Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks.

Published byHoratio Brooks Modified over 9 years ago

Similar presentations

Presentation on theme: "1 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks."— Presentation transcript:

1 1 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Tim McKay Mobile Health Workgroup April 6, 2015 Consumer Mobile Health Application Functional Framework: An Introduction

2 2 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Why start this project?  Need for criteria to enable development of consumer health apps which have a uniform approach to security, privacy and data use  Current HL7 functional models cannot be used as-is to allow for certification of secure consumer-facing mobile health applications  Shift in consumer health offerings from being o Global in scope and Web by channel to o Narrow in scope and Mobile by channel  Provide a path for the certification of apps o Consumer confidence o Provider confidence

3 3 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off In Scope  This project will define security, privacy and data standards for secure mobile health applications (apps) o Limited to smartphones but may be extended to tablets o Standards will cover the app lifecycle  Central artifact is a set of conformance criteria (functional requirements) o Conformance criteria address the key user stories of the human actors of the system. o Conformance criteria address the technical actors necessary to fulfill the stories of the human actors

4 4 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off In Scope Conformance Criteria Topics  Privacy policy, terms of use, and in-app disclaimers  User, device, and cross-system authentication  Authorization to content and features  Proxy designations  Use of location services, camera, accelerometers and other smartphone services  Security of data at rest (local and cloud)  Security of data in transit (wired and wireless)  Minimum data standards for device generated and device transmitted information  Record system reliability; record authenticity  Data provenance  Audit  Standards related to discontinuation of use of an app

5 5 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Key Actors HumanNon-human App User Clinician Family Caregiver App Developer Third-Party Data Aggregator Regulator Mobile Health App Smartphone App Store Data Collection Device External Data Repository EHR System PHR System Social Media Site

6 6 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Examples of User Stories App UserClinicianApp Developer I want my access to the app to be secure. I want to control access to who can view or use any data generated from the app. I care about some data a lot; other data I really don’t care about. I want the app to potentially improve my health and wellbeing. I do not want the app to harm my health and wellbeing. If I stop using the app, I want to be able to determine what happens to any data stored by the app. If I am allowed to use data generated from the app, I want to know enough about the data to determine if I can trust using it in making decisions about clinical care. I want the app to potentially improve the health of my patients who use it. I want the app to potentially improve my relationships with my patients who use it. I want the app to not overstep its bounds in terms of clinical claims. I want the app to be widely used. I want the app to potentially improve the health of its users. I do not want the app to harm the health of its users. I want to comply with known laws and regulations to that: 1) my company does not become subject to regulatory oversight; 2) my app can be used as widely as possible. I want my company to make money from the app.

7 7 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Mobile app lifecycle

8 8 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Out of Scope  This project will NOT define standards for the content of mobile applications.  This project will NOT address apps written for basic phones.

9 9 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Approach 1 of 3 Conformance criteria already available within the HL7 PHR-S and EHR-S Functional Models will be reused, augmenting the framework with new conformance criteria specific to mobile platforms (device, context and user characteristics). Glossary terms and verb hierarchies of the PHR-S and EHR-S will be reused. DeviceContextUser Text messaging Camera & microphone Geolocation Accelerometer Near Field Communications Device reliability Continuous data collection PHI and PHII contained on devices Unique device ID Attached data collection devices Calendar and Address Book App use anywhere anytime Environmental conditions Bandwidth Lost devices Generational usage patterns User disabilities Social media sharing

10 10 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Approach 2 of 3 Speed to market is valued more than a 100% complete model  Target: have draft ready for comment-only ballot for September 2015. Use comments to address significant gaps to prepare for DSTU ballot for May 2016.  80% rule: at this stage of development, conformance criteria address most issues of relevance for most apps  Emphasis on “shall” and “should” criteria over “may” criteria

11 11 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Approach 3 of 3 Publishing format is TBD, but should consider a structure which facilitates standards-conformant product development  Conformance criteria applicable to all apps  Conformance criteria conditionally applicable to some apps  Easy to convert conformance criteria to product requirements  Within standard be able to reference workflow diagrams, exemplary use cases/user stories, enabling standards and FHIR ® resources applicable to fulfilling conformance criteria  Ability to publish updates which are accessible before formal ballot Consider organization based on app lifecycle from the point of view of the primary user of the app

12 12 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Document Organization by App Lifecycle Pre-Market Regulatory/Compliance Approval Determine need for approval(s) Obtain approval(s) Complete Risk/Security Assessment Search for & Download App Description of App in App Store Access to Terms of Use Access to Privacy Policy Launch App/Establish User Account Acceptance of Terms of Use Account Creation Identity proofing of account holder Account linking to pre-existing information Establish mechanisms for user authentication Use App Session security User authentication User authorization Session encryption Device/Smartphone Pairing Authorization of Data Collection Data content Use App (continued) Method of collection Smartphone capabilities data (e.g., calendar, contacts) hardware (e.g. camera, location) External device Associate Account with External Systems First pairing Ongoing authentication/authorization Account disassociation Data Storage Data security Device storage Cloud/external storage Data authenticity Data provenance Data Transmission Ability to transmit stored data Standards-based data transmission Authorization by user Single authorization Subscription authorization Data formats Unstructured data Structured data biometric data code sets Use App (continued) Metadata user device biometric Authorization of Third Party Access/Use Account proxies External actors Human System Sign-out From App Data Deletion Permitted/Prohibited 3 rd Party Uses Notifications and Alerts Upgrade App to New Version App Usability Audit Delete App App Removal Data Removal Smartphone Cloud Data Relocation Permitted/Prohibited uses of data post account closure

13 13 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Work Plan  Gain consensus on scope and approach  Draft a structure for organizing conformance criteria  Identify criteria for re-use from PHR-S FM and EHR-S FM  Select and harmonize PHR/EHR criteria  Add new criteria to model which address mobile-specific issues  Harmonize criteria against glossary and verb hierarchies  Complete narrative text  By August 1, complete initial draft of framework to submit for September comment-only ballot

14 14 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Discussion

15 15 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Project and contact information Meetings: Standing meetings are on Mondays at 2 PM Pacific (5 PM Eastern)  WebEx: https://kponline.webex.com/kponline/j.php?MTID=mde22960aeb299e 4a13407f4aa8a0dc2f https://kponline.webex.com/kponline/j.php?MTID=mde22960aeb299e 4a13407f4aa8a0dc2f  Phone: +1 770-657-9270 Passcode: 465623 **A face-to-face meeting will be held in Oakland, CA on April 27/28. See Wiki for details and to RSVP Wiki: http://wiki.hl7.org/index.php?title=MHWG_Consumer_Mobile_Health_Appli cation_Functional_Framework, http://wiki.hl7.org/index.php?title=MHWG_Consumer_Mobile_Health_Appli cation_Functional_Framework Project Lead: Tim McKay, tim.a.mckay@kp.org, 1.303.349.5927tim.a.mckay@kp.org

Download ppt "1 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks."

Similar presentations

1 HL7 Educational Session – eHealth Week Budapest 2011 © 2002-2011 Health Level Seven International, Inc. All Rights Reserved. HL7 and Health Level Seven.

1 HL7 Educational Session – eHealth Week Budapest 2011 © Health Level Seven International, Inc. All Rights Reserved. HL7 and Health Level Seven.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 Jan 2013 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered.

1 Jan 2013 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered.
Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.

Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.
<<Date>><<SDLC Phase>>

<<Date>><<SDLC Phase>>
1 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks.

1 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks.
UDDI, Discovery and Web Services Registries. Introduction To facilitate e-commerce, companies needed a way to locate one another and exchange information.

UDDI, Discovery and Web Services Registries. Introduction To facilitate e-commerce, companies needed a way to locate one another and exchange information.
© 2012 Health Level Seven ® International. All Rights Reserved. HL7 and Health Level Seven are registered trademarks of Health Level Seven International.

© 2012 Health Level Seven ® International. All Rights Reserved. HL7 and Health Level Seven are registered trademarks of Health Level Seven International.
Information Security Policies and Standards

Information Security Policies and Standards
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
S&I Data Provenance Initiative Presentation to the HITSC on Data Provenance September 10, 2014.

S&I Data Provenance Initiative Presentation to the HITSC on Data Provenance September 10, 2014.
Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.

Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.
Individual User Logins

Individual User Logins
1 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks.

1 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.

Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.
Technical Guidelines for Digital Learning Content: A Tool for Development, Evaluation and Selection Liz Johnson Advanced Learning Technologies Board of.

Technical Guidelines for Digital Learning Content: A Tool for Development, Evaluation and Selection Liz Johnson Advanced Learning Technologies Board of.
CPS Acceptable Use Policy Day 2 – Technology Session.

CPS Acceptable Use Policy Day 2 – Technology Session.

Similar presentations

Ads by Google