Patient Choice: Difference between revisions
Jump to navigation
Jump to search
Line 11: | Line 11: | ||
* If the patient chooses to upload their PHI to just any web site without knowledge of that sites' controls, then the patient is at risk to loose control of their PHI. | * If the patient chooses to upload their PHI to just any web site without knowledge of that sites' controls, then the patient is at risk to loose control of their PHI. | ||
* The patient must be given the tools to assure that their PHI remains under their control, and the healthcare community will loose the patient's trust if they don't enforce that. | |||
==Solutions== | ==Solutions== | ||
* The healthcare community must create a trust registry of web sites and applications that are to be trusted with patient healthcare data (covered HIPAA entities). | |||
* The healthcare community must prevent any sites or apps that are not in the registry from downloading patient data. | |||
* The healthcare community should prevent any user app from uploading data is not from a trusted site or app into the patients EHR. | |||
==References== | ==References== |
Revision as of 00:53, 22 October 2019
Full Title
The options that a patient has in accessing and sharing their Protected Health Information (PHI) with trusted medical providers.
Context
- This pattern is a sub-set of the User Choice Pattern which covers the general user choice issues. It contains the general context and should be read in conjunction with this page.
Problems
- Patients have all expressed a desire to control what and where they share their Protected Health Information (PHI).
- Patients also ask to have control of the applications that run on their smart phones.
- If the patient chooses an application for their smart phone that downloads PHI, then that application has complete control over where that data goes.
- If the healthcare community decides to allow any smart phone application that the patient chooses to install on the smart phone, then the patient is at risk to loose control of their PHI.
- If the patient chooses to upload their PHI to just any web site without knowledge of that sites' controls, then the patient is at risk to loose control of their PHI.
- The patient must be given the tools to assure that their PHI remains under their control, and the healthcare community will loose the patient's trust if they don't enforce that.
Solutions
- The healthcare community must create a trust registry of web sites and applications that are to be trusted with patient healthcare data (covered HIPAA entities).
- The healthcare community must prevent any sites or apps that are not in the registry from downloading patient data.
- The healthcare community should prevent any user app from uploading data is not from a trusted site or app into the patients EHR.
References
Other Material
The following use cases contain details about Patient Choice in a Trustworthy Healthcare Ecosystem.
- Remote Attestation Use Case describes a user with a Smart Phone going though a series of actions that will provide subsequent statements from that user on that phone with a higher level of assurance.
- User Agent in the Clouddescribes a user with a modern browser on a internet connected computing device establishing an agent on a trustworthy web site to allow access to information on their behalf.