Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks.

Published byHector Jackson Modified over 9 years ago

Similar presentations

Presentation on theme: "1 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks."— Presentation transcript:

1 1 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Tim McKay Mobile Health Workgroup April 27/28, 2015 Consumer Mobile Health Application Functional Framework Out of Cycle Meeting

2 2 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Why start this project?  Need for criteria to enable development of consumer health apps which have a uniform approach to security, privacy and data use  Current HL7 functional models cannot be used as-is to allow for certification of secure consumer-facing mobile health applications  Shift in consumer health offerings from being o Global in scope and Web by channel to o Narrow in scope and Mobile by channel  Provide a path for the certification of apps o Consumer confidence o Provider confidence

3 3 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off In Scope  This project will define security, privacy and data standards for secure mobile health applications (apps) o Limited to smartphones but may be extended to tablets o Standards will cover the app lifecycle  Central artifact is a set of conformance criteria (functional requirements) o Conformance criteria address the key user stories of the human actors of the system. o Conformance criteria address the technical actors necessary to fulfill the stories of the human actors  Focus in on the consumer/citizen  Two points of view: commercial and care

4 4 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Key User Stories App UserClinician I want my access to the app to be secure. I want to control access to who can view or use any data generated from the app. I care about some data a lot; other data I really don’t care about. I want the app to potentially improve my health and wellbeing. I do not want the app to harm my health and wellbeing. If I stop using the app, I want to be able to determine what happens to any data stored by the app. If I am allowed to use data generated from the app, I want to know enough about the data to determine if I can trust using it in making decisions about clinical care. I want the app to potentially improve the health of my patients who use it. I want the app to potentially improve my relationships with my patients who use it. I want the app to not overstep its bounds in terms of clinical claims. I want my patients’ data to be used for medical research.

5 5 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Mobile app lifecycle

6 6 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Out of Scope  This project will NOT define standards for the content of mobile applications.  This project will NOT address apps written for basic phones.

7 7 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Approach  Create a lightweight model  Assume profiles can be built off the model.  Create a developer-friendly model.  Create a product lifecycle based model.  Allow for core and optional criteria.  Provide resources relevant to conformance criteria.  Use PHRS-FM and EHRS-FM as resources.  Manage scope creep: can “it” fit within the general model

8 8 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Goals  Overall: have draft ready for comment-only ballot for September 2015. Use comments to address significant gaps to prepare for DSTU ballot for May 2016.  Out-of-cycle: draft conformance criteria for as many sections of the model as possible using time-boxed sub-groups.  Weekly meetings: review and extend work of out- of-cycle meeting  Sub-groups may choose to continue

9 9 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Section 1: Pre-Launch Activities 1.1 Regulatory/Compliance Approval Determine need for approval(s) Obtain approval(s) 1.2 Risk Assessment and Mitigation 1.3Product Usability

10 10 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Section 2: Download and Install App 2.1 App Store Experience Description of App Access to Terms of Use Access to Privacy Policy Payment for App 2.2 Launch App and Establish User Account Acceptance of Terms of Use Account Creation Identity proofing of account holder Account linking to pre-existing information Establish mechanisms for user authentication

11 11 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Section 3: Use App (1 of 5) 3.1 Session security User authentication User authorization Session encryption Session termination/sign-off 3.2 Authorization of Data Collection Data content Method of collection Smartphone capabilities data (e.g., calendar, contacts) hardware (e.g. camera, location) External device

12 12 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Section 3: Use App (2 of 5) 3.3Authorization of Data Use Third Party Access/Use Account proxies External actors Human System Prohibited uses of data Data deletion 3.4 Pairing User Accounts with Devices and Data Repositories First pairing Ongoing authentication/authorization Account disassociation

13 13 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Section 3: Use App (3 of 5) 3.5 Data Storage Data security Device storage Cloud/external storage Data authenticity Data provenance Data formats Unstructured data Structured data Metadata user device

14 14 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Section 3: Use App (4 of 5) 3.6 Data Transmission Ability to transmit stored data Standards-based data transmission Authorization by user Single authorization Subscription authorization 3.7In-App Payments

15 15 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Section 3: Use App (5 of 5) 3.8 Notifications and Alerts Obtaining permission to generate notifications and alerts Methods SMS/text messaging Smartphone notification centers Lock screen use 3.9 App Version Upgrades Automatic and user-permitted upgrades Changes to Terms of Use 3.10 Audit

16 16 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Section 4: Delete App 4.1 App Removal 4.2 Data Removal & Relocation Smartphone Cloud 4.3 Permitted Uses of Data After Account Closure Permitted uses (including conditions of use) Prohibited uses

17 17 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Template Example 1.2 Risk Assessment and Mitigation 1 Shall (All) Complete a general product risk assessment using an established risk management framework. The framework should be one which is used by a Realm’s health systems to determine risk of inappropriate disclosure of medical information. 2 Shall (All) Rank risk assessment findings in terms of their potential effect on adequately securing an individual’s personally identifiable information (PII) including any protected health information (PHI). 3 Should (All) Prior to product launch, complete User Acceptance Testing (UAT) by testers who are not part of the formal development team. Often this will include product business owners. 4 Shall (IF) [Uses credit/debit cards] Assess product for Payment Industry Card (PCI) compliance. Regulations, standards, and implementation tools National Institute for Standards and Technology (NIST), Cybersecurity Framework, http://www.nist.gov/cyberframework/ http://www.nist.gov/cyberframework/ Payment Card Industry Standards, https://www.pcisecuritystandards.org/

Download ppt "1 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks."

Similar presentations

1 HL7 Educational Session – eHealth Week Budapest 2011 © 2002-2011 Health Level Seven International, Inc. All Rights Reserved. HL7 and Health Level Seven.

1 HL7 Educational Session – eHealth Week Budapest 2011 © Health Level Seven International, Inc. All Rights Reserved. HL7 and Health Level Seven.
ELTSS Alignment to Nationwide Interoperability Roadmap DRAFT: For Stakeholder Consideration in response to public comment.

ELTSS Alignment to Nationwide Interoperability Roadmap DRAFT: For Stakeholder Consideration in response to public comment.
Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.

Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
1 Jan 2013 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered.

1 Jan 2013 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.

Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.
<<Date>><<SDLC Phase>>

<<Date>><<SDLC Phase>>
1 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks.

1 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks.
Electronic Submission of Medical Documentation (esMD) for Medicare FFS Presentation to HITSC Provenance Workgroup January 16, 2015.

Electronic Submission of Medical Documentation (esMD) for Medicare FFS Presentation to HITSC Provenance Workgroup January 16, 2015.
© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.

© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.
MY SMART PHONE DOES WHAT WITH MY BLOOD PRESSURE DATA ??? Anita Fineberg, LL.B. CIPP/C Barrister & Solicitor President, Anita Fineberg & Associates Inc.

MY SMART PHONE DOES WHAT WITH MY BLOOD PRESSURE DATA ??? Anita Fineberg, LL.B. CIPP/C Barrister & Solicitor President, Anita Fineberg & Associates Inc.
© 2012 Health Level Seven ® International. All Rights Reserved. HL7 and Health Level Seven are registered trademarks of Health Level Seven International.

© 2012 Health Level Seven ® International. All Rights Reserved. HL7 and Health Level Seven are registered trademarks of Health Level Seven International.
Security Controls – What Works

Security Controls – What Works
1 DCS860A Emerging Technology Physical layer transparency in Cloud Computing (rev. 12-16-11)

1 DCS860A Emerging Technology Physical layer transparency in Cloud Computing (rev )
1 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks.

1 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Similar presentations

Ads by Google