The Standard

 Boston is on FHIR!

HL7^® FHIR^® DevDays in Boston just concluded. This first US Edition of HL7 FHIR DevDays exceeded expectations in all respects. Attendance eclipsed all previous HL7 FHIR DevDays events and there was a waiting list. The content was stellar and was a window into the rapidly changing future of healthcare data liquidity and secure data access that is starting to become reality. Furthermore, the State Room venue on the 33^rd floor above downtown Boston was spectacular.  

Caption: View of downtown Boston from the State Room on the 33rd floor. 

 The HL7® FHIR® Connectathon Consumer Centered Data Exchange Track

Covered entities face an ever-growing demand to enable digital health apps to access Protected Health Information (PHI). The technical and legal requirements to enable this are the focus areas for the Consumer Centered Data Exchange (CCDE) track at the HL7 FHIR Connectathon. This track initiated at the San Diego Connectathon (September 2017), and it made more progress recently (January 27-28) at the New Orleans Connectathon. Track participation may have been piqued by Apple’s recent announcement that it will provide patients an “effortless solution bringing health records to iPhone”, and that Apple will use FHIR services to enable this.

Caption: Participants at the HL7 FHIR Connectathon 17 in New Orleans, LA. Image credit: Kai Heitmann.

Apple’s announcement couldn’t be more closely tied to the work of the enthusiastic CCDE track participants, representing the entire healthcare industry including providers, payers, government, academia and app developers. Apple could benefit a lot from this track’s work if iPhone users are to access PHI from covered entities beyond the initial 12 participants of the iOS 11.3 beta.

Why? Mainly because the CCDE track focuses on 3 key requirements:

1. It should be technically simple for a covered entity to verify that an app requesting access to a patient’s PHI is indeed controlled by that particular patient;
2. The way an app accesses PHI should be compliant with data governance and privacy policies of the covered entity, as well as HIPAA guidelines, and;
3. The experience of an app user should be simple enough so that they clearly understand and acknowledge what they are sharing with the app. 

The journey to an improved collaboration tooling infrastructure continues. My last update focused on the goal to make the Atlassian Confluence Wiki and Jira Issue Tracking tools available for use by HL7 work groups. These tools are now available for pilot use and are a sample of the myriad of benefits these tools may offer our global community.

 The HL7® FHIR® Connectathon at HL7's 31st Annual Plenary & Working Group Meeting

I don’t know what you were doing on Saturday, September 9, but I was in a San Diego hotel ballroom watching a little history being made.

HL7 held the 16^th FHIR Connectathon on September 9 & 10 and it was another great success. Over 200 people happily gathered together at 9:00 am (with lots of coffee) to work in the 19 tracks developing FHIR solutions.

Clinical Research Track

The Clinical Research track, co-sponsored by TransCelerate, filled three large tables. This was a huge jump in participation. We had seven participants at the January Connectathon in San Antonio and two at the May Connectathon in Madrid.

Read more about how TransCelerate BioPharma Inc. generated use cases for the Clinical Research track and supported the event here.

 The HL7® FHIR® Connectathon Consumer Centered Data Exchange Track

In my previous article, Patient Consent Forms: Redundant in the World of OAuth, Part 1, I suggested providers to design their OAuth2 authorization challenge as a patient consent form so that patient consent can be digitally recorded during the OAuth dance. This would allow providers to share patient health records with the patient health apps much more efficiently without requiring separate paper/PDF consent forms, while still meeting the policy and regulatory requirements.

In this post, I will walk through a specific example of how to do this, and also discuss the differences in providers and patients’ perspectives on consent.

OAuth2 Authorization Challenge as a Patient Consent Form

First, let’s consider the scenarios from the Consumer Centered Data Exchange track at the FHIR Connectathon 16 in San Diego where a patient app can pull their health records from all of their providers in one place, or cause their EMR data to be sent from provider A to provider B. In both these scenarios, the provider may need an explicit patient consent or authorization form (often paper-based) signed by patient. So, how can we use OAuth2 challenge instead to capture patient consent?

 The HL7® FHIR® Connectathon Consumer Centered Data Exchange Track

The HL7 FHIR Connectathon 16 in San Diego hosted a Consumer Centered Data Exchange track, focusing on scenarios where a patient app can “pull” their health records from all of their providers in one place, or cause their EMR data to be sent from provider A to provider B. However, before such pulling or sharing can begin, one needs to consider that a provider may require an explicit patient consent or authorization form (often paper-based) signed by the patient

Today, a patient would typically do this by signing a paper form and the provider would hand over a DVD containing scanned PDF copies of the patient’s health records. Now, imagine using a consumer health app on your phone, and every time you request your provider to share your records, the app asks you to first download a consent form that you then need to print, sign and fax to your provider. That would be a cumbersome and undesirable patient experience. Instead, digitally embedding patient consent during the electronic pulling or sharing of patient records itself can make this experience much smoother.

 
Draft FHIR Product Priorities for Release 4 

First Collaborative Datathon Between HL7 and AMIA: Informatics in the Age of FHIR