clair054

The most simple Privacy Consent Directive would really just be a YES/NO flag, so I don't actually mean that simple. What I mean is more simple than the last update I made, yet still functional. With the previous version I learned a few more things to be simplified .  The most shocking that I forgot is that the most prevalent exception is to exclude data published duing a date/time range. So now I have updated the  Privacy Consent Directive resource  that has a base that identifies the patient, authority, domain, location, recipient, grantor, data, and actions. These are the elements needed for an all-or-nothing kind of consent. Read more »

Much discussion around consent (Privacy) in HL7 FHIR. It seems that much of the seamingly endless circular arguments come down to getting everyone on the same page. 1. HL7 can only produce Interoperability standards. It can't define Policy, Architecture, or Implementations. 2. We thus can't just pick one architecture (e.g. OAuth+UMA) and stop. We must build to fit a reasonable set of architectures. 3. We thus can't jut pick one policy (e.g. patient home) and stop. We must build to fit reasonable a set of policies. 4. We thus can't just pick one implementation (e.g. single server) and stop. We must build to fit a reasonable set of implementations. 5. FHIR should focus on only what systems do today, not what we want them to do. 6. FHIR should put into common extensions those things that we want them to do (e.g. Identified disclosure notification endpoint) 7. Simple is always better This means that sometimes a specific Policy, Architecture, and Implementation might not nee...

IHE IT Infrastructure Technical Framework Supplements Published for Public Comment The IHE IT Infrastructure Technical Committee has published the following Technical Framework Supplements for public comment in the period from  May 27 to June 26, 2016 : Add RESTful Query to ATNA Advanced Patient Privacy Consent (APPC) Re-documentation Register On-Demand Document Transaction Mobile Alert Communication Management (mACM) The documents are available for download at  http://ihe.net/Public_Comment/ . Comments received by  June 26, 2016  will be considered by the IHE IT Infrastructure Technical Committee in developing the trial implementation versions of the supplements. Comments can be submitted at  ITI Public Comments .  

Out this week by Pew Research is this article that I find so amazing while at the same time there are so many instances where the public appears to be willfully giving away their Privacy. The Pew Research output says enough. Not much more I can say, except I am excited we might be turning the corner. Here is just the first paragraph, where it is clear no turning point has yet happened, but an awareness is!  An awareness of many of the Privacy Principles , not just confidentiality. The cascade of reports following the June 2013 government surveillance revelations by NSA contractor Edward Snowden have brought new attention to debates about how best to preserve Americans’ privacy in the digital age. At the same time, the public has been awash with news stories detailing security breaches at major retailers, health insurance companies and financial institutions. These events – and the doubts they inspired – have contributed to a cloud of personal “data insecurity” that now looms over ...

Grahame challenged us all to think about a realistic use-case for blockchain technology in Healthcare. Blockchain is a hugely hyped technology, because of the excitement of bitcoin. The technology is really not new, it is just a special mixture of crypto technologies, not unlike Digital Certificates; except rather than proof through decoupled proofs, blockchain has a public ledger where transactions must be recorded with proof that the transaction happened. The magic of Bitcoin is that it creates value as it is used, and this created value supports the financial burden of the infrastructure/technology. One might even argue that bitcoin is approaching a nexus where the value created is not worth the burden ; and that this could cause the whole thing to collapse (like a pyramid scheme -- but I didn't say that) What is very important to point out is that blockchain is PUBLIC, and PERSISTENT. Meaning we can't put sensitive information there. We can't put data there that needs t...

Last week I posted about the stalemate on Consent , Grahame challenged me to complete it by the end of the week. This week I put a proposal forward. I have taken the examples that have been presented to the HL7 CBCC committee, and created a Consent resource. I did take as much of the Contract resource as was needed by these examples, however I customized them specifically for Consent . This also means many elements are not needed. I also simplified many elements to just those that our examples need. This does not mean that we won't need to bring back these elements, but rather that they are not needed by the examples. This is the critical ' Agile ' method that I was wanting to use, vs the method of building everything that might ever be needed by an infinite set of imagination. This Agile methodology is a bit more than is required by the FHIR Principles, but is very much a good methodology to assure the focus on implementations and the 80% rule is adhered to. The import...

There is renewed discussion, much like back in January, around the need to go beyond testing just the FHIR Resource 'interoperability'. Testing Interoperability is not easy, and there are struggles with getting this first level testing done right. But this level testing is not complete enough to give confidence that an application, server, intermediary, analytics engine, or other are really ready to be used. What we need is a higher level specification to focus on. I think the HL7 "Implementation Guide" could be this, but I am thinking something much higher than is normally documented by HL7. This because what is needed is not a "Standard", but a "Reference System". A 'system' in the broadest of definitions. A system as in a system of systems in a defined environment, and policy framework. A reference system of systems: I think it is possible to have a "reference system of systems' as a proof of completeness, that could be used dur...

For the past year there has been a stalemate that I have tried to control. I think it is time for this stalemate to come to a conclusion. The topic is Patient Privacy Consent; the discussion is if this should be modeled as a core FHIR Resource, or as a core FHIR Profile upon the Contract Resource. The owner of this discussion is the Community Based Collaborative Care (CBCC) workgroup . This workgroup has produced the CDA Consent Directive, and the original Privacy domain model. The Security workgroup is the one that has the infrastructure to decide and enforce Access Control. Thus the two workgroups work together on this topic. With the CBCC workgroup focusing on how to capture a Patient Privacy Consent, and the Security workgroup focusing on how to enforce this. I am co-chair of the security workgroup and an active member in CBCC.  There are other factors that I won't cover. When we first started to model Privacy Consent Directive in FHIR, we had just finished (mostly finished) ...

I have been unfortunate to have been caught in a broad layoff -- Reduction In Force -- at GE Healthcare. GE Healthcare has been my home for just short of 18 years, and I have loved every minute of it. I have been part of many product, either directly on the team or through consulting with them on the use of Interoperability Standards, Privacy, and Security. These have been fantastically fun exercises in Systems Design. I have the luxury of taking my time to find a new opportunity. Over the last two months I have spoken to some of you, and your excitement for my list of opportunities has been very gratifying. Over the next few months I will reach out to others, and welcome you reaching out to me. I describe myself as a System Engineer, Principal Engineering Architect; but am most excited to help enable Privacy respecting Information Exchange. This might be between two healthcare practicing organizations, this might be centered on a Patient managed system, this might be for the purposes ...