1 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks.

Slides:



Advertisements
Similar presentations
1 HL7 Educational Session – eHealth Week Budapest 2011 © Health Level Seven International, Inc. All Rights Reserved. HL7 and Health Level Seven.
Advertisements

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 Jan 2013 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered.
Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.
<<Date>><<SDLC Phase>>
1 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks.
UDDI, Discovery and Web Services Registries. Introduction To facilitate e-commerce, companies needed a way to locate one another and exchange information.
© 2012 Health Level Seven ® International. All Rights Reserved. HL7 and Health Level Seven are registered trademarks of Health Level Seven International.
Information Security Policies and Standards
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
S&I Data Provenance Initiative Presentation to the HITSC on Data Provenance September 10, 2014.
Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.
Individual User Logins
1 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks.
New Data Regulation Law 201 CMR TJX Video.
Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.
Technical Guidelines for Digital Learning Content: A Tool for Development, Evaluation and Selection Liz Johnson Advanced Learning Technologies Board of.
CPS Acceptable Use Policy Day 2 – Technology Session.
© 2012 Health Level Seven ® International. All Rights Reserved. HL7 and Health Level Seven are registered trademarks of Health Level Seven International.
Trimble Connected Community
SWIS Digital Inspections Project (SWIS DIP) Chris Allen, Information Management Branch California Integrated Waste Management Board November 5, 2008 The.
©2013, Cognizant Cognizant’s Validated e-Signature Solution.
1 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks.
The EHR-S FIM project plans to harmonize the EHR-S FM R2
Content Strategy.
September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.
ETICS2 All Hands Meeting VEGA GmbH INFSOM-RI Uwe Mueller-Wilm Palermo, Oct ETICS Service Management Framework Business Objectives and “Best.
S&I Public Health * We will start the meeting 3 min after the hour October 7 th, 2014.
Public Health Reporting Initiative: Stage 2 Draft Roadmap.
Introduction to the Summary Care Record (SCR)
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review April 23, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.
SWIM-SUIT Information Models & Services
February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare.
Briefing: HL7 Working Group Meeting Update for the VCDE Community Dianne M. Reeves Associate Director, Biomedical Data Standards NCI CBIIT VCDE Meeting.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
“Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review April 16, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.
Public Health Reporting Initiative Stage 3 Sprint: Implementation Guide Development 1.
Health eDecisions Use Case 2: CDS Guidance Service Strawman of Core Concepts Use Case 2 1.
1 Healthcare Information Technology Standards Panel Care Delivery - IS01 Electronic Health Record (EHR) Laboratory Results Reporting July 6, 2007.
The FIDO Approach to Privacy Hannes Tschofenig, ARM Limited 1.
HIT Standards Committee Overview and Progress Report March 17, 2010.
Company Confidential Registration Management Committee RMC Auditor Workshop Charleston, SC July 2015 The OASIS Feedback Process Empowering Communication.
S&I Public Health Education Series: Data Provenance July 9th, 2014 Johnathan Coleman Initiative Coordinator – Data Provenance ONC/OCPO/OST (CTR)
Draft Provider Directory Recommendations Begin Deliberations re Query for Patient Record NwHIN Power Team July 10, 2014.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
OST Update Health IT Policy Committee March 14, 2013 Doug Fridsma, MD, PhD, FACP, FACMI Chief Science Officer & Director, Office of Science & Technology.
Electronic Submission of Medical Documentation (esMD)
HIT Policy Committee Meeting Nationwide Health Information Network Governance June 25, 2010 Mary Jo Deering, PhD ONC, Office of Policy and Planning NHIN.
© 2009 Health Level Seven ®, Inc. All Rights Reserved. HL7 and Health Level Seven are registered trademarks of Health Level Seven, Inc. Reg. U.S. Pat &
User and Device Management
Provider Directories Tasking, Review and Mod Spec Presentation NwHIN Power Team April 17, 2014.
Cross-Enterprise User Authentication Year 2 March 16, 2006 Cross-Enterprise User Authentication Year 2 March 16, 2006 John F. Moehrke GE Healthcare IT.
“ Jericho / UT Austin Pilot” Privacy with Dynamic Patient Review April 30, 2013 Presented by: David Staggs, JD, CISSP Jericho Systems Corporation.
Basic Security Cor Loef Philips Medical Systems Co-Chair IHE Radiology Technical Committee.
Doc.: IEEE /0085r1 Submission June 2010 Tuncer Baykas, NICTSlide TG1 and System Design Document Notice: This document has been prepared.
© 2015 Health Level Seven ® International. All Rights Reserved. HL7 and Health Level Seven are registered trademarks of Health Level Seven International.
Eclipse Foundation, Inc. Eclipse Open Healthcare Framework v1.0 Interoperability Terminology HL7 v2 / v3 DICOM Archetypes Health Records Capture Storage.
OASIS Next Generation Project Summary
DATA SECURITY FOR MEDICAL RESEARCH
Presented by: Gregorio Canal (Arsenàl.IT) to ITI Technical Cmte
6/17/ :27 AM BRK3341 Unlock extensibility by connecting your service to PowerApps and Microsoft Flow Theresa (Tessa) Palmer–Sr. Program Manager Sunay.
EHR System Function and Information Model (EHR-S FIM is based on EHR-S FM R2.0) CPS.3.9 Clinical Decision Support System Guidelines Updates aka S
EHR System Function and Information Model (EHR-S FIM based on EHR-S FM R2.0) CPS.9.4 Standard Report Generation aka S in EHR-S FM R1.1
EHR System Function and Information Model (EHR-S FIM is based on EHR-S FM R2.0) CP.3.3 Manage Clinical Documents and Notes aka DC in EHR-S FM.
Mobile Health October 2018 HL7 Baltimore, MD WGM
EHR System Function and Information Model (EHR-S FIM is based on EHR-S FM R2.0) AS.4.1 Manage Registry Communication aka S.1.1 in EHR-S FM R1.1
Desktop App Assure Service Microsoft Representative Name June 7, 2019
Mobile Health (MH) Working Group – Projects Update
Presentation transcript:

1 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Tim McKay Mobile Health Workgroup April 6, 2015 Consumer Mobile Health Application Functional Framework: An Introduction

2 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Why start this project?  Need for criteria to enable development of consumer health apps which have a uniform approach to security, privacy and data use  Current HL7 functional models cannot be used as-is to allow for certification of secure consumer-facing mobile health applications  Shift in consumer health offerings from being o Global in scope and Web by channel to o Narrow in scope and Mobile by channel  Provide a path for the certification of apps o Consumer confidence o Provider confidence

3 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off In Scope  This project will define security, privacy and data standards for secure mobile health applications (apps) o Limited to smartphones but may be extended to tablets o Standards will cover the app lifecycle  Central artifact is a set of conformance criteria (functional requirements) o Conformance criteria address the key user stories of the human actors of the system. o Conformance criteria address the technical actors necessary to fulfill the stories of the human actors

4 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off In Scope Conformance Criteria Topics  Privacy policy, terms of use, and in-app disclaimers  User, device, and cross-system authentication  Authorization to content and features  Proxy designations  Use of location services, camera, accelerometers and other smartphone services  Security of data at rest (local and cloud)  Security of data in transit (wired and wireless)  Minimum data standards for device generated and device transmitted information  Record system reliability; record authenticity  Data provenance  Audit  Standards related to discontinuation of use of an app

5 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Key Actors HumanNon-human App User Clinician Family Caregiver App Developer Third-Party Data Aggregator Regulator Mobile Health App Smartphone App Store Data Collection Device External Data Repository EHR System PHR System Social Media Site

6 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Examples of User Stories App UserClinicianApp Developer I want my access to the app to be secure. I want to control access to who can view or use any data generated from the app. I care about some data a lot; other data I really don’t care about. I want the app to potentially improve my health and wellbeing. I do not want the app to harm my health and wellbeing. If I stop using the app, I want to be able to determine what happens to any data stored by the app. If I am allowed to use data generated from the app, I want to know enough about the data to determine if I can trust using it in making decisions about clinical care. I want the app to potentially improve the health of my patients who use it. I want the app to potentially improve my relationships with my patients who use it. I want the app to not overstep its bounds in terms of clinical claims. I want the app to be widely used. I want the app to potentially improve the health of its users. I do not want the app to harm the health of its users. I want to comply with known laws and regulations to that: 1) my company does not become subject to regulatory oversight; 2) my app can be used as widely as possible. I want my company to make money from the app.

7 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Mobile app lifecycle

8 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Out of Scope  This project will NOT define standards for the content of mobile applications.  This project will NOT address apps written for basic phones.

9 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Approach 1 of 3 Conformance criteria already available within the HL7 PHR-S and EHR-S Functional Models will be reused, augmenting the framework with new conformance criteria specific to mobile platforms (device, context and user characteristics). Glossary terms and verb hierarchies of the PHR-S and EHR-S will be reused. DeviceContextUser Text messaging Camera & microphone Geolocation Accelerometer Near Field Communications Device reliability Continuous data collection PHI and PHII contained on devices Unique device ID Attached data collection devices Calendar and Address Book App use anywhere anytime Environmental conditions Bandwidth Lost devices Generational usage patterns User disabilities Social media sharing

10 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Approach 2 of 3 Speed to market is valued more than a 100% complete model  Target: have draft ready for comment-only ballot for September Use comments to address significant gaps to prepare for DSTU ballot for May  80% rule: at this stage of development, conformance criteria address most issues of relevance for most apps  Emphasis on “shall” and “should” criteria over “may” criteria

11 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Approach 3 of 3 Publishing format is TBD, but should consider a structure which facilitates standards-conformant product development  Conformance criteria applicable to all apps  Conformance criteria conditionally applicable to some apps  Easy to convert conformance criteria to product requirements  Within standard be able to reference workflow diagrams, exemplary use cases/user stories, enabling standards and FHIR ® resources applicable to fulfilling conformance criteria  Ability to publish updates which are accessible before formal ballot Consider organization based on app lifecycle from the point of view of the primary user of the app

12 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Document Organization by App Lifecycle Pre-Market Regulatory/Compliance Approval Determine need for approval(s) Obtain approval(s) Complete Risk/Security Assessment Search for & Download App Description of App in App Store Access to Terms of Use Access to Privacy Policy Launch App/Establish User Account Acceptance of Terms of Use Account Creation Identity proofing of account holder Account linking to pre-existing information Establish mechanisms for user authentication Use App Session security User authentication User authorization Session encryption Device/Smartphone Pairing Authorization of Data Collection Data content Use App (continued) Method of collection Smartphone capabilities data (e.g., calendar, contacts) hardware (e.g. camera, location) External device Associate Account with External Systems First pairing Ongoing authentication/authorization Account disassociation Data Storage Data security Device storage Cloud/external storage Data authenticity Data provenance Data Transmission Ability to transmit stored data Standards-based data transmission Authorization by user Single authorization Subscription authorization Data formats Unstructured data Structured data biometric data code sets Use App (continued) Metadata user device biometric Authorization of Third Party Access/Use Account proxies External actors Human System Sign-out From App Data Deletion Permitted/Prohibited 3 rd Party Uses Notifications and Alerts Upgrade App to New Version App Usability Audit Delete App App Removal Data Removal Smartphone Cloud Data Relocation Permitted/Prohibited uses of data post account closure

13 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Work Plan  Gain consensus on scope and approach  Draft a structure for organizing conformance criteria  Identify criteria for re-use from PHR-S FM and EHR-S FM  Select and harmonize PHR/EHR criteria  Add new criteria to model which address mobile-specific issues  Harmonize criteria against glossary and verb hierarchies  Complete narrative text  By August 1, complete initial draft of framework to submit for September comment-only ballot

14 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Discussion

15 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Project and contact information Meetings: Standing meetings are on Mondays at 2 PM Pacific (5 PM Eastern)  WebEx: 4a13407f4aa8a0dc2f 4a13407f4aa8a0dc2f  Phone: Passcode: **A face-to-face meeting will be held in Oakland, CA on April 27/28. See Wiki for details and to RSVP Wiki: cation_Functional_Framework, cation_Functional_Framework Project Lead: Tim McKay,

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.