The Standard

The Official Blog of Health Level Seven® International

visit HL7.org 

What Can Apple Learn from the CCDE Track at the HL7® FHIR®  Connectathon 17

[fa icon="calendar'] Feb 5, 2018 1:41:34 PM / by Sandeep Giri posted in FHIR, hl7, hl7 community, health IT, Connectathon, Patient Consent, Patient Experience, Operational Efficiency, Apple, HIPAA, CCDE, Right to Access, OAuth2

[fa icon="comment"] 0 Comments


 FHIR Connectathon 17 Recap Sandeep (1).png

 The HL7® FHIR® Connectathon Consumer Centered Data Exchange Track

Covered entities face an ever-growing demand to enable digital health apps to access Protected Health Information (PHI). The technical and legal requirements to enable this are the focus areas for the Consumer Centered Data Exchange (CCDE) track at the HL7 FHIR Connectathon. This track initiated at the San Diego Connectathon (September 2017), and it made more progress recently (January 27-28) at the New Orleans Connectathon. Track participation may have been piqued by Apple’s recent announcement that it will provide patients an “effortless solution bringing health records to iPhone”, and that Apple will use FHIR services to enable this.

fhir-connectathon-17-new-orleans-group-picture-credit-HL7.jpg

Caption: Participants at the HL7 FHIR Connectathon 17 in New Orleans, LA. Image credit: Kai Heitmann.

Apple’s announcement couldn’t be more closely tied to the work of the enthusiastic CCDE track participants, representing the entire healthcare industry including providers, payers, government, academia and app developers. Apple could benefit a lot from this track’s work if iPhone users are to access PHI from covered entities beyond the initial 12 participants of the iOS 11.3 beta.

Why? Mainly because the CCDE track focuses on 3 key requirements:

  1. It should be technically simple for a covered entity to verify that an app requesting access to a patient’s PHI is indeed controlled by that particular patient;
  2. The way an app accesses PHI should be compliant with data governance and privacy policies of the covered entity, as well as HIPAA guidelines, and;
  3. The experience of an app user should be simple enough so that they clearly understand and acknowledge what they are sharing with the app. 

Read More [fa icon="long-arrow-right"]