Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-35729

Have there been discussions about sharing some (not all) data with perosnal representatives?

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Persuasive with Modification
    • Icon: Highest Highest
    • US CARIN Blue Button (FHIR)
    • 1.2.0
    • Financial Mgmt
    • STU
    • General Guidance
    • 4.1
    • Hide

      We will add guidance around security labels to security section under the Legal and Regulatory Requirements section (as a new section)

      Security/Privacy Related Technologies Including Explicit Consent and Security Labels

      1. While past ONC regulations did have optional rules for data labeling and consent directives, as of May 2020, ONC has elected to not establish rules for either data labeling and consent directives as part of the Final Rule for the 21st Century Cures Act.
      2. At present there is no explicit regulatory requirement for the use of these technologies in conjunction with this guide.
      3. However, to meet the statutes, regulations, and guiding principles above, consent directives and security labels MAY be considered and used.
      4. Organizations which plan to take advantage of these additional capabilities are responsible for negotiating support for these mechanisms between trading partners. The FHIR implementation guide defining the recommended standard is the FHIR Data Segmentation for Privacy IG.
      Show
      We will add guidance around security labels to security section under the Legal and Regulatory Requirements section (as a new section) Security/Privacy Related Technologies Including Explicit Consent and Security Labels While past ONC regulations did have optional rules for data labeling and consent directives, as of May 2020, ONC has elected to not establish rules for either data labeling and consent directives as part of the  Final Rule for the 21st Century Cures Act . At present there is no explicit regulatory requirement for the use of these technologies in conjunction with this guide. However, to meet the statutes, regulations, and guiding principles above, consent directives and security labels  MAY  be considered and used. Organizations which plan to take advantage of these additional capabilities are responsible for negotiating support for these mechanisms between trading partners. The FHIR implementation guide defining the recommended standard is the  FHIR Data Segmentation for Privacy IG .
    • Corey Spears / Andy Stechishin : 8-0-0
    • Clarification
    • Non-substantive

    Description

      Regarding the statement "Health Plan API actors SHALL be capable of populating all data elements as part of the query results as specified by the CARINBlueButtonHealthPlanAPICapabilityStatement." Have there been any discussions about how to support a consumer who wants to access all of their data and wants to share some but not all of it with a spouse, parent/child, non-clinical caregiver (Personal Representative)? From the below, it looks like there are capabilities to not provide all the data for various reasons, so I'm wondering whether there are plans to include patient privacy preferences as an additional reason. Payers shouldn't be the only entity able to make that determination - the consumer/patient should, too.

      Attachments

        Activity

          People

            Unassigned Unassigned
            celine_lefebvre Celine Lefebvre
            Celine Lefebvre
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: