120 likes | 277 Views
HITSP SPI Layers. Workflows. ?????. ?????. All other ISxxx. Privacy Breach Notification and Disclosure Reporting. Consumer Privacy Preferences. Service Collaborations. Healthcare Document Sharing. Deliver Doc/Message. Messaging Security. Access Control. Audit Controls.
E N D
HITSP SPI Layers Workflows ????? ????? All other ISxxx Privacy Breach Notification and Disclosure Reporting Consumer Privacy Preferences Service Collaborations Healthcare Document Sharing Deliver Doc/Message Messaging Security Access Control Audit Controls Patient Identity Management Get Information De-Identification Infrastructure Security/Privacy T81 Retrieval of Med K C19 Entity Id T29 Notification of Doc C26 Non-Repudiation T85 Admin Tx T31 Document Reliable T15 Security Audit T24 Pseudonym TP13 Share Doc T33 Tx Doc on Media C25 Anon – Bio/Qual T16 Consistent Time T63 Emergency Msg DE C87 Anon – PubH Case TP21 Query for Data T17 Secure Com Channel T64 ID Comm Recpents C88 Anon – Immunization TP49/TP89 Imaging TP20 Access Control T66 Terminology Svc TP50 Forms Mgmt TP30 Consent Mgmt
HITSP Service Pattern taxonomy • Request/Response • Query Existing Data Service composed of: opt Patient Identity, T15(T16), T17, C19, TP20(T16, TP30), TP21 • Retrieve Images Service composed of: opt Patient Identity, T15(T16), T17, TP20(T16, TP30), TP49 or TP89 • Shared Document Exchange Servicecomposed of: opt Patient Identity, T15(T16), T17, C19(T16), TP20(T16, TP30), T13 use "Stored Query" (Query), "Retrieve" (Retrieve) [different service end-point] • Administrative Messaging Service composed of: opt Patient Identity, T15 (T16), T17, C19, TP20(T16, TP30), T85 • Media Documents Exchange Service composed of: opt Patient Identity, T15(T16), TP30, TP20(TP30), T33 or TP89 • Patient Identity Servicecomposed of: T15 (T16), T17, TP20(T16, TP30), opt T23 (1st), opt TP22 • Medical Knowledge Service composed of: opt T17, T81 • Form for Data Capture Service composed of: TP50, T15(T16), T17, TP20(TP30), TP50 • Send • Point-to-Point Document Exchange Service composed of: opt Patient Identity, T15(T16), T17, C19(T16), TP20(T16, TP30), T31 (T16 is precondition) • Document Announcement Service composed of: T64, T15(T16), TP20(TP30), T29 • Emergency Alerts Service composed of: T64, T15(T16), T17, TP20(T16, TP30), T63 • Clinical Messaging Service composed of: T15(T16),T17, TP20(T16, TP30), HL7 v2/v3 Messaging (T16 is precondition) • Publish/Register • Shared Document Exchange Service composed of: opt Patient Identity, T15(T16), T17, C19(T16), TP20(T16, TP30), T13 use "Provide and register" (publish), or "Register" (register) [different service end-point]
SPI Security Services Suite SPI Security Services Manage Consents Access Control Record Security Audit Synchronize Time Secure Channel Assert Identity Non-Repudiation of Origin Retrieve Pseudonym Anonymize
SPI Infrastructure Services Suite SPI Infrastructure Services Query for Existing Data Medical Knowledge Lookup Patient Identity Lookup Deliver Administrative Message Deliver Emergency Alert Deliver Clinical Message Shared Document Exchange Deliver Documents Export Documents Documents Anouncement
Access Control – Black Box view Access Control Service Access Control SCxx1 Record Security Audit T15 Synchronize Time T16 Secure Channel T17 Assert Identity C19 Manage Consents TP30 Access Control TP20
Access Control – White Box view Request: Access Control TP15 ARR TP30 Reg/Rep C19 IDP T16 CT Pre-Condition User Attr If known Gather Context Attributes Patient Attr If known Make Decision
Medical Knowledge – Black Box Medical Knowledge Service Medical Knowledge Lookup SCxx2 Secure Channel T17 Retrieve Medical Knowledge T81
Unsecured T17 covered T17+C19 Medical Knowledge - White Box Request: Medical Knowledge T81 Knowledge src Pre-Condition Or: depending on security desired (service authentication and confidentiality)
Patient Identity – Black Box Patient Identity Services Patient Identity Lookup Access Control SCxx3 SCxx1 Record Security Audit T15 Synchronize Time T16 Secure Channel T17 Patient Demographics T23 Patient Cross-Ref TP22
Unsecured T17 covered T17+C19 Patient Identity - Service Request: Patient Identity TP22 PIX Mgr T23 PDQ Mgr TP15 ARR TP16 CT SCxx1 ACS Pre-Condition
Query for Existing Data – Black Box Query for Existing Data Services Existing Data Lookup Access Control SCxx3 SCxx1 Patient Identity SCxx3 Record Security Audit T15 Synchronize Time T16 Secure Channel T17 Query for Existing Data TP21
Unsecured T17 covered T17+C19 Query for Existing Data - Service Request: Existing Patient Data TP21 QED src SCxx3 Patient Identity TP15 ARR C19 IDP TP16 CT SCxx1 ACS Pre-Condition