The Standard

The Official Blog of Health Level Seven® International

visit HL7.org 

What Can Apple Learn from the CCDE Track at the HL7® FHIR®  Connectathon 17

[fa icon="calendar'] Feb 5, 2018 1:41:34 PM / by Sandeep Giri posted in FHIR, HL7, HL7 community, health IT, Connectathon, Patient Consent, Patient Experience, Operational Efficiency, Apple, HIPAA, CCDE, Right to Access, OAuth2

[fa icon="comment"] 0 Comments


 FHIR Connectathon 17 Recap Sandeep (1).png

 The HL7® FHIR® Connectathon Consumer Centered Data Exchange Track

Covered entities face an ever-growing demand to enable digital health apps to access Protected Health Information (PHI). The technical and legal requirements to enable this are the focus areas for the Consumer Centered Data Exchange (CCDE) track at the HL7 FHIR Connectathon. This track initiated at the San Diego Connectathon (September 2017), and it made more progress recently (January 27-28) at the New Orleans Connectathon. Track participation may have been piqued by Apple’s recent announcement that it will provide patients an “effortless solution bringing health records to iPhone”, and that Apple will use FHIR services to enable this.

fhir-connectathon-17-new-orleans-group-picture-credit-HL7.jpg

Caption: Participants at the HL7 FHIR Connectathon 17 in New Orleans, LA. Image credit: Kai Heitmann.

Apple’s announcement couldn’t be more closely tied to the work of the enthusiastic CCDE track participants, representing the entire healthcare industry including providers, payers, government, academia and app developers. Apple could benefit a lot from this track’s work if iPhone users are to access PHI from covered entities beyond the initial 12 participants of the iOS 11.3 beta.

Why? Mainly because the CCDE track focuses on 3 key requirements:

  1. It should be technically simple for a covered entity to verify that an app requesting access to a patient’s PHI is indeed controlled by that particular patient;
  2. The way an app accesses PHI should be compliant with data governance and privacy policies of the covered entity, as well as HIPAA guidelines, and;
  3. The experience of an app user should be simple enough so that they clearly understand and acknowledge what they are sharing with the app. 

Read More [fa icon="long-arrow-right"]

HL7® FHIR® Connectathon 16: Patient Consent Forms: Redundant in the World of OAuth2? Part 2 of 2

[fa icon="calendar'] Oct 5, 2017 9:43:53 AM / by Sandeep Giri posted in FHIR, HL7, HL7 community, health IT, Connectathon, Patient Consent, Patient Experience, Operational Efficiency, OAuth2

[fa icon="comment"] 26 Comments


 

 The HL7® FHIR® Connectathon Consumer Centered Data Exchange Track

In my previous article, Patient Consent Forms: Redundant in the World of OAuth, Part 1, I suggested providers to design their OAuth2 authorization challenge as a patient consent form so that patient consent can be digitally recorded during the OAuth dance. This would allow providers to share patient health records with the patient health apps much more efficiently without requiring separate paper/PDF consent forms, while still meeting the policy and regulatory requirements.

In this post, I will walk through a specific example of how to do this, and also discuss the differences in providers and patients’ perspectives on consent.

OAuth2 Authorization Challenge as a Patient Consent Form

First, let’s consider the scenarios from the Consumer Centered Data Exchange track at the FHIR Connectathon 16 in San Diego where a patient app can pull their health records from all of their providers in one place, or cause their EMR data to be sent from provider A to provider B. In both these scenarios, the provider may need an explicit patient consent or authorization form (often paper-based) signed by patient. So, how can we use OAuth2 challenge instead to capture patient consent?

Read More [fa icon="long-arrow-right"]

HL7® FHIR® Connectathon 16: Patient Consent Forms: Redundant in the World of OAuth2? Part 1 of 2

[fa icon="calendar'] Sep 29, 2017 11:56:45 AM / by Sandeep Giri posted in FHIR, HL7, HL7 community, health IT, Connectathon, Patient Consent, Patient Experience, Operational Efficiency, OAuth2

[fa icon="comment"] 15 Comments


 

 The HL7® FHIR® Connectathon Consumer Centered Data Exchange Track

The HL7 FHIR Connectathon 16 in San Diego hosted a Consumer Centered Data Exchange track, focusing on scenarios where a patient app can “pull” their health records from all of their providers in one place, or cause their EMR data to be sent from provider A to provider B. However, before such pulling or sharing can begin, one needs to consider that a provider may require an explicit patient consent or authorization form (often paper-based) signed by the patient

Today, a patient would typically do this by signing a paper form and the provider would hand over a DVD containing scanned PDF copies of the patient’s health records. Now, imagine using a consumer health app on your phone, and every time you request your provider to share your records, the app asks you to first download a consent form that you then need to print, sign and fax to your provider. That would be a cumbersome and undesirable patient experience. Instead, digitally embedding patient consent during the electronic pulling or sharing of patient records itself can make this experience much smoother.

Read More [fa icon="long-arrow-right"]