Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-28853

What process is in place to restrict a client app’s unauthorized use of a member’s information?

    XMLWordPrintableJSON

    Details

    • Type: Change Request
    • Status: Triaged (View Workflow)
    • Priority: Highest
    • Resolution: Not Persuasive
    • Specification:
      US Da Vinci HRex (FHIR)
    • Raised in Version:
      current
    • Work Group:
      Clinical Interoperability Council
    • Related Artifact(s):
      HRex Parameters - Member Match Response Profile
    • Related Section(s):
      Resource Profile: HRexMemberMatchResponseParameters
    • Grouping:
    • Resolution Description:
      Hide

      The information being shared is not information that is considered 'sensitive' in the context where it's being shared.  The 'new' payer is already sharing demographic information and the demographics provided by the 'old' payer has to be well aligned or there wouldn't be a match.  In Coverage, the new payer already knows the old payer had coverage - or they wouldn't be trying to perform a match in the first place.  The member id and coverage id being shared would not be 'sensitive' and any use of them in interactions with the old payer would be governed by the old payer.  E.g. if the new payer performs a search using the member id, the old payer would determine what information is shared.

      The patient or their representative, by definition, has to be aware that the match is happening because that's the only way the new payer could have the information necessary to initiate the match.

      Show
      The information being shared is not information that is considered 'sensitive' in the context where it's being shared.  The 'new' payer is already sharing demographic information and the demographics provided by the 'old' payer has to be well aligned or there wouldn't be a match.  In Coverage, the new payer already knows the old payer had coverage - or they wouldn't be trying to perform a match in the first place.  The member id and coverage id being shared would not be 'sensitive' and any use of them in interactions with the old payer would be governed by the old payer.  E.g. if the new payer performs a search using the member id, the old payer would determine what information is shared. The patient or their representative, by definition, has to be aware that the match is happening because that's the only way the new payer could have the information necessary to initiate the match.

      Description

      What process is in place to restrict a client app’s unauthorized use of a member’s information? How will members be informed about a client’s access, exchange, and use of their information?

      Existing Wording:

      Resource Profile: HRexMemberMatchResponseParameters

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              celine_lefebvre Celine Lefebvre
              Request in-person:
              Celine Lefebvre
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: