Interoperability Need: Query for Documents Outside a Specific Health Information Exchange Domain

Interoperability Need: Query for Documents Outside a Specific Health Information Exchange Domain

Interoperability Need: Query for Documents Outside a Specific Health Information Exchange Domain
Type	Standard/Implementation Specification	Standards Process Maturity	Implementation Maturity	Adoption Level	Federally Required	Cost	Test Tool Availability
1-Implementation Specification	IHE-XCA (Cross-Community Access)	Final	Production		No	Free	No
Implementation Specifications	the combination of IHE-XCPD (Cross-Community Patient Discovery) and IHE-PIX (Patient Identifier Cross-Reference)	Final	Production		No	Free	No
Implementation Specification	NwHIN Specification: Patient Discovery	Final	Production		No	Free	No
Implementation Specification	NwHIN Specification: Query for Documents	Final	Production		No	Free	No
Implementation Specification	NwHIN Specification: Retrieve Documents	Final	Production		No	Free	No

Limitations, Dependencies, and Preconditions for Consideration:	Applicable Security Patterns for Consideration:
IHE-PIX and IHE-XCPD are used for the purposes of patient matching and to support this interoperability need. See IHE projects in the Interoperability Proving Ground.	System Authentication - The information and process necessary to authenticate the systems involved User Authentication – The information and process necessary to authenticate the end user User Details - identifies the end user who is accessing the data User Role - identifies the roles and clearances asserted by the individual initiating the transaction for purposes of authorization. E.g., the system must verify the initiator’s claims and match them against the security labels for the functionalities that the user attempts to initiate and the objects the user attempts to access. Purpose of Use - Identifies the purpose for the transaction, and for the purposes for which the end user intends to use the accessed objects Patient Consent Information - Identifies the patient consent information that may be required before data can be accessed. May be required to authorize any exchange of patient information May be required to authorized access and use of patient information May be required to be sent along with disclosed patient information to advise the receiver about policies to which end users must comply Query Request ID - Query requesting application assigns a unique identifier for each query request in order to match the response to the original query. Security Labeling – the health information is labeled with security metadata necessary for access control by the end user.

Matthew Greene

Department of Veterans Affairs

Similar to the “Provider Directory”, implementers could use FHIR (e.g. Patient resource, DocumentReference) using an appropriate authentication and authorization layer (openId, OAuth2, UMA).