1. OpenID Foundation Avatar OpenID Foundation
  2. WGs
  3. HEART

Wiki

Clone wiki

HEART / 2015-09-14

View History

Attending:

Debbie Bucci

Danny van Leeuwen

Sarah Squire

Thompson Boyd

Dale Moberg

Glen Marshall

Jin Wen

Justin Richer

Tom Sullivan

Adrian Gropper

Edmund Jay

Brandon Smith

Jeremy Maxwell

Elderly mom use case:

We talked about the Discussion section of the Elderly mom use case ( https://docs.google.com/document/d/1V3e_fDH63fNDsV-WOGKcyg0ebuW165DOpjY_RcuMk4U/edit# )

HEART wants to have healthcare-specific and generic UMA and OAuth scopes.

The UMA legal subgroup is trying to figure out exactly how to minimize the resource server’s liability for introducing new technology. This use case is one example of how to do that from a business standpoint.

PCORI: ( https://drive.google.com/file/d/0BxZEh73RDPxdZFIxczBBTmlrVUZjekVlLUNaQ0h4bHh2N3Fn/view )

They are setting up a pattern for clinical information called PCORnet. There are online information sessions coming up.

It starts with data sources - EHRs, PHR - these are abstracted into “data marts” and aggregated. IRBs can impose policy and data access restrictions on the researcher. So there are two sources of information constraint - informed consent of the patient, and IRB restrictions.

PCORnet has not standardized authorization, but it is of interest to them. Glen thinks that what HEART is doing will strongly inform what they end up doing.

PCORI is research. PCORnet is a federal way to bring resources together.

A research query posed through PCORnet could flow to multiple CDRNs at the same time.

Has there been a consideration of notification when patient data is used? No, it hasn’t been done consistently, but that concern is addressed in the use case.

If someone violates trust in an agreement, is there recourse? That’s out of scope. It’s a policy question. They are working on capturing policy issues and new technology standards.

Danny van Leeuwen co-chairs PCORI’s Communication and Dissemination Advisory Council. They meet in a couple of weeks, and he would like to know how he can be of assistance to link these two PCORI initiatives.

Glen’s Use Case: ( https://drive.google.com/file/d/0BxZEh73RDPxdMW9EMDRqcV92RGJpb2ZaMjdQTzJlNHNXTmJF/view )

Alice is a stage-4 cancer patient. She sets up a two-way EHR-PHR exchange. She’s added her son as a proxy. She has to submit a biopsy sample for biotyping and current and future research. Clinical researchers will have access to all of her medical record and EHR data. She can see what data they are going to be getting and what they’re going to do to keep it private; she shares it with her son. She electronically consents.

Alice is aware of the story of Henrietta Lacks, so she wants to preserve her right and that of her heirs so track the use of her data and revoke consent.

How many consents is she signing? She’s signing one consent. There is an assumption that there’s a common access server or servers that contains these restrictions. The restrictions are placed on the CDRNs and the researcher.

Every access of Alice’s data is sent as a notification to her PHR.

Alice’s son notices that her data is being used in a valuable clinical trial. He considers withdrawing consent unless compensation is provided. Thus, he modifies the original consent on behalf of her estate.

Alice knew she was in a clinical trial - did she give consent to have data used after her death? did she give permission for a pseudonym? We’ll make a note and think about that.

What does this have to do with FHIR? FHIR is the interface between the data sources and the CDRNs. We don’t expect it to interface with researchers.

Tom Sullivan is active in the HIMSS task force on anonymity, and he would love to help.

Updated