Authorized Certification Body

From IDESG Wiki
Jump to navigation Jump to search

Full Title

This description of an Authorized Certification Body applies solely to the evaluaiton of applications used by Patients and their delegates to access Personal Healthcare Information (PHI) and upload of data to providers.

Goal

Put the user in control of either own devices and personal health information.

Context

Much of the language used here is directled towards Health IT Modules running in providers web sites. It is adapted here to the case of Health IT for patients and delegates.

  1. Information Blocking - there must be no action that cconsititues information blocking. But this only applies to apps that are from certified developers.
  2. The following communications must be provided for Health IT apps.
    1. The user ability of the app.
    2. The interoperability of the apis used by the app.
    3. The security of the app.
    4. User experiences when patients or delegates use the app.
    5. Business practices of the app developers.
    6. The manner in which the technologies in the app have been used in health IT.
  3. Application Programming Interfaces (APIs) that are used for communications with:
    1. Electronic Health Records Providers (EHR) or Health Information Exchanges (HIE).
    2. OpenID Providers of Identity Services
    3. Credential Services Providers
    4. Medical Record Locator Servcies
    5. Trust Registries of providers of authorized certification.
  4. Real World Testing
    1. Set up of a test EHR or HIE
    2. User Experience test program for users in as many categories as time allows.
  5. Attestations - will be established by the formation of Device Assessment criteria that can be used by test labs to certify app developers.

References