Health Care Profile

From IDESG Wiki
Jump to: navigation, search

Full Title or Meme

This Health Care Profile is one of the Framework Profiles that will allow developers of code and user experience to determine if their systems are compliant with the framework.

Note that this profile is oriented to federated health systems like that in the United States. Still the privacy considerations should apply to all, especially to cross boarder access.

Context

  • As a part of the creation of a set of Identity Ecosystems this profile is targeted to apply to any framework that handle user Protected Health Information (PHI).
  • The effort to standardize PHI transfers has been steadily progress for years under pressure from the ONH, but many health providers view user's PHI as their proprietary asset.
  • Now Apple has entered the equations with their health app which has gone directly to the health providers to acquire PHI as well as generating it on their own from the Apple watch. Now they are a PHI provider themselves, and presumably subject to all the regulation that entails.

Identifiers

Several countries have started an effort to create a central registry of all citizens or, in some cases, all residents. The US has determined that the social security number (SSN) is not a secure means of identification and has mandated that many agencies will need to create their own Identifiers. This has not yet impacted medicare nor the providers' database keys which are still base on the SSN.

  • The Center for Medicare Services recently deployed a new Identifier for users of Medicare that is not tied to the user's social security number.
  • The Department of Homeland security will be enforcing Real ID by October 2020 for travel as well as border crossings.
  • The Federal Emergency Management Agency (FEMA) has created a SID.
  • The US Treasury (for the IRS) is planning for a tax payer ID.
  • The Department of Defense has issued PIV cards for access to national defense information (and has propagated that system to NATO).

All of these should result in the user's Identity being separated for the various uses. This appears to be an example of the sort of Distributed ID that many organizations are now promoting. Obviously all the law enforcement agencies will ask for the unfettered ability to cross reference these Identifiers from any source what-so-ever. Hopefully the API that allows access to that tracking functionality will be well protected.

Stakeholders

Problems

  • Some of the stakeholders are reluctant to share patient information that they consider to be proprietary.

Solutions

References

  • The page Health IT Record Location Service (Data Aggregation) contains a use case for locating user PHI.
  • The page Health Care Profile Sandbox details a test suite that will allow developers of code and user experience to assure the compliance of their products to the framework.
  • Kantara HEART WG
    HEART (Health Relationship Trust) is a set of profiles that enables patients to control how, when, and with whom their clinical data is shared. The HEART model builds on existing state-of-the-art security and adds additional components to ensure that patient clinical data is securely exchanged. In addition to giving patients control over how their own data is shared, HEART defines the interoperable process for systems to exchange patient-authorized healthcare data consistent with open standards, specifically FHIR (Fast Healthcare Interoperability Resources), OAuth, OpenID Connect, and UMA (User-Managed Access).
  • HIE of one
    Our solution is a patient-centered approach to privacy protection in cloud computing and information based on digital consent standards, blockchain identity, and blockchain audit. This enables each patient and each licensed practitioner to own and completely control their open source connected health records within a secure environment.