Condition of Certification

From IDESG Wiki
Revision as of 01:40, 26 October 2020 by Tomjones (talk | contribs) (→‎Solution)
Jump to navigation Jump to search

Full Title

Condition of Certification (CoC) and Information Blocking are key to the propagation of Patient Choice solutions in conformance with the Cures Final Act Rule.

Goal

This is designed to be the source document for a Service Assessment Criteria for apps that are used in user, patient or delegate apps to allow high assurance access to personally identifiable information.

Context

  • The Final Rule for the 21st Century Cures Act include some details on the method that Electronic Health Record (EHR) provides could use to decide if Patient Health Information (PHI) could be related to apps in patient's devices.
  • Previous to the release of the Final Rule, the Kantara Work Group on Federated identifiers for Resilient Ecosystems had plan to prosed a solutions based on the wiki for Patient Choice, but was late for funding available at that time.
  • See the wiki page Authorized Certification Body for descriptions of the governing body and conditions for health care apps.

Solution

This initial pass is based on The CARIN Alliance Code of Conduct which is voluntary. It is proposed that these are mandator of access to PHI.

  1. Transparency

    The Principle of Openness, which provides that the existence of record-keeping systems and databanks containing data about individuals be publicly known, along with a description of main purpose and uses of the data.

  2. Consent

    The Principle of Collection Limitation, which provides that there should be limits to the collection of personal data, that data should be collected by lawful and fair means, and that data should be collected, where appropriate, with the knowledge or consent of the data subject. The Principle of Disclosure Limitation, which provides that personal data should not be communicated externally without the consent of the data subject or other legal authority..

  3. Use and Disclosure

    The Principle of Openness, which provides that the existence of record-keeping systems and databanks containing data about individuals be publicly known, along with a description of main purpose and uses of the data.

  4. Individual Access

    The Principle of Openness, which provides that the existence of record-keeping systems and databanks containing data about individuals be publicly known, along with a description of main purpose and uses of the data.

  5. Security

    The Principle of Openness, which provides that the existence of record-keeping systems and databanks containing data about individuals be publicly known, along with a description of main purpose and uses of the data.

  6. Provenance

    The Principle of Openness, which provides that the existence of record-keeping systems and databanks containing data about individuals be publicly known, along with a description of main purpose and uses of the data.

  7. Accountability
  8. Education

    The Principle of Openness, which provides that the existence of record-keeping systems and databanks containing data about individuals be publicly known, along with a description of main purpose and uses of the data.

plus the following

  • User Experience, which means that the user can understand the data. This probably means that semantics of the EHR are translated into terms that users can understand.

References

Retrieved from "https://wiki.idesg.org/index.php?title=Condition_of_Certification&oldid=15194"