==
 
==Proposed Track Lead==
 +
 +
[mailto:andy.stechishin@gmail.com Andy Stechishin]
 +
 +
[mailto:kathleen_connor@comcast.net Kathleen Connor]
 +
 +
[mailto:Aaron.Seib@newwave.io Aaron Seib]
 +
 
<!-- Name, email and Skype id of individual who will coordinate the track at the connectathon -->
 
<!-- Name, email and Skype id of individual who will coordinate the track at the connectathon -->
 
See [[Connectathon_Track_Lead_Responsibilities]]
 
See [[Connectathon_Track_Lead_Responsibilities]]
Line 32: Line 31:
  
 
==Roles==
 
==Roles==
Please include information here regarding how much advance preparation will be required if creating a client and/or server.
+
===Role 1===
<!-- Roles are sets of functionality (generally defined by a Conformance resource) that a single system can take on -->
+
Source of Record  Acts as intermediary
===Role 1 Name===
+
 
<!-- Provide a description of the capabilities this role will have within the connectathon -->
+
Actor: HIE, EHR, immunization registries
 +
 
 +
Stores
 +
 
 +
===Role 2===
 +
Electronic Consent Management System (eCMS)
 +
 
 +
Actor: Form filler FHIR SDC Questionnaire & QuestionnaireResponse, resource transformer, consent directive repository
 +
 
 +
Captures e-consent form and turns it into a computable consent directive
 +
 
 +
===Role 3===
 +
IZ Client:  Immunization record viewer or client app
 +
 
 +
Actor:  EHR, patient portal, school documentation systems, personal health apps
 +
 
 +
Allows record to be viewed, managed and further distributed
 +
 
 +
===Role 4===  
 +
ACS/SLS: Access control system / security labeling service
 +
 
 +
Actor:  Rules Engine
 +
 
 +
Pulls consent directive to get policy, apply security label, and enforce filtering to the requested IZ resource
  
 
==Scenarios==
 
==Scenarios==
 
<!-- What will be the actions performed by participants? -->
 
<!-- What will be the actions performed by participants? -->
  
===Scenario Step 1 Name===
+
===Scenario 1===
:Action: <!--Who does what? (Use the role names listed above when referring to the participants -->
+
 
:Precondition: <!-- What setup is required prior to executing this step? -->
+
Linda May Shannon, an 18-year-old enrolling freshman is “on her own” for the first time and needs to find and collect her immunization records so that she can share them with her parents.
:Success Criteria: <!-- How will the participants know if the test was successful? -->
+
• Linda wants her family to access some information, but not all
:Bonus point: <!-- Any additional complexity to make the scenario more challenging -->
+
 
 +
• She will create a Right of Access (ROA) consent directive that allows her parents to view her non-sensitive information (i.e. restricts access to HPV)
 +
 
 +
• IZ Client will request Linda’s immunizations information from SLS for access by her parents
 +
 
 +
• ACS / SLS will filter what is returned to IZ Client based on Linda’s ROA consent directive
 +
 
 +
Action:
 +
 
 +
Precondition:
 +
 
 +
Success Criteria:
 +
 
 +
Bonus point: Use CDS Hooks to pull IZ into EHR from IZ registry
 +
 
 +
===Scenario 2===
 +
 
 +
Linda May Shannon, has been accepted to study fine arts during a semester abroad at Sorbonne University in Paris
 +
• Linda wants to share her immunization records with the university
 +
 
 +
• She feels comfortable sharing her sensitive information because it’s governed under the General Data Protection Regulation (GDPR), further use requires consent
 +
 
 +
• She will create a ROA consent directive for her disclosure of immunizations to the Sorbonne University labeled with GDPR privacy tags
 +
 
 +
• IZ Client will request Linda’s immunizations information from ACS/SLS so that Linda can send her immunizations to Sorbonne when she’s ready
 +
 
 +
• ACS / SLS will apply a GDPR label to the immunization resource based on Linda’s ROA consent directive
 +
 
 +
 
 +
Action:  
 +
 
 +
Precondition:  
 +
 
 +
Success Criteria:  
 +
 
 +
Bonus point:  
 +
 +
 
 +
===Scenario 3===
 +
 
 +
Linda May Shannon is attending the Sorbonne in Paris and steps on a rusty nail. She visits the school clinic to receive a tetanus booster.
 +
 
 +
• The school clinic asks for Linda’s GDPR consent to file a claim with TriCare
 +
• Claim processor applies GDPR Security label and sends to TriCare
 +
• TriCare processes the claim and persists the GDPR security label
 +
 
 +
Action:
 +
 
 +
Precondition:
 +
 
 +
Success Criteria:
  
<!-- Provide a description of each task -->
+
Bonus point:
  
 
==TestScript(s)==
 
==TestScript(s)==

Latest revision as of 19:05, 2 August 2018

Consumer Mediated Data Exchange

Submitting WG/Project/Implementer Group

Andy Stechishin

Kathleen Connor

Aaron Seib

Justification

Related tracks

Proposed Track Lead

Andy Stechishin

Kathleen Connor

Aaron Seib

See Connectathon_Track_Lead_Responsibilities

Expected participants

Roles

Role 1

Source of Record Acts as intermediary

Actor: HIE, EHR, immunization registries

Stores

Role 2

Electronic Consent Management System (eCMS)

Actor: Form filler FHIR SDC Questionnaire & QuestionnaireResponse, resource transformer, consent directive repository

Captures e-consent form and turns it into a computable consent directive

Role 3

IZ Client: Immunization record viewer or client app

Actor: EHR, patient portal, school documentation systems, personal health apps

Allows record to be viewed, managed and further distributed

Role 4

ACS/SLS: Access control system / security labeling service

Actor: Rules Engine

Pulls consent directive to get policy, apply security label, and enforce filtering to the requested IZ resource

Scenarios

Scenario 1

Linda May Shannon, an 18-year-old enrolling freshman is “on her own” for the first time and needs to find and collect her immunization records so that she can share them with her parents. • Linda wants her family to access some information, but not all

• She will create a Right of Access (ROA) consent directive that allows her parents to view her non-sensitive information (i.e. restricts access to HPV)

• IZ Client will request Linda’s immunizations information from SLS for access by her parents

• ACS / SLS will filter what is returned to IZ Client based on Linda’s ROA consent directive

Action:

Precondition:

Success Criteria:

Bonus point: Use CDS Hooks to pull IZ into EHR from IZ registry

Scenario 2

Linda May Shannon, has been accepted to study fine arts during a semester abroad at Sorbonne University in Paris • Linda wants to share her immunization records with the university

• She feels comfortable sharing her sensitive information because it’s governed under the General Data Protection Regulation (GDPR), further use requires consent

• She will create a ROA consent directive for her disclosure of immunizations to the Sorbonne University labeled with GDPR privacy tags

• IZ Client will request Linda’s immunizations information from ACS/SLS so that Linda can send her immunizations to Sorbonne when she’s ready

• ACS / SLS will apply a GDPR label to the immunization resource based on Linda’s ROA consent directive


Action:

Precondition:

Success Criteria:

Bonus point:  

Scenario 3

Linda May Shannon is attending the Sorbonne in Paris and steps on a rusty nail. She visits the school clinic to receive a tetanus booster.

• The school clinic asks for Linda’s GDPR consent to file a claim with TriCare • Claim processor applies GDPR Security label and sends to TriCare • TriCare processes the claim and persists the GDPR security label

Action:

Precondition:

Success Criteria:

Bonus point:

TestScript(s)

Security and Privacy Considerations