Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-26129

How is the intermediary going to determine what to remove1?

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Persuasive with Modification
    • Icon: Highest Highest
    • US Da Vinci Alerts (FHIR)
    • 0.2.0 [deprecated]
    • Infrastructure & Messaging
    • Framework
    • 2.1.6
    • Hide

      re How is the intermediary going to determine what to remove? - That is an implementation detail and out of scope for this IG.

      Will add to 'Out of scope' section: "How the Intermediary determines further processing of notification data"

      re " The intermediary shouldn’t be getting the protected data in the first place.

      Disagree, since the intermediary may need to forward data to a variety of careteam members with differing levels of access to PHI they should be able to tailor the messages they forward to those care team members. For example a "meals on Wheels" provider vs a PCP. However will add more documentation in the assumptions section that:

      See FHIR-26132 for proposal to add BAA/DUA to preconditions for intermediary
      will also add to text referenced in FHIR -26132 a pointer to the Da Vinci principles and state that any such agreement should clearly indicate how the intermediary will handle sensitive information, determine what to remove, how will notify the recipient of the removal.

      Show
      re How is the intermediary going to determine what to remove? - That is an implementation detail and out of scope for this IG. Will add to 'Out of scope' section: "How the Intermediary determines further processing of notification data" re " The intermediary shouldn’t be getting the protected data in the first place. Disagree, since the intermediary may need to forward data to a variety of careteam members with differing levels of access to PHI they should be able to tailor the messages they forward to those care team members. For example a "meals on Wheels" provider vs a PCP. However will add more documentation in the assumptions section that: See FHIR-26132 for proposal to add BAA/DUA to preconditions for intermediary will also add to text referenced in FHIR -26132 a pointer to the Da Vinci principles and state that any such agreement should clearly indicate how the intermediary will handle sensitive information, determine what to remove, how will notify the recipient of the removal.
    • Ulrike Merrick/Nick Radov: 3-0-1
    • Clarification
    • Non-substantive

    Description

      How is the intermediary going to determine what to remove? This seems concerning. The intermediary shouldn’t be getting the protected data in the first place. How is the sender going to know that data are being modified in transit and the recipient isn’t receiving the full notification?

      Existing Wording:

      In situations where information on a particular data element is not needed or considered protected information the Intermediary MAY remove the profile instance from the bundle when distributing the alert notification. The Intermediary MAY provide the reason for the missing information using the dataAbsentReason extension. 

      Attachments

        Activity

          People

            Unassigned Unassigned
            celine_lefebvre Celine Lefebvre
            Celine Lefebvre
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: