This wiki has undergone a migration to Confluence found Here

Difference between revisions of "201809 Consumer Mediated Data Exchange (CMDE)"

From HL7Wiki
Jump to navigation Jump to search
 
(2 intermediate revisions by the same user not shown)
Line 74: Line 74:
  
 
Action:  
 
Action:  
 +
 
Precondition:  
 
Precondition:  
 +
 
Success Criteria:  
 
Success Criteria:  
 +
 
Bonus point:  Use CDS Hooks to pull IZ into EHR from IZ registry
 
Bonus point:  Use CDS Hooks to pull IZ into EHR from IZ registry
  
Line 93: Line 96:
  
 
Action:  
 
Action:  
 +
 
Precondition:  
 
Precondition:  
 +
 
Success Criteria:  
 
Success Criteria:  
 +
 
Bonus point:  
 
Bonus point:  
 
 
Line 107: Line 113:
  
 
Action:  
 
Action:  
 +
 
Precondition:  
 
Precondition:  
 +
 
Success Criteria:  
 
Success Criteria:  
 +
 
Bonus point:
 
Bonus point:
  

Latest revision as of 19:05, 2 August 2018

Consumer Mediated Data Exchange

Submitting WG/Project/Implementer Group

Andy Stechishin

Kathleen Connor

Aaron Seib

Justification

Related tracks

Proposed Track Lead

Andy Stechishin

Kathleen Connor

Aaron Seib

See Connectathon_Track_Lead_Responsibilities

Expected participants

Roles

Role 1

Source of Record Acts as intermediary

Actor: HIE, EHR, immunization registries

Stores

Role 2

Electronic Consent Management System (eCMS)

Actor: Form filler FHIR SDC Questionnaire & QuestionnaireResponse, resource transformer, consent directive repository

Captures e-consent form and turns it into a computable consent directive

Role 3

IZ Client: Immunization record viewer or client app

Actor: EHR, patient portal, school documentation systems, personal health apps

Allows record to be viewed, managed and further distributed

Role 4

ACS/SLS: Access control system / security labeling service

Actor: Rules Engine

Pulls consent directive to get policy, apply security label, and enforce filtering to the requested IZ resource

Scenarios

Scenario 1

Linda May Shannon, an 18-year-old enrolling freshman is “on her own” for the first time and needs to find and collect her immunization records so that she can share them with her parents. • Linda wants her family to access some information, but not all

• She will create a Right of Access (ROA) consent directive that allows her parents to view her non-sensitive information (i.e. restricts access to HPV)

• IZ Client will request Linda’s immunizations information from SLS for access by her parents

• ACS / SLS will filter what is returned to IZ Client based on Linda’s ROA consent directive

Action:

Precondition:

Success Criteria:

Bonus point: Use CDS Hooks to pull IZ into EHR from IZ registry

Scenario 2

Linda May Shannon, has been accepted to study fine arts during a semester abroad at Sorbonne University in Paris • Linda wants to share her immunization records with the university

• She feels comfortable sharing her sensitive information because it’s governed under the General Data Protection Regulation (GDPR), further use requires consent

• She will create a ROA consent directive for her disclosure of immunizations to the Sorbonne University labeled with GDPR privacy tags

• IZ Client will request Linda’s immunizations information from ACS/SLS so that Linda can send her immunizations to Sorbonne when she’s ready

• ACS / SLS will apply a GDPR label to the immunization resource based on Linda’s ROA consent directive


Action:

Precondition:

Success Criteria:

Bonus point:  

Scenario 3

Linda May Shannon is attending the Sorbonne in Paris and steps on a rusty nail. She visits the school clinic to receive a tetanus booster.

• The school clinic asks for Linda’s GDPR consent to file a claim with TriCare • Claim processor applies GDPR Security label and sends to TriCare • TriCare processes the claim and persists the GDPR security label

Action:

Precondition:

Success Criteria:

Bonus point:

TestScript(s)

Security and Privacy Considerations