201809 Consumer Mediated Data Exchange (CMDE)

From HL7Wiki
Revision as of 19:05, 2 August 2018 by SandyV (talk | contribs) (→‎Scenario 3)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Consumer Mediated Data Exchange

Submitting WG/Project/Implementer Group

Andy Stechishin

Kathleen Connor

Aaron Seib

Justification

Related tracks

Proposed Track Lead

Andy Stechishin

Kathleen Connor

Aaron Seib

See Connectathon_Track_Lead_Responsibilities

Expected participants

Roles

Role 1

Source of Record Acts as intermediary

Actor: HIE, EHR, immunization registries

Stores

Role 2

Electronic Consent Management System (eCMS)

Actor: Form filler FHIR SDC Questionnaire & QuestionnaireResponse, resource transformer, consent directive repository

Captures e-consent form and turns it into a computable consent directive

Role 3

IZ Client: Immunization record viewer or client app

Actor: EHR, patient portal, school documentation systems, personal health apps

Allows record to be viewed, managed and further distributed

Role 4

ACS/SLS: Access control system / security labeling service

Actor: Rules Engine

Pulls consent directive to get policy, apply security label, and enforce filtering to the requested IZ resource

Scenarios

Scenario 1

Linda May Shannon, an 18-year-old enrolling freshman is “on her own” for the first time and needs to find and collect her immunization records so that she can share them with her parents. • Linda wants her family to access some information, but not all

• She will create a Right of Access (ROA) consent directive that allows her parents to view her non-sensitive information (i.e. restricts access to HPV)

• IZ Client will request Linda’s immunizations information from SLS for access by her parents

• ACS / SLS will filter what is returned to IZ Client based on Linda’s ROA consent directive

Action:

Precondition:

Success Criteria:

Bonus point: Use CDS Hooks to pull IZ into EHR from IZ registry

Scenario 2

Linda May Shannon, has been accepted to study fine arts during a semester abroad at Sorbonne University in Paris • Linda wants to share her immunization records with the university

• She feels comfortable sharing her sensitive information because it’s governed under the General Data Protection Regulation (GDPR), further use requires consent

• She will create a ROA consent directive for her disclosure of immunizations to the Sorbonne University labeled with GDPR privacy tags

• IZ Client will request Linda’s immunizations information from ACS/SLS so that Linda can send her immunizations to Sorbonne when she’s ready

• ACS / SLS will apply a GDPR label to the immunization resource based on Linda’s ROA consent directive


Action:

Precondition:

Success Criteria:

Bonus point:  

Scenario 3

Linda May Shannon is attending the Sorbonne in Paris and steps on a rusty nail. She visits the school clinic to receive a tetanus booster.

• The school clinic asks for Linda’s GDPR consent to file a claim with TriCare • Claim processor applies GDPR Security label and sends to TriCare • TriCare processes the claim and persists the GDPR security label

Action:

Precondition:

Success Criteria:

Bonus point:

TestScript(s)

Security and Privacy Considerations