The Standard

The Official Blog of Health Level Seven® International

visit HL7.org 

HL7® FHIR® Connectathon 16: Patient Consent Forms: Redundant in the World of OAuth2? Part 2 of 2

[fa icon="calendar'] Oct 5, 2017 9:43:53 AM / by Sandeep Giri posted in FHIR, hl7, hl7 community, health IT, Connectathon, OAuuth2, Patient Consent, Patient Experience, Operational Efficiency

[fa icon="comment"] 26 Comments


 

 The HL7® FHIR® Connectathon Consumer Centered Data Exchange Track

In my previous article, Patient Consent Forms: Redundant in the World of OAuth, Part 1, I suggested providers to design their OAuth2 authorization challenge as a patient consent form so that patient consent can be digitally recorded during the OAuth dance. This would allow providers to share patient health records with the patient health apps much more efficiently without requiring separate paper/PDF consent forms, while still meeting the policy and regulatory requirements.

In this post, I will walk through a specific example of how to do this, and also discuss the differences in providers and patients’ perspectives on consent.

OAuth2 Authorization Challenge as a Patient Consent Form

First, let’s consider the scenarios from the Consumer Centered Data Exchange track at the FHIR Connectathon 16 in San Diego where a patient app can pull their health records from all of their providers in one place, or cause their EMR data to be sent from provider A to provider B. In both these scenarios, the provider may need an explicit patient consent or authorization form (often paper-based) signed by patient. So, how can we use OAuth2 challenge instead to capture patient consent?

Read More [fa icon="long-arrow-right"]

HL7® FHIR® Connectathon 16: Patient Consent Forms: Redundant in the World of OAuth2? Part 1 of 2

[fa icon="calendar'] Sep 29, 2017 11:56:45 AM / by Sandeep Giri posted in FHIR, hl7, hl7 community, health IT, Connectathon, OAuuth2, Patient Consent, Patient Experience, Operational Efficiency

[fa icon="comment"] 15 Comments


 

 The HL7® FHIR® Connectathon Consumer Centered Data Exchange Track

The HL7 FHIR Connectathon 16 in San Diego hosted a Consumer Centered Data Exchange track, focusing on scenarios where a patient app can “pull” their health records from all of their providers in one place, or cause their EMR data to be sent from provider A to provider B. However, before such pulling or sharing can begin, one needs to consider that a provider may require an explicit patient consent or authorization form (often paper-based) signed by the patient

Today, a patient would typically do this by signing a paper form and the provider would hand over a DVD containing scanned PDF copies of the patient’s health records. Now, imagine using a consumer health app on your phone, and every time you request your provider to share your records, the app asks you to first download a consent form that you then need to print, sign and fax to your provider. That would be a cumbersome and undesirable patient experience. Instead, digitally embedding patient consent during the electronic pulling or sharing of patient records itself can make this experience much smoother.

Read More [fa icon="long-arrow-right"]