100 likes | 251 Views
Automate Blue Button Initiative Pull Workgroup Meeting. September 25, 2012. Meeting Etiquette. From S&I Framework to Participants: Hi everyone: remember to keep your phone on mute . All Panelists . Remember: If you are not speaking, please keep your phone on mute
E N D
Automate Blue Button InitiativePull Workgroup Meeting September 25, 2012
Meeting Etiquette From S&I Framework to Participants: Hi everyone: remember to keep your phone on mute All Panelists • Remember: If you are not speaking, please keep your phone on mute • Do not put your phone on hold. If you need to take a call, hang up and dial in again when finished with your other call • Hold = Elevator Music = frustrated speakers and participants • This meeting is being recorded • Another reason to keep your phone on mute when not speaking • Use the “Chat” feature for questions, comments and items you would like the moderator or other participants to know. • Send comments to All Panelists so they can be addressed publically in the chat, or discussed in the meeting (as appropriate). 2
Announcements and Reminders • Meeting Reminders • Pull Workgroup Meetings are Tuesdays from 3:00 – 4:00 pm Eastern. • The next Community Meeting will be held on Wednesday, October 3, 2012. • Meeting information is on the Automate Blue Button Wiki Page: http://wiki.siframework.org/Automate+Blue+Button+Initiative 4
Pull Workgroup Overview PULL • Allowing a third party application to access my personal health data on demand EXAMPLE USE CASE A patient can direct a third party application to have on demand access to his/her personal health information via the internet. The dataholder will ensure this data is made available and follow certain privacy and security standards. REQUIREMENTS & ASSUMPTIONS IN SCOPE (TO BE CONSIDERED) OUT OF SCOPE (NOT TO BE CONSIDERED) • Authentication, transport, and content standards. • Leverage REHx project (Oauth, OpenID, and HTTPauth) • Confirm validity of these re: HIPPA regulations [for Policy Sandbox] • Leverage identity work from NSTIC • Leverage ToC project • Leverage lab interface project • Data must be transmitted securely • Patient must give application consent to pull health information from data holder • Data sent must be both human-readable and machine-readable • Identify the dataholder requirements • Policy concerns and constraints. This initiative will define the mechanism, – how and where they apply it will be up to state and local laws 5
Use Case Discussion Use case posted on wiki (by Adrian Groper): Using DIRECT to send three things from a Blue Button Portal to a third party: 1) Destination of the BB data, 2) Content of the BB data (what subset of available data is accessible to pull for this specific authorization), and 3) Expiration and Notification (one time, until date, renewable by request, cc the patient) Use case proposed by Humetrix: use tokens and fixed URLs to make it easier for 3rd parties to log-in on the users behalf and download blue button data. Tokens could optionally contain unique keys assigned (by the Blue Button site administrator) to individual developers. This would allow the token to be validated as being submitted by an approved developer. Use case proposed by Keith Boone: Patient accesses URL containing patient data through provider portal or other information system. Patient or their authorized representative and provider have mutually established a link between patient identity, and the patient's record, that the patient will use to access those records. Other use cases 6
Pull Discussion • Feedback • Current and Outstanding Issues • Decision Points • Discussion of the potential for APIs to be built onto EHR and portals, so that a 3rd-party developer or service could access that data (under the consumer’s direction) • Concerns about dataholders’ and EHR vendors’ willingness to support PULL (privacy and security risks) • Digital identification • Protocols for setting and revoking access • Consent issues • Trust or certification of 3rd party applications • Surface additional issues • Identify existing standards • Propose potential use cases 7
Next Steps • Next Steps • Question: is there a composite of the three options that can be done? • Question: Option 1 - is Direct adoption where it needs to be to make it viable. • Question: Option 1 and 3 similar? What are the differences? • Question: Option 2 – centers around security and the application developer side. What are the security issues for the data holder? Vs the 3rd party application. • Question: Option 3 - Is OAuth easy? How does it really work? Can we get someone to give us a quick overview/demonstration of OAuth? • DISCUSS AND COMMENT ON THE WIKI!!! • Write up / collect all the options • Present all the options for review / agreement by the group • Meeting Reminders • Next PULL Workgroup Meeting is Tuesday, October 2, 2012 @ 3:00 pm Eastern. • The next Community Meeting will be held on Wednesday, October 3, 2012. • http://wiki.siframework.org/Automate+Blue+Button+Initiative • For questions, please contact your support leads • Initiative Coordinator: Pierce Graham-Jones (pierce.graham-jones@hhs.gov) • Presidential Innovation Fellow: Ryan Panchadsaram (ryan.panchadsaram@hhs.gov) • Project Manager: Jennifer Brush (jennifer.brush@esacinc.com) • S&I Admin: Apurva Dharia (apurva.dharia@esacinc.com)
Useful Links • Automate Blue Button Wiki • http://wiki.siframework.org/Automate+Blue+Button+Initiative • Pull Workgroup • http://wiki.siframework.org/ABBI+Pull+Workgroup • Join the Initiative • http://wiki.siframework.org/Automate+Blue+Button+Join+the+Initiative 9
Comment Evaluation Comment on Project Charter Topic: Pilot Pull implementation by March 3, 2013 (Reconsider when workgroup charters are complete) Comment Focus: Parallel timeline between PUSH and PULL Comment Text: Yes on the charter, providing that the auto Pull Pilot is put on the same timeline as the auto Push Pilot given that the industry has existing auto Pull solutions. (Humetrix will post a pilot for this). [Bettina Experton, Humetrix.] Follow Up Comment: My comments addressed the difference in the milestone implementation deliverable date of March 3, 2013 for the Pull Pilot , vs. November 22, 2012 for the Push Pilot as shown on the Charter right now (please see below my copy paste from the site).- and not their kick off dates. These 2 pilot end point milestones should be set for the same date. There is existing industry implementation of Blue Button Auto-Pull, which implementation protocol can be easily described and shared with the developer community at large via the ABBI and for which a pilot can be quickly implemented( We will post a use case on this shortly as asked by Pierce). I will be happy to promptly change my vote when the Auto-Pull pilot end date will be changed to November 22, 2012 (or the Auto-Push pilot end date moved to March 3, 2013). Draft Disposition: Accepted with Modifications. “The target dates took into account the time needed for each workgroup to drive to consensus and for a company to implement the best practice from scratch. However, we absolutely welcome companies who are leaders in the area and have already made progress to accelerate the timetable by releasing an implementation earlier.”