HL7 v.3 Consent Directive Use Cases
Back to HL7 FHIR Consent Directive Project
Back to FHIR Consent Directive Use Cases
HL7 v3 Medical Records Domain
Privacy and Security Prerequisites for Document Queries There are a number of privacy and security considerations the reader or implementer of document query messaging should consider in any given implementation use case for support of cross enterprise, cross application document queries. These concerns are especially important to help guard against unauthorized re-disclosure of information, and help build confidence that patient privacy and confidentiality can be upheld.
These concerns include how evidence of a requestor's authorization may be provided or made available to provide validation to the recipient of the request that the requestor is making a valid request for release of information, how the recipient of the request has an appropriate level of trust (contractually, technically or legally) with the requestor and how patient rights to know of disclosures of personal health information may be enabled through auditing of such disclosures. There may be additional functional requirements and implementation requirements at the realm level.
The prerequisites for privacy and security interests to be appropriately served in document query transacting are as follows:
- Security context/Trust relationship exists between participants for each communication instance: These prerequisites outline the security requirements that should be in place to assure the trust relationship exists, and that the communication is done in a secure manner. They include:
[1] Support for the confidentiality and integrity of the message itself through the use of appropriate security measures (e.g. encryption)
[2] That the transmission is done in a secure manner
[3] That the sender and receiver of the message perform mutual authentication to ensure the transmission is directed to the appropriate recipient.
- Patient Rights protected/upheld: These prerequisites enable a patient to be confident that disclosures of personal health information are properly authorized, and that such authorization is verifiable. The identity of the requesting party is specifically known, and is not anonymous from verification. Users of systems that facilitate making a request for release of information are subject to authorization enabled by access control policies to assure proper access to personal health information.
Prerequisites in this area include:
[1] That user identities are known and authenticated for requestors of releases of information;
[2] That user access permissions are established by access control policies enabled within the systems from which document query requests are made;
[3] That positive identification is possible and specific to the initiator of the query whether a person, an organization (location) or a trusted identified application recipient representing the user (or proxied to by the user);
[4] That the requestor commits to abide by terms of any applicable patient consent/authorization for release of information;
[5] That the user/intended recipient is authorized (and validated) to be the recipient in accordance with patient consent or written authorization, a court order, as permitted by law or regulation, as supported by a manually validated request (such as for a release for law enforcement purposes);
[6] That evidence of the authorization exists and can be validated programmatically (through evidence of the authorization provided within the context of the request) or through human procedural verification with identification of the method and responsibility for validation
These measures help assure that the request for documents is authorized under proper authority, and that the identity and accountability of the requestor is established and verifiable by the recipient of the request for release of information.
