50 likes | 163 Views
Query and Retrieve. Brief Profile Proposal for 2009/10 presented to the IT Infrastructure Planning Committee J. Caumanns, S. Bittins, G. Heider, M.Hurch, M. Tiani 27. September 2010. Use Case. The European epSOS infrastructure allows for a seamless cross-border exchange of health data
E N D
Query and Retrieve Brief Profile Proposal for 2009/10 presented to the IT Infrastructure Planning Committee J. Caumanns, S. Bittins, G. Heider, M.Hurch, M. Tiani 27. September 2010
Use Case • The European epSOS infrastructure allows for a seamless cross-border exchange of health data • Use Case 1: Dispensation of ePrescriptions • Use Case 2: Retrieval of Patient Summary document • Security Measures • Enforcement of national security policies at the consumer and provider site • Enforcement of patient privacy policy (derived from the patient’s consent) at the provider site • SAML for Authentication and Authorization claim (XUA, TRC) • pseudonyms may be used as patient identifiers • must allow for end-to-end encryption using PAKE (2011 extension)
The Problem • distinct XCA operations for query and retrieve hinder the enforcement of provider site security policies • retrieve does not contain a patient Id (how to discover the consent) • caching of policy decisions is a violation of SOA principles • for both epSOS use cases the consuming HCP has no added value from the separation of query and retrieve • only one Patient Summary per patient • XCA metadata do not allow for a selection of dispensable ePrescriptions • on-demand semantic mapping and transcoding is much easier with a single query-and-retrieve • national security safeguards will cause further problems • trapdoor functions for deriving doc-IDs from metadata IDs • end-to-end encryption (metadata and data)
Proposed Standards & Systems • Option 1: XCA Extension • LeafClassWithRepositoryItem response format • full spec available from epSOS • Option 2: RLUS list() operation • OMG/HL7 RLUS with HL7 common CDA semantic signifier • full spec available from epSOS
Discussion • Both solutions have been fully specified for the European epSOS project • XCA Extension: J. Caumanns, Ch. Parisot, K. Witting, B. Majurski • RLUS List: J. Caumanns, St. Lotti, G. Cangioli • effort for specification: low • effort for implementaion: low (acc. to Tiani Spirit) • fits very well with the proposed profile on minimum XD* metadata because by retrieving the data with the query only adminstrative metadata (if at all) is needed with the response