1. Data Access Framework (DAF) - IHE Proposal October 9 th 2013 1

2. Current Status Due to the government shutdown, all recommendations which would affect the scope of work cannot be confirmed at this time However, recommendations will be recorded by volunteer SDC community members and shared with ONC once the shutdown is over and the stop-work order has been lifted – All of those participating today are volunteering their time on behalf of the individual or organization All S&I Framework activities have been cancelled until further notice, however all timelines & targets set by initiatives before the shutdown should be assumed to be in place until further notice 2

3. A Brief History of the Data Access Framework (DAF) BlueButton initiatives enabled patients to access to their own data DAF is a similar concept, except it is focused on enabling providers to access their patient’s data both within and across organizations 3

4. Data Access Framework Local Access via Intra-Organization Query Targeted Access via Inter-Organization Query Multiple Data Source Access via Distributed Query (Query Health) – Completed Initiative Standards based approach to enable access at all levels: Local, Targeted, and Distributed Create and disseminate queries internal to organization Query Structure Layer APIs Receive standardized responses Query Results Layer Create and disseminate queries internal to organization Query Structure Layer APIs Receive standardized responses Query Results Layer Create and disseminate queries to external organization Query Structure Layer Transport Layer Authentication/Authorization Layer Receive standardized responses from external orgs Query Results Layer Create and disseminate queries to external organization Query Structure Layer Transport Layer Authentication/Authorization Layer Receive standardized responses from external orgs Query Results Layer Create and disseminate queries to multiple orgs Governed by a network Receive aggregated or de-identified responses Focus on Information Model for the network and leverage standards from earlier phases. Create and disseminate queries to multiple orgs Governed by a network Receive aggregated or de-identified responses Focus on Information Model for the network and leverage standards from earlier phases. Data Source Data Source Data Source Query Request Query Response X Hospital System Y Hospital System DAF – Overall Context 4

5. DAF Query Challenges Queries should be flexible to use different transport options (building blocks) SOAP, REST, Direct There are a variety of different kinds of queries to consider: Patient Level or Population Level Quality Measure or CDS Queries could be Document based or Data element based For e.g Get me CCDA’s (Document Type query) for all patients and then check if they have a1c > 8% vs Get me a list of patients who have a1c > 8% ( Data element type query) Internal or External to the organization (with Authentication/Authorization implications) Queries to extract data from EMR that could be used by provider’s care management tools and 3 rd party applications A modular, substitutable, incremental approach should use these building blocks, and develop a flexible architecture for “asking questions of the data”.

6. DAF – Challenges Cont’d To support the various user stories and access mechanisms there is a need to create a modular and substitutable framework that can be evolve with the industry over time –Modular framework can be best visualized as a stack of standards with multiple layers independent of each other –Substitutable standards will provide the ability to replace standards for a single layer and reuse standards from the other layers Basic Transport Protocols Application Transport Protocols Query Structure Query Vocabularies and Value Sets Authentication/Autho rization Result Structure Result Vocabularies and Value Sets Information Models Transport Layer Security Layer Query Structure Query Results Data Model to support queries Data Access Framework 6

7. Basic Transport Protocols Application Transport Protocols Query Structure Query Vocabularies and Value Sets Authentication/Autho rization Result Structure Result Vocabularies and Value Sets Information Models DAF – Modularity and Substitutability Challenge Transport Layer Security Layer Query Structure Query Results Data Model to support queries Data Access FrameworkInitial Candidate Standards HTTP SMTP SOAP (IHE SOAP) SOAP (IHE SOAP) RESTful (IHE mHealth) RESTful (IHE mHealth) Direct TLS+SAML TLS+OAuth2 S/MIME ebRIM/ebRS HL7 FHIR HL7 HQMF C-CDA HL7 v2.5.1 QRDA I, II, III MU2 ModSpec RTM 7

8. DAF – Initiative Scope The work of this initiative will be done in 2 phases: Phase 1 is focused on Local Access via Intra Organization Query Phase 2 is focused on Targeted Access via Inter Organization Query The following capabilities are In-Scope: Define the modular layers for Data Access Framework to support identified business and functional requirements. Identify the existing standards that can be used for each layer of the Data Access Framework including guidance for substitutability of standards for both Local Access and Targeted Access. Define Implementation Guides leveraging existing standards where necessary to structure queries and query results for identified business and functional requirements. Identify standardized APIs that allow applications to query data in a consistent manner across EHRs. We will work with FACA and OPP to coordinate policy issues 8

9. DAF – Local Data Access User Stories 9 A Provider accesses clinical summary documents on an ad hoc basis for a new diabetic patient with documented poor glucose control – User Story #1 A new patient arrives to a small family practice in Boston, MA. The PCP sees a 48 year-old male, with Diabetes Mellitus Type I (DM I) diagnosis since age 12. The patient has a history of myocardial infarction (MI) at age 37 and a stroke at age 43. The patient admits that he often forgets to take his medication as prescribed and often forgets to check his blood sugar levels throughout the day. The patient travels for works and has been admitted to different ER’s numerous times for acute complications due to elevated blood sugar levels. All healthcare facilities where the patient was admitted generated clinical summaries and sent the information to patient’s new physician at the patient’s request. The clinical summaries have been stored in the local document repository database within the organization. For today’s visit, the physician generates an ad-hoc query within the EHR to access all clinical summary documents produced locally and those received from other healthcare facilities, so that he can check if the patient’s HbA1c levels were greater than 7% and if the glucose levels were greater than 100mg/dL over the past 5 years the EHR system queries the document repository database to retrieve the requested information and sends back multiple clinical summary documents to the physician for additional review. This information provides the physician required context to understand the severity of circumstances that led to the patient’s ER admission, the severity of the patient’s non- adherence to medications and formulate a plan to improve the patient’s lifestyle and adherence to medications to mitigate future ER visits and reduce or prevent the progression of established comorbidities.

10. DAF – Local Data Access User Stories 10 Physician referral to Endocrinologist within the same organization using different EHRs with system alerts for patient protected information – User Story #2 In accordance with best practice, the Gastroenterologist orders fasting glucose lab tests for new or current Hepatitis C patients. The Gastroenterologist’s EHR receives results from source systems based on queries which are set up to run automatically, and alerts him when a patient’s fasting glucose lab results are between 100 mg/dL and 125 mg/dL. During an initial encounter with a VA patient for Hep-C, the Gastroenterologist is alerted that the patient’s glucose intolerance lab results are very high. The Gastroenterologist wants to refer the patient to an Endocrinologist in his practice. In preparation for the referral, the Gastroenterologist queries the repository for all of the patient’s records including sensitive records disclosed to him by the VA per the patient’s consent. The Gastroenterologist receives a response to this query and is alerted that information related to the patient’s Hep-C, which was diagnosed during substance abuse treatment, is protected under Title 38, and may not be disclosed without patient consent. Before making the referral, the Gastroenterologist asks the patient whether she consents to disclose protected information to the Endocrinologist. The patient agrees, and signs an electronic consent directive. The Gastroenterologist’s EHR updates the security labels on this patient’s protected information authorizing the Endocrinologist to query for her records. When the Endocrinologist’s EHR system queries Gastroenterologist’s EHR, it is authorized to receive the patient’s records including the Title 38 protected information. When researchers within the Endocrinologist’s practice query for Hepatitis C patients, they will not receive the results for patients who have not consented to disclosure for research, because they are not authorized.

11. DAF – Local Data Access User Stories 11 A provider needs to access information for one of his patients’ who recently moved to a new state and that has a new care team – User Story #3 A patient is moving from Michigan to Florida for retirement. The patient has diabetes and has also undergone multiple open heart surgeries to correct irregular heartbeats and other ailments related to heart. His new care team in Florida is preparing for an initial visit and has requested the patient to retrieve his medical history from as many sources as possible. The patient approaches the Michigan hospital, PCP and the cardiologist office who are part of the current team and where he has received treatment before. He requests each one to provide his medical records (clinical documents) to date. The providers query each of their local EHR systems to obtain the clinical documents, requested by the patient. Now that the patient has all necessary records, he can carry them with him on his initial visit to a new care team in Florida.

12. DAF – IHE Scope 12 Create a White Paper that Defines the modular layers of the Query Stack Identifies the existing profiles that can be used for queries Identifies the changes that may be required to modularize the existing profiles Identifies the gaps where new profiles or implementation guides will be required to meet the prioritized user stories. Identify issues related to backward compatibility and the impact of changes on existing implementations Develop the changes that may be required to existing profiles and ballot the changes following the IHE process. Changes maybe related to Inclusion of Security and Privacy metadata Allow identification of query types and standards followed for query structure Allow identification of query results structures required Develop new profiles and/or implementation guides that are required for prioritized user stories (specifically data element based access) and ballot the artifacts following the IHE process.

13. ONC – IHE Coordination 13 IHE work schedule and ONC time schedule will need to be aligned ONC Initiative can produce artifacts that can be leveraged as starting point for IHE activities and discussions ONC Initiative support team will work with IHE to develop the necessary artifacts IHE Process and ONC processes have will need to be aligned for effective usage of resources