This wiki has undergone a migration to Confluence found Here

Difference between revisions of "201809 Consumer Mediated Data Exchange (CMDE)"

From HL7Wiki
Jump to navigation Jump to search
 
(11 intermediate revisions by the same user not shown)
Line 31: Line 31:
  
 
==Roles==
 
==Roles==
Please include information here regarding how much advance preparation will be required if creating a client and/or server.
+
===Role 1===
<!-- Roles are sets of functionality (generally defined by a Conformance resource) that a single system can take on -->
+
Source of Record  Acts as intermediary
===Role 1 Name===
+
 
<!-- Provide a description of the capabilities this role will have within the connectathon -->
+
Actor: HIE, EHR, immunization registries
 +
 
 +
Stores
 +
 
 +
===Role 2===
 +
Electronic Consent Management System (eCMS)
 +
 
 +
Actor: Form filler FHIR SDC Questionnaire & QuestionnaireResponse, resource transformer, consent directive repository
 +
 
 +
Captures e-consent form and turns it into a computable consent directive
 +
 
 +
===Role 3===
 +
IZ Client:  Immunization record viewer or client app
 +
 
 +
Actor:  EHR, patient portal, school documentation systems, personal health apps
 +
 
 +
Allows record to be viewed, managed and further distributed
 +
 
 +
===Role 4===  
 +
ACS/SLS: Access control system / security labeling service
 +
 
 +
Actor:  Rules Engine
 +
 
 +
Pulls consent directive to get policy, apply security label, and enforce filtering to the requested IZ resource
  
 
==Scenarios==
 
==Scenarios==
 
<!-- What will be the actions performed by participants? -->
 
<!-- What will be the actions performed by participants? -->
  
===Scenario Step 1 Name===
+
===Scenario 1===
:Action: <!--Who does what? (Use the role names listed above when referring to the participants -->
+
 
:Precondition: <!-- What setup is required prior to executing this step? -->
+
Linda May Shannon, an 18-year-old enrolling freshman is “on her own” for the first time and needs to find and collect her immunization records so that she can share them with her parents.
:Success Criteria: <!-- How will the participants know if the test was successful? -->
+
• Linda wants her family to access some information, but not all
:Bonus point: <!-- Any additional complexity to make the scenario more challenging -->
+
 
 +
• She will create a Right of Access (ROA) consent directive that allows her parents to view her non-sensitive information (i.e. restricts access to HPV)
 +
 
 +
• IZ Client will request Linda’s immunizations information from SLS for access by her parents
 +
 
 +
• ACS / SLS will filter what is returned to IZ Client based on Linda’s ROA consent directive
 +
 
 +
Action:
 +
 
 +
Precondition:
 +
 
 +
Success Criteria:
 +
 
 +
Bonus point: Use CDS Hooks to pull IZ into EHR from IZ registry
 +
 
 +
===Scenario 2===
 +
 
 +
Linda May Shannon, has been accepted to study fine arts during a semester abroad at Sorbonne University in Paris
 +
• Linda wants to share her immunization records with the university
 +
 
 +
• She feels comfortable sharing her sensitive information because it’s governed under the General Data Protection Regulation (GDPR), further use requires consent
 +
 
 +
• She will create a ROA consent directive for her disclosure of immunizations to the Sorbonne University labeled with GDPR privacy tags
 +
 
 +
• IZ Client will request Linda’s immunizations information from ACS/SLS so that Linda can send her immunizations to Sorbonne when she’s ready
 +
 
 +
• ACS / SLS will apply a GDPR label to the immunization resource based on Linda’s ROA consent directive
 +
 
 +
 
 +
Action:  
 +
 
 +
Precondition:  
 +
 
 +
Success Criteria:  
 +
 
 +
Bonus point:  
 +
 +
 
 +
===Scenario 3===
 +
 
 +
Linda May Shannon is attending the Sorbonne in Paris and steps on a rusty nail. She visits the school clinic to receive a tetanus booster.
 +
 
 +
• The school clinic asks for Linda’s GDPR consent to file a claim with TriCare
 +
• Claim processor applies GDPR Security label and sends to TriCare
 +
• TriCare processes the claim and persists the GDPR security label
 +
 
 +
Action:
 +
 
 +
Precondition:
 +
 
 +
Success Criteria:
  
<!-- Provide a description of each task -->
+
Bonus point:
  
 
==TestScript(s)==
 
==TestScript(s)==

Latest revision as of 19:05, 2 August 2018

Consumer Mediated Data Exchange

Submitting WG/Project/Implementer Group

Andy Stechishin

Kathleen Connor

Aaron Seib

Justification

Related tracks

Proposed Track Lead

Andy Stechishin

Kathleen Connor

Aaron Seib

See Connectathon_Track_Lead_Responsibilities

Expected participants

Roles

Role 1

Source of Record Acts as intermediary

Actor: HIE, EHR, immunization registries

Stores

Role 2

Electronic Consent Management System (eCMS)

Actor: Form filler FHIR SDC Questionnaire & QuestionnaireResponse, resource transformer, consent directive repository

Captures e-consent form and turns it into a computable consent directive

Role 3

IZ Client: Immunization record viewer or client app

Actor: EHR, patient portal, school documentation systems, personal health apps

Allows record to be viewed, managed and further distributed

Role 4

ACS/SLS: Access control system / security labeling service

Actor: Rules Engine

Pulls consent directive to get policy, apply security label, and enforce filtering to the requested IZ resource

Scenarios

Scenario 1

Linda May Shannon, an 18-year-old enrolling freshman is “on her own” for the first time and needs to find and collect her immunization records so that she can share them with her parents. • Linda wants her family to access some information, but not all

• She will create a Right of Access (ROA) consent directive that allows her parents to view her non-sensitive information (i.e. restricts access to HPV)

• IZ Client will request Linda’s immunizations information from SLS for access by her parents

• ACS / SLS will filter what is returned to IZ Client based on Linda’s ROA consent directive

Action:

Precondition:

Success Criteria:

Bonus point: Use CDS Hooks to pull IZ into EHR from IZ registry

Scenario 2

Linda May Shannon, has been accepted to study fine arts during a semester abroad at Sorbonne University in Paris • Linda wants to share her immunization records with the university

• She feels comfortable sharing her sensitive information because it’s governed under the General Data Protection Regulation (GDPR), further use requires consent

• She will create a ROA consent directive for her disclosure of immunizations to the Sorbonne University labeled with GDPR privacy tags

• IZ Client will request Linda’s immunizations information from ACS/SLS so that Linda can send her immunizations to Sorbonne when she’s ready

• ACS / SLS will apply a GDPR label to the immunization resource based on Linda’s ROA consent directive


Action:

Precondition:

Success Criteria:

Bonus point:  

Scenario 3

Linda May Shannon is attending the Sorbonne in Paris and steps on a rusty nail. She visits the school clinic to receive a tetanus booster.

• The school clinic asks for Linda’s GDPR consent to file a claim with TriCare • Claim processor applies GDPR Security label and sends to TriCare • TriCare processes the claim and persists the GDPR security label

Action:

Precondition:

Success Criteria:

Bonus point:

TestScript(s)

Security and Privacy Considerations