• Print

Interoperability Need: Query for Documents Outside a Specific Health Information Exchange Domain


Interoperability Need: Query for Documents Outside a Specific Health Information Exchange Domain

Interoperability Need: Query for Documents Outside a Specific Health Information Exchange Domain

Type

Standard/Implementation Specification

Standards Process Maturity

Implementation Maturity

Adoption Level

Federally Required

Cost

Test Tool Availability

1-Implementation Specification

IHE-XCA (Cross-Community Access)

Final

Production

rating 4

No

Free

No

Implementation Specifications

the combination of IHE-XCPD (Cross-Community Patient Discovery) and IHE-PIX (Patient Identifier Cross-Reference)

Final

Production

rating 4

No

Free

No

Implementation Specification

NwHIN Specification: Patient Discovery

Final

Production

rating 3

No

Free

No

Implementation Specification

NwHIN Specification: Query for Documents

Final

Production

rating 3

No

Free

No

Implementation Specification

NwHIN Specification: Retrieve Documents

Final

Production

rating 3

No

Free

No

Limitations, Dependencies, and Preconditions for Consideration: Applicable Security Patterns for Consideration:
  • IHE-PIX and IHE-XCPD are used for the purposes of patient matching and to support this interoperability need.
  • See IHE projects in the Interoperability Proving Ground.
  • System Authentication -   The information and process necessary to authenticate the systems involved
  • User Authentication – The information and process necessary to authenticate the end user User Details - identifies the end user who is accessing the data
  • User Role - identifies the roles and clearances asserted by the individual initiating the transaction for purposes of authorization. E.g., the system must verify the initiator’s claims and match them against the security labels for the functionalities that the user attempts to initiate and the objects the user attempts to access.
  • Purpose of Use - Identifies the purpose for the transaction, and for the purposes for which the end user intends to use the accessed objects
  • Patient Consent Information - Identifies the patient consent information that may be required before data can be accessed.
    • May be required to authorize any exchange of patient information
    • May be required to authorized access and use of patient information
    • May be required to be sent along with disclosed patient information to advise the receiver about policies to which end users must comply
  • Query Request ID - Query requesting application assigns a unique identifier for each query request in order to match the response to the original query.
  • Security Labeling – the health information is labeled with security metadata necessary for access control by the end user.
Matthew Greene
Department of Veterans Affairs

Similar to the “Provider Directory”, implementers could use FHIR (e.g. Patient resource, DocumentReference) using an appropriate authentication and authorization layer (openId, OAuth2, UMA).