Condition of Certification: Difference between revisions
| Line 13: | Line 13: | ||
This initial pass is based on [https://www.carinalliance.com/our-work/trust-framework-and-code-of-conduct/ The CARIN Alliance Code of Conduct] which is voluntary. It is proposed that these are mandator of access to PHI. | This initial pass is based on [https://www.carinalliance.com/our-work/trust-framework-and-code-of-conduct/ The CARIN Alliance Code of Conduct] which is voluntary. It is proposed that these are mandator of access to PHI. | ||
# Transparency<blockquote>The Principle of Openness, which provides that the existence of record-keeping systems and databanks containing data about individuals be publicly known, along with a description of main purpose and uses of the data.</blockquote> | # Transparency<blockquote>The Principle of Openness, which provides that the existence of record-keeping systems and databanks containing data about individuals be publicly known, along with a description of main purpose and uses of the data.</blockquote> | ||
# Consent | # Consent<blockquote>The Principle of Collection Limitation, which provides that there should be limits to the collection of personal data, that data should be collected by lawful and fair means, and that data should be collected, where appropriate, with the knowledge or consent of the data subject. The Principle of Disclosure Limitation, which provides that personal data should not be communicated externally without the consent of the data subject or other legal authority..</blockquote> | ||
# Use and Disclosure | # Use and Disclosure<blockquote>The Principle of Openness, which provides that the existence of record-keeping systems and databanks containing data about individuals be publicly known, along with a description of main purpose and uses of the data.</blockquote> | ||
# Individual Access | # Individual Access<blockquote>The Principle of Openness, which provides that the existence of record-keeping systems and databanks containing data about individuals be publicly known, along with a description of main purpose and uses of the data.</blockquote> | ||
# Security | # Security<blockquote>The Principle of Openness, which provides that the existence of record-keeping systems and databanks containing data about individuals be publicly known, along with a description of main purpose and uses of the data.</blockquote> | ||
# Provenance | # Provenance<blockquote>The Principle of Openness, which provides that the existence of record-keeping systems and databanks containing data about individuals be publicly known, along with a description of main purpose and uses of the data.</blockquote> | ||
# Accountability | # Accountability | ||
# Education | # Education<blockquote>The Principle of Openness, which provides that the existence of record-keeping systems and databanks containing data about individuals be publicly known, along with a description of main purpose and uses of the data.</blockquote> | ||
plus the following | plus the following | ||
* User Experience, which means that the user can understand the data. This probably means that semantics of the EHR are translated into terms that users can understand. | * User Experience, which means that the user can understand the data. This probably means that semantics of the EHR are translated into terms that users can understand. | ||
Revision as of 01:40, 26 October 2020
Full Title
Condition of Certification (CoC) and Information Blocking are key to the propagation of Patient Choice solutions in conformance with the Cures Final Act Rule.
Goal
This is designed to be the source document for a Service Assessment Criteria for apps that are used in user, patient or delegate apps to allow high assurance access to personally identifiable information.
Context
- The Final Rule for the 21st Century Cures Act include some details on the method that Electronic Health Record (EHR) provides could use to decide if Patient Health Information (PHI) could be related to apps in patient's devices.
- Previous to the release of the Final Rule, the Kantara Work Group on Federated identifiers for Resilient Ecosystems had plan to prosed a solutions based on the wiki for Patient Choice, but was late for funding available at that time.
- See the wiki page Authorized Certification Body for descriptions of the governing body and conditions for health care apps.
Solution
This initial pass is based on The CARIN Alliance Code of Conduct which is voluntary. It is proposed that these are mandator of access to PHI.
- Transparency
The Principle of Openness, which provides that the existence of record-keeping systems and databanks containing data about individuals be publicly known, along with a description of main purpose and uses of the data.
- Consent
The Principle of Collection Limitation, which provides that there should be limits to the collection of personal data, that data should be collected by lawful and fair means, and that data should be collected, where appropriate, with the knowledge or consent of the data subject. The Principle of Disclosure Limitation, which provides that personal data should not be communicated externally without the consent of the data subject or other legal authority..
- Use and Disclosure
The Principle of Openness, which provides that the existence of record-keeping systems and databanks containing data about individuals be publicly known, along with a description of main purpose and uses of the data.
- Individual Access
The Principle of Openness, which provides that the existence of record-keeping systems and databanks containing data about individuals be publicly known, along with a description of main purpose and uses of the data.
- Security
The Principle of Openness, which provides that the existence of record-keeping systems and databanks containing data about individuals be publicly known, along with a description of main purpose and uses of the data.
- Provenance
The Principle of Openness, which provides that the existence of record-keeping systems and databanks containing data about individuals be publicly known, along with a description of main purpose and uses of the data.
- Accountability
- Education
The Principle of Openness, which provides that the existence of record-keeping systems and databanks containing data about individuals be publicly known, along with a description of main purpose and uses of the data.
plus the following
- User Experience, which means that the user can understand the data. This probably means that semantics of the EHR are translated into terms that users can understand.