This wiki has undergone a migration to Confluence found Here

Difference between revisions of "201809 Consumer Mediated Data Exchange (CMDE)"

From HL7Wiki
Jump to navigation Jump to search
 
(7 intermediate revisions by the same user not shown)
Line 31: Line 31:
  
 
==Roles==
 
==Roles==
===Role 1 Name:===
+
===Role 1===
 
Source of Record  Acts as intermediary
 
Source of Record  Acts as intermediary
  
Line 38: Line 38:
 
Stores  
 
Stores  
  
Role 2 : Electronic Consent Management System (eCMS)
+
===Role 2===
 +
Electronic Consent Management System (eCMS)
  
 
Actor: Form filler FHIR SDC Questionnaire & QuestionnaireResponse, resource transformer, consent directive repository
 
Actor: Form filler FHIR SDC Questionnaire & QuestionnaireResponse, resource transformer, consent directive repository
Line 44: Line 45:
 
Captures e-consent form and turns it into a computable consent directive
 
Captures e-consent form and turns it into a computable consent directive
  
Role 3: IZ Client:  Immunization record viewer or client app
+
===Role 3===
 +
IZ Client:  Immunization record viewer or client app
  
 
Actor:  EHR, patient portal, school documentation systems, personal health apps
 
Actor:  EHR, patient portal, school documentation systems, personal health apps
Line 50: Line 52:
 
Allows record to be viewed, managed and further distributed
 
Allows record to be viewed, managed and further distributed
  
Role 4: ACS/SLS: Access control system / security labeling service
+
===Role 4===
 +
ACS/SLS: Access control system / security labeling service
  
 
Actor:  Rules Engine
 
Actor:  Rules Engine
Line 59: Line 62:
 
<!-- What will be the actions performed by participants? -->
 
<!-- What will be the actions performed by participants? -->
  
===Scenario Step 1 Name===
+
===Scenario 1===
:Action: <!--Who does what?  (Use the role names listed above when referring to the participants -->
 
:Precondition: <!-- What setup is required prior to executing this step? -->
 
:Success Criteria: <!-- How will the participants know if the test was successful? -->
 
:Bonus point: <!-- Any additional complexity to make the scenario more challenging -->
 
  
<!-- Provide a description of each task -->
+
Linda May Shannon, an 18-year-old enrolling freshman is “on her own” for the first time and needs to find and collect her immunization records so that she can share them with her parents.
 +
• Linda wants her family to access some information, but not all
 +
 
 +
• She will create a Right of Access (ROA) consent directive that allows her parents to view her non-sensitive information (i.e. restricts access to HPV)
 +
 
 +
• IZ Client will request Linda’s immunizations information from SLS for access by her parents
 +
 
 +
• ACS / SLS will filter what is returned to IZ Client based on Linda’s ROA consent directive
 +
 
 +
Action:
 +
 
 +
Precondition:
 +
 
 +
Success Criteria:
 +
 
 +
Bonus point:  Use CDS Hooks to pull IZ into EHR from IZ registry
 +
 
 +
===Scenario 2===
 +
 
 +
Linda May Shannon, has been accepted to study fine arts during a semester abroad at Sorbonne University in Paris
 +
• Linda wants to share her immunization records with the university
 +
 
 +
• She feels comfortable sharing her sensitive information because it’s governed under the General Data Protection Regulation (GDPR), further use requires consent
 +
 
 +
• She will create a ROA consent directive for her disclosure of immunizations to the Sorbonne University labeled with GDPR privacy tags
 +
 
 +
• IZ Client will request Linda’s immunizations information from ACS/SLS so that Linda can send her immunizations to Sorbonne when she’s ready
 +
 
 +
• ACS / SLS will apply a GDPR label to the immunization resource based on Linda’s ROA consent directive
 +
 
 +
 
 +
Action:
 +
 
 +
Precondition:
 +
 
 +
Success Criteria:
 +
 
 +
Bonus point:
 +
 +
 
 +
===Scenario 3===
 +
 
 +
Linda May Shannon is attending the Sorbonne in Paris and steps on a rusty nail. She visits the school clinic to receive a tetanus booster.
 +
 
 +
• The school clinic asks for Linda’s GDPR consent to file a claim with TriCare
 +
• Claim processor applies GDPR Security label and sends to TriCare
 +
• TriCare processes the claim and persists the GDPR security label
 +
 
 +
Action:
 +
 
 +
Precondition:
 +
 
 +
Success Criteria:
 +
 
 +
Bonus point:
  
 
==TestScript(s)==
 
==TestScript(s)==

Latest revision as of 19:05, 2 August 2018

Consumer Mediated Data Exchange

Submitting WG/Project/Implementer Group

Andy Stechishin

Kathleen Connor

Aaron Seib

Justification

Related tracks

Proposed Track Lead

Andy Stechishin

Kathleen Connor

Aaron Seib

See Connectathon_Track_Lead_Responsibilities

Expected participants

Roles

Role 1

Source of Record Acts as intermediary

Actor: HIE, EHR, immunization registries

Stores

Role 2

Electronic Consent Management System (eCMS)

Actor: Form filler FHIR SDC Questionnaire & QuestionnaireResponse, resource transformer, consent directive repository

Captures e-consent form and turns it into a computable consent directive

Role 3

IZ Client: Immunization record viewer or client app

Actor: EHR, patient portal, school documentation systems, personal health apps

Allows record to be viewed, managed and further distributed

Role 4

ACS/SLS: Access control system / security labeling service

Actor: Rules Engine

Pulls consent directive to get policy, apply security label, and enforce filtering to the requested IZ resource

Scenarios

Scenario 1

Linda May Shannon, an 18-year-old enrolling freshman is “on her own” for the first time and needs to find and collect her immunization records so that she can share them with her parents. • Linda wants her family to access some information, but not all

• She will create a Right of Access (ROA) consent directive that allows her parents to view her non-sensitive information (i.e. restricts access to HPV)

• IZ Client will request Linda’s immunizations information from SLS for access by her parents

• ACS / SLS will filter what is returned to IZ Client based on Linda’s ROA consent directive

Action:

Precondition:

Success Criteria:

Bonus point: Use CDS Hooks to pull IZ into EHR from IZ registry

Scenario 2

Linda May Shannon, has been accepted to study fine arts during a semester abroad at Sorbonne University in Paris • Linda wants to share her immunization records with the university

• She feels comfortable sharing her sensitive information because it’s governed under the General Data Protection Regulation (GDPR), further use requires consent

• She will create a ROA consent directive for her disclosure of immunizations to the Sorbonne University labeled with GDPR privacy tags

• IZ Client will request Linda’s immunizations information from ACS/SLS so that Linda can send her immunizations to Sorbonne when she’s ready

• ACS / SLS will apply a GDPR label to the immunization resource based on Linda’s ROA consent directive


Action:

Precondition:

Success Criteria:

Bonus point:  

Scenario 3

Linda May Shannon is attending the Sorbonne in Paris and steps on a rusty nail. She visits the school clinic to receive a tetanus booster.

• The school clinic asks for Linda’s GDPR consent to file a claim with TriCare • Claim processor applies GDPR Security label and sends to TriCare • TriCare processes the claim and persists the GDPR security label

Action:

Precondition:

Success Criteria:

Bonus point:

TestScript(s)

Security and Privacy Considerations