Design goals (functional requirements) From recent discussion on Jan 2022 US Core ballot content for SDOH assessments, it's important to reach agreement on functional requirements. That is, based on ONC's objectives, we need to decide whether the following are requirements, or nice-to-haves, or out of scope entirely. Scope Questions Should every US Core system be able to represent multi-question SDOH surveys (e.g., instruments like PRAPARE)? I'll take it for granted that no specific instruments are going to be required, so this question is just about the capability to represent multi-question surveys in general. Should every US Core system be able to represent "check all that apply" SDOH questions (e.g., "In the past year, have you or any family members you live with been unable to get any of the following when it was really needed? Check all that apply.") I think the answer to both questions should be "yes". This would require a slight expansion to the US Core ballot content as part of reconciliation, since the ballot content stops shy of (1).
2/15/2022WGM Scratchpad Change the identified text to say: If an operation has exactly one input parameter whose type is a FHIR Resource, a client MAY invoke the operation via POST with the input resource as the request body. Additional simple input parameters, if supplied, SHALL be expressed as query parameters. if it can supply its additional parameters as query parameters When invoking the operation, if there is exactly one input parameter of type Resource (irrespective of whether other possible parameters are defined), then instead of supplying a Parameters resource as the request body, the client MAY execute the operation by a POST with the input resource as the request body. Any additional parameters that can be expressed as query parameters MAY be supplied as query parameters. Discussion: Intent is that an operation with
1/21/2022Considerations Privacy Identity captured by input VCs --> Identity constraints on output VCs How much can be automated?
5/27/2020Background: Health data APIs are here With widespread adoption of Electronic Health Records, patients have increasingly reliable access to summary healthcare records through online portals. Many provider-hosted portals today also offer API access through HL7 FHIR; and given this year's expanded requirements from the Office of the National Coordination for Health IT, all certified EHR vendors will offer FHIR APIs by 2022. Convenient API access paves the way for patients to aggregate their own health data and share these data downstream -- making it easier to seek a second opinion, share vaccination records, or send health history to a new care team. As API access expands, we have a critical opportunity to improve API functionality in tandem. In this post, we'll explore functionality that helps patients act as trusted intermediaries. Patients as trusted intermediaries With today's FHIR implementations, data that land in a consumer-controlled app can be shared, but it's hard to achieve any guarantee of authenticity. For example, when a patient saves records from a onehealthcare provider and forwards these records to a new provider for a second opinion, there's no way to tell if the data provided are complete, or whether specific details have been omitted or altered. This model works just fine for most healthcare scenarios, where despite any technical conrtrols, a foundation of social trust must exist between patient and provider. But in some use cases, like a parent storing a child's vaccination records and sending them along to a school, there's a stronger societal need to pass along not just healthcare records, but authenticated, tamper-proof records -- in other words, verifiable data that a recipient can tell is genuine. (Similar to proof of vaccination for participation in school activities, there's growing societal interest in how patients can share history of COVID-19 infection, recovery, and immunity with various people and organizations. Given the rapidly evolving scientific and social perspecties, we won't discuss these issues further in this blog post, but we wanted to highlight the relevance of COVID-19 use cases for patient-mediated exchange of verifiable healthcare data.) Making clinical data "verifiable" One common way to make data "verifiable" is to have the author of the data provide a digital signature alongside the data, computed using the private portion of an asymmetric (public/private) keypair. Verifying parties can establish the authenticity of the data by checking the signature against the author's public key. The nice thing about such signature schemes is that the data can pass through any number of intermediaries without interfering with the recipient's ability to validate the signature. For such schemes to work, the recipient does need some reliable way to determine a sender's public key, and many protocols exist for key "discovery" (e.g., in healthcare, the Direct Project defines a secure e-mail protocol where a sender's keys can be discovered via DNS query on the sender's domain).
5/6/2020or
By clicking below, you agree to our terms of service.
New to HackMD? Sign up