| Question | Answered By | Answer* |
|---|
| Is there a rules engine that encodes privacy and consent regulations? | Mohammed Jafari | We have used the FHIR Consent Provision structure for encoding the rules; the LEAP Consent Decision Service (CDS) is able to parse and interpret these rules and apply them to a given access request context. So, in a sense, the "rules engine" is the LEAP CDS and the rules language is the FHIR Consent resource, particularly, the provision structure . |
| CDS has a long standing translation to be "Clinical Decision Support" in the FHIR realm. Otherwise actor function makes sense. | Mohammed Jafari | This is true. To avoid this ambiguity, and particularly because we use the FHIR Clinical Decision Support API interface ourselves, we tried to use "LEAP-CDS" to refer to the consent decision service. This is admittedly not ideal though. |
| Are we also thinking about automating the information being shared with a provider when a patient visits for a specific medical condition? This will help ensure that the provider has enough information needed in order to treat the patient. | Mohammed Jafari | This is certainly doable by implementing the suitable Consent Enforcement Service within that workflow to automate consent enforcement, for example, at the time when an appointment is booked, or when a patient is enrolled at a care provider. |
| Who funds the decision service and the management service? This is grant now, I think. Who is this going to be and how sustained? | Mohammed Jafari | The ONC grant has provided the funding for developing these artefacts. All of the code artefacts of the project are open source and will be hosted on github in perpetuity. The live demos are deployed for test purposes on google cloud and will stay online as long as the funding for the technical structure can last --our estimate is for around two years. |
| This is really interesting work. I'm thinking about how the patient gets engaged enough to think through in which contexts they want their data shared. No one really reads the HIPAA privacy notices before signing them, for example. Have you had any feedback from patients or in pilots about whether patients are able to be engaged on this? | Mohammed Jafari | Designing an intuitive and useful user experience and user interface for consent management is an open question that was not really the focus of this project. We have provided one example (and arguably a very good example) of such UX/UI but alternatives are definitely possible. Our main contribution in this project is to show that whatever the UI/UX, once patient intentions and preferences are captured, they can be stored in the form of FHIR QuestionnaireResponse resources and thereby in the form of FHIR Consent resources, and ultimately enforced in various application workflows via the LEAP consent ecosystem. |
| How do we access consent demo? https://leap-gui-yop7t2tkfq-uc.a.run.app/login?error Need credentials to access consent demo | Mohammed Jafari | The demo users are demo1@gmail.com through demo10@gmail.com and they all have the password "password". |
| It would seem that patient mis-matching needs to be monitored to the "problem" as well. Data integrity is key to prevent breaching of patient information in the patient portal -- has this been noted? | Hannah Galvin | Agreed. This is a significant concern - one which most IT teams are already dealing with in current state. This is out of scope for the PP2PI workgroup at this time, but really important to keep in mind. Thanks for bringing this up. |
| Another factor to prevent the concern of 'data blocking' is that patient health literacy must be factored in. Not all users are able to navigate the portal contents. | Hannah Galvin | Agreed. This is one reason the PP2PI workgroup includes patient advocates. Disparities in health and digital health literacy can significantly affect self-advocacy and quality of care. |
| Did Nadie consent to this DX being shared via the record? | Hannah Galvin | This was a composite use case - not a specific example. 21st C. Cures does require sharing problem list data with patients via the Portal. If patient partner has access to the portal, this can be a danger, which meets the patient harm exception. |
| How can I become part of a workgroup? My startup has implemented data sharing via a mobile app which addresses lots of these concerns. | Hannah Galvin, Greg White | Please feel free to e-mail me (Dr. Hannah Galvin) at hagalvin@challiance.org Please see information regarding joining various workgroups and projects below: HL7 Security Work Group: Main call is on Tuesdays 3 – 4 PM https://us02web.zoom.us/j/82546740051?pwd=WlZwN3BzMWdOUitXS0tmTjVnOThhUT09 Meeting ID: 825 4674 0051 Passcode: 712852 HL7 Patient Care SDOH Clinical Care FHIR IG Work Group https://confluence.hl7.org/display/GRAV/FHIR+IG+Work+Group+Meetings#FHIRIGWorkGroupMeetings-FHIRIGMeetings HL7 Community Based Care and Privacy (CBCP) Workgroup Tuesdays 12:00 – 1:00 PM ET https://us02web.zoom.us/j/89234543086?pwd=anE3djgyQXFYbkFYTEZCNVBPYkVzZz09 Meeting ID: 892 3454 3086 Passcode: 873496 Kantara User Manager Access (UMA) Work Group https://kantarainitiative.org/groups/user-managed-access-work-group/ Join the Gravity Project https://confluence.hl7.org/display/GRAV/Join+the+Gravity+Project Join the Protecting Privacy to Promote Interoperability Work Group Contact Serena Mack at serena.mack@drummondgroup.com |
| Will the use cases that the Workgroup is focusing include considerations/guidance on how clinicians can include Z codes on claims and how payers can use these codes? | Hannah Galvin | Coding guidance has not been part of the scope of the PP2PI workgroup thus far, but we'd be interested in hearing further your thoughts on how Z codes might be leveraged to meet some of the goals of the group. Please feel free to reach out: hagalvin@challiance.org |
| Do you have a specific IPV screening tool that you recommend? | Hannah Galvin | I have used the PRAPRE tool, as well as a modified version of this tool. In MA. Here are some additional recommendations from the AAFP. |
| Great example of the potential impact of sharing sensitive information. I wondered why the certification for data segmentation was left as optional criteria in the 2020 ONC Cures rule as it seems some vendors are still 1-2yrs away from launching the functionality at the granular level. | Hannah Galvin | Yes, this is a lot of work for vendors; probably more than even 1-2 years away. Our first step is to revise the standards and implementation guidance. The major vendors (Epic, Cerner, Allscripts, athenahealth and others) sit on the PP2PI workgroup and are part of this discussion. It will be important for the vendor community to develop some consensus on how best to implement standards around granular tagging if this is truly going to work in an interoperable manner. |
| Is United Us or NOW POW sharing information with actual government agencies and their systems of record? If so, who, and where? | Leslie Paith | NowPow works with public health departments, police departments, and child and family service agencies in various networks across several states. As customers, these organizations decide how NowPow will be integrated into their system of record and how the information on their referral activity in the NowPow application is shared with other organizations. |
| Is blocking some info from longitudinal record a form of "info blocking"? | Mike Wolf | I'm not 100% sure i know what you mean by "info bocking", but I can tell you what we do. We define standard policies for care providers for the type of referrals/info that can be shared, and we can say that resources for Substance Abuse are not shared outside of the provider creating the referral and the community partner fulfilling the resource request. Does that make sense? |
| Identity resolution? Is this a form of patient matching and if not, what is it? | Mike Wolf | Yes, identity resolution is patient matching |
| Does Unite Us have a Directory of providers by geographic area? | Jake Thompson | Yes we do as a feature of our platform. We classify providers as "in network" - providers that are users of our system and can participate in the care team workflow, able to send/receive referrals - and "Out of network" - a more expansive of directory of services that can be shared with the individual by traditional means. We are in 43+ states. The former is partnered with closely with community engagement and network teams. The latter is sourced through partnerships with 211s and other data sources. |
| Is United Us or NOW POW sharing information with actual government agencies and their systems of record? If so, who, and where? | Jake Thompson | We do have several government agencies that are our customers and we are sending data to their data architecture. We interoperate / exchange data with systems of record through one of the mechanisms overviewed in the webinar. |
