Condition of Certification: Difference between revisions

From IDESG Wiki
Jump to navigation Jump to search
Line 11: Line 11:


==Solution==
==Solution==
This initial pass is based on [https://www.carinalliance.com/our-work/trust-framework-and-code-of-conduct/ The CARIN Alliance Code of Conduct].
This initial pass is based on [https://www.carinalliance.com/our-work/trust-framework-and-code-of-conduct/ The CARIN Alliance Code of Conduct] which is voluntary. It is proposed that these are mandator of access to PHI.
# Transparancy
# Consent
# Use and Disclosure
# Individual Access
# Security
# Provenance
# Accountability
# Education
plus the following
* User Experience, which means that the user can understand the data. This probably means that semantics of the EHR are translated into terms that users can understand.


==References==
==References==


[[Category: Health]]
[[Category: Health]]

Revision as of 01:37, 26 October 2020

Full Title

Condition of Certification (CoC) and Information Blocking are key to the propagation of Patient Choice solutions in conformance with the Cures Final Act Rule.

Goal

This is designed to be the source document for a Service Assessment Criteria for apps that are used in user, patient or delegate apps to allow high assurance access to personally identifiable information.

Context

  • The Final Rule for the 21st Century Cures Act include some details on the method that Electronic Health Record (EHR) provides could use to decide if Patient Health Information (PHI) could be related to apps in patient's devices.
  • Previous to the release of the Final Rule, the Kantara Work Group on Federated identifiers for Resilient Ecosystems had plan to prosed a solutions based on the wiki for Patient Choice, but was late for funding available at that time.
  • See the wiki page Authorized Certification Body for descriptions of the governing body and conditions for health care apps.

Solution

This initial pass is based on The CARIN Alliance Code of Conduct which is voluntary. It is proposed that these are mandator of access to PHI.

  1. Transparancy
  2. Consent
  3. Use and Disclosure
  4. Individual Access
  5. Security
  6. Provenance
  7. Accountability
  8. Education

plus the following

  • User Experience, which means that the user can understand the data. This probably means that semantics of the EHR are translated into terms that users can understand.

References