Embed Size (px)
Citation preview
Structured Data Capture (SDC)Gap Mitigation
July 18, 2013
UCR to Standards Crosswalk • UCR-Crosswalk Analysis Update
– Added three new standards • CDA Questionnaire Form IG• CDA Questionnaire Response IG• Author of Record (esMD)
– Completed Mapping of all Standards against Requirements– Identified suitable Standards for Transport, Security, and Authentication
• Transport: SOAP and REST• Security: TLS • Authentication: SAML 2.0
Transport & Security Content & Structure
# Transaction Transport Authentication
Security/ Encryption Service
Authorization
/ConsentOrganizer/ Container Item Payloads
Reference Information
Model
II01EHR System - Send
Form/template request to Form/Template Repository
SOAPREST SAML TLS
RFDXD*IHE DEX
XUA N/A
To be considered over the longer term:
FHIMCIMICDASH
II02EHR System - Send
Form/Template Request to Form/Template Repository with relevant patient data
SOAPREST SAML TLS RFD
XD*XUABPPC
ODM (partial)ICSR (partial)HL7 V3 - Patient Administration Domain
CDA R2CCDACommon Formats (partial)
II03Form/Template Repository
- Sends blank form/template
SOAPREST
SAML TLSRFDXD* (partial)IHE DEX
XUA
CDA R2 (partial)CDA Questionnaire Form IGIHE DEXXHTMLODM (partial)
CDA R2 (partial)CDA Questionnaire Form IGX-FormsXHTMLCommon Formats (partial)CDS Knowledge Sharing IG
II04
Form/Template Repository - Sends form/template with
populated patient data*consider dependency on how
population occurs
SOAPREST SAML TLS
RFDXD* (partial)IHE DEX
XUABPPC
CDA R2 (partial)CDA Questionnaire Form IGIHE DEXXHTML
CDA R2 (partial)CDA Questionnaire Form IGX-FormsXHTMLCDS Knowledge Sharing IG
II05EHR System - Sends
completed form/template structured data
SOAPREST SAML TLS RFD
XD* (partial)
XUABPPCAuthor of Record (esMD)
CDA Questionnaire Response IG
CDA Questionnaire Response IGCDA R2 (partial)CCDA (partial)X-Forms (partial)CDS Knowledge Sharing IG (partial)
S04
Form/Template Repository - (Conditional) Auto-
population of retrieved form / template with EHR-
sent patient data
N/A IHE DEX XUABPPC
ISO 11179 (partial)ODM CDS Knowledge Sharing IG
S05
EHR System - (Conditional) Auto-population of
displayed form / template with EHR-derived patient
data
N/A IHE DEX N/A ISO 11179 (partial)ODM CDS Knowledge Sharing IG
S08EHR System - Store
structured data from form/template in standard
formatN/A RFD X-Forms
XHTML
# Transaction Transport Authentication Security/Encryption Notes on dependencies
II01EHR System - Send
Form/template request to Form/Template Repository
SOAPRESTDirect (SMIME)
SAMLTLSDirect (SMIME)HTTPS
• Create IG guidance around substitutable transport options (for all requirements)
II02
EHR System - Send Form/Template Request to
Form/Template Repository with relevant patient data
SOAPRESTDirect (SMIME)
SAML
TLSDirect (SMIME)HTTPSXD*
• Do some of the services specify specific transports?
II03Form/Template Repository - Sends blank form/template
SOAPRESTDirect (SMIME)
SAML
TLSDirect (SMIME)HTTPSXD* (partial)
II04Form/Template Repository -
Sends form/template with populated patient data
SOAPRESTDirect (SMIME)
SAML
TLSDirect (SMIME)HTTPSXD* (partial)
II05EHR System - Sends completed form/template structured data
SOAPRESTDirect (SMIME)
SAML
TLSDirect (SMIME)HTTPSXD* (partial)
Transport and Security
4
Transport & Security – Transport
Standard Summary of Findings from UCR Crosswalk
Keep?Y/N Gaps & Mitigation
SOAP~Transport~
HITSC Rating:*M: 100A: 100SI: 100T: 100
(Y) Fits:Commonly used transport standard.
(P) Partially Fits:
(N) Does not Fit:
Y • Used commonly with SAML, very prominent use among implementers
REST~Transport~
HITSC Rating:*M: 100A: 100SI: 42.9T: 88.3
(Y) Fits:Commonly used transport standard.
(P) Partially Fits:
(N) Does not Fit:
Y • Looked at by implementers as potentially more efficient than SOAP, but less mature at this point
• Usually used with OAuth as opposed to SAML – can it be used with SAML at all?
• Leveraged by FHIR model
Direct (SMIME)~Transport~~Security~
HITSC Rating:*M: 88.2A: 96.5SI: 42.9T: 81.7
(Y) Fits:Can be used as an additional or optional layer of security on top of REST and/or SOAP
(P) Partially Fits:
(N) Does not Fit:SOAP and REST may be sufficient on their own. Is there any reason to keep DIRECT?
N
5
Transport & Security – Security
Standard Summary of Findings from UCR Crosswalk
Keep?Y/N Gaps & Mitigation
XD*~Security~
HITSC Rating:*M: 93.3A: 93SI: 52.4T: 84.8
(Y) Fits:
(P) Partially Fits:Related to metadata for existing documents that have been registered
Could require modifications/ extensions to be appropriate to use with other standards (RFD for example)
(N) Does not Fit:
Not on T&S • Does specify the use of TLS
TLS~Security~
HITSC Rating:*M: 100A: 100SI: 42.9T: 88.3
(Y) Fits:Fulfills all Information Interchange requirements for Security
(P) Partially Fits:
(N) Does not Fit:
Y • Cost and management of certificate is an issue• TLS v1.0 or higher for transport level security
HTTPS(SSL)
~Security~
HITSC Rating:*M: 88.2A: 96.5SI: 33.3T: 86.4
(Y) Fits:Fulfills all Information Interchange requirements for Security
(P) Partially Fits:
(N) Does not Fit:
N • TLS specifies the exchange & validation of certificates at both sides – would not get with HTTPS/SSL
• Long term sustainability?
6
Transport & Security – Authentication
Standard Summary of Findings from UCR Crosswalk
Keep?Y/N Gaps & Mitigation
SAML 2.0~Authentication~
HITSC Rating:*M: 96.2A: 100SI: 9.5T: 79.7
(Y) Fits:Fits all Information Interchange Requirements for Authentication
(P) Partially Fits:
(N) Does not Fit:
Y • SAML 2.0 is not designed to work with REST. So, generally SAML 2.0 is used with SOAP and OAuth is used with REST
OAuth~Authentication~
HITSC Rating:*M: A: SI:T:
NA Y • OAuth added during Gap Mitigation discussion to support RESTful implementation
7
8
# Transaction Service Authorization /Consent
Organizer/Container Item Payloads Notes on dependencies
II01
EHR System - Send Form/template
request to Form/Template
Repository
RFDXD*IHE DEX
XUA N/A
II02
EHR System - Send Form/Template
Request to Form/Template Repository with relevant patient
data
RFDXD*
XUABPPC
ODM (partial)ICSR (partial)HL7 V3 - Patient Administration Domain
CDA R2CCDACommon Formats (partial)
II03
Form/Template Repository - Sends
blank form/template
RFDXD* (partial)IHE DEX
XUA
CDA R2 (partial)CDA Questionnaire Form IGIHE DEXXHTMLODM (partial)
CDA R2 (partial)CDA Questionnaire Form IGX-FormsXHTMLCommon Formats (partial)CDS Knowledge Sharing IG
II04
Form/Template Repository - Sends form/template with populated patient
data
RFDXD* (partial)IHE DEX
XUABPPC
CDA R2 (partial)CDA Questionnaire Form IGIHE DEXXHTML
CDA R2 (partial)CDA Questionnaire Form IGX-FormsXHTMLCDS Knowledge Sharing IG
II05
EHR System - Sends completed
form/template structured data
RFDXD* (partial)
XUABPPC
CDA Questionnaire Response IG
CDA Questionnaire Response IGCDA R2 (partial)CCDA (partial)X-Forms (partial)CDS Knowledge Sharing IG (partial)
Content & Structure
8
Standard XML template
XML Template
• Which XML standards can provide the template for each of these sections?– Form Description– Context– Actions– Privacy & Security– Patient Data– Non-Patient Data
• Does align with a more generalized version of the RFD structure– Can leverage for the service-layer piece
Actions
Patient Data
Form Description
Context
Privacy & Security
Non-Patient Data specific to domain
Content and Structure – Service / Container
Standard Summary of Findings from UCR Crosswalk
Keep?Y/N Gaps & Mitigation
RFD~Service~
HITSC Rating:*M: 89A: 94.7SI: 33.3T: 79.5
(Y) Fits:Fulfills all Information Interchange Requirements for Service category
(P) Partially Fits:
(N) Does not Fit:
Y • RFD to reconsider REST as well as SOAP• At some points, RFD may be too specific for SDC IG
Questions for All Hands:• Are we leveraging RFD IG or simply using it as a model?
• Can we include XD* in the SDC generalized version of what we can pull from RFD?
XD*~Service~
HITSC Rating:*M: 93.3A: 93SI: 61.9T: 86.74
(Y) Fits:Describes the payload
(P) Partially Fits:Partially supports II03, II04 & II05
Related to metadata for existing documents that have been registered
(N) Does not Fit:
Target for EHR
Interaction• Specifies the use of TLS• Doesn't have any provisions for "Form" and "Auto-
population“• Could require modifications/ extensions to be appropriate to
use with RFD
Outstanding work item for Standards SWG:• XDR most appropriate and could look to extend it
IHE DEX~Service~
~Container~
HITSC Rating:*M: 67.1A: 86SI: 0T: 59.7
Not finalized yet. Not mature. Lack of substantial experience out there with IHE DEX; The way it currently defines data element does not fit well with other X Paths
Container for II03 & II04
Target for EHR
Interaction
• Not mature & tested yet
Outstanding work item for Standards SWG:• How and if DEX can fit in to the Service/Container?• Could be useful for Form/Definition or auto-population• Can this work with ISO 11179
10
Form Description
Content and Structure – Container & PayloadsStandard Summary of Findings from UCR
CrosswalkKeep?Y/N
Notes, Gaps & Mitigation
CDA R2~Container~
~Item Payloads~
HITSC Rating:*M: 87.8A: 86SI: 57.1T: 80.9
(Y) Fits: II02
(P) Partially Fits:Fulfills II03, II04 & II05 partially
(N) Does not Fit:
Y • Use IGs which already exist where we can• Leave it as the “base unit”
CDA Questionnaire Form & Response
IGs~Container~
~Item Payloads
HITSC Rating:*M: 54.85A: 77.19SI: 38.1T: 58.9
(Y) Fits:II03 (Form), II04 (Form) & II05 (Response)Questionnaire as defined could be a generic document -- form/templateDeveloping templates to inform these two guides -- form is not yet specific to a patient, in the case of a CDA R2 document always in relation to a patient
(P) Partially Fits:
(N) Does not Fit:
Target for EHR
Interaction
• RFD currently states that X-Forms of XHMTL should be used for the response
• Are the CDA IGs compliant?
• Can direct the implementer to - CDA Consent Directive IG - Digital Signatures or AoR Igs
• Questionnaire Response IG doesn’t support all requirements identified in the Forms SWG. Need to see if it can be extended to support SDC Forms requirements.
XHTML~Container~
~Item Payloads~HITSC Rating:*M: 98.3A: 100SI: 4.76T: 79.7
(Y) Fits:Fulfills II03 & II04 requirements
(P) Partially Fits: Consider using something more generic like HTML5, HTML or XMLXHTML is basically a restricted HTML(N) Does not Fit:
Discuss • Generic• HTML5 is more suitable for SDC needs and should be
considered as a replacement to XHTML
11
Patient Data
Patient Data
Context
Privacy & SecurityNon-Patient Data specific to domain
Form Description
Content and Structure - Container & Payloads
Standard Summary of Findings from UCR Crosswalk
Keep?Y/N Gaps & Mitigation
C-CDA~Item Payload~
HITSC Rating:*M: 86.5A: 87.7SI: 80.9T: 85.8
(Y) Fits:Mapped to II02(P) Partially Fits:Partially to II05.CCDA contains specific templates of CDA. Issues may arise when document is being pushed out as a C-CDA document.(N) Does not Fit:
N • Would need to define new CCDA templates• Use Form IGs for CDA candidate
Common Formats~Item Payload~
HITSC Rating:*M: 100A: 100SI: 57.4T: 88.1
(Y) Fits:
(P) Partially Fits:Fulfills II02 & II03
Common Formats are exchanged using CDA XML file structure (document structure: CDA, file format: XML
(N) Does not Fit:
Not for the generic IG, but in the
AHRQ instance
• Leverages CDA R2• Will align with the guidance we provide
X-Forms~Item Payload~
HITSC Rating:*M: 36.7A: 89.5SI: 0T: 46.8
(Y) Fits:(P) Partially Fits:XML DerivativeFulfills II03 & II04 because X-Forms was intended to be used for these Information Interchange Transactions(N) Does not Fit:
Discuss
12
Content and Structure – Payload
Standard Summary of Findings from UCR Crosswalk
Keep?Y/N Gaps & Mitigation
CDS Knowledge Sharing IG
~Item Payload~
HITSC Rating:*M: 43.9A: 89.5SI: 71.4T: 64.7
(Y) Fits:Fulfills II03 & II04Good fit for the content of the form itselfConsider as the payload
(P) Partially Fits:Partially II05
Supports transformation of the form data into some other modelSDC to look at how transformations could work with the standards so it could be published in multiple formats
(N) Does not Fit:
N • There could be an extension to the schema to support II01 & II02 requests
• Would like to use a CDA-based exchange
Author of Record Level 1 (Digital
Signature)
HITSC Rating:*M: 77.22A: 94.74SI: 9.52T: 69.20
N/A Y • Point to in the IG when applicable
13
Content and Structure
Standard Summary of Findings from UCR Crosswalk
Keep?Y/N Gaps & Mitigation
XUA~Authorization
/Consent~
HITSC Rating:*M: 90.7A: 91.2SI: 0T: 72.3
(Y) Fits:Fulfills all Information Interchange Requirements for Service category
T&S standard(P) Partially Fits:
(N) Does not Fit:
Y • Point to in the IG when applicable
BPPC~Consent~
HITSC Rating:*M: 100A: 61.9SI: 61.9T: 81.7
(Y) Fits:
(P) Partially Fits:Only fulfills II03, II04 & II05 requirements
T&S Standard(N) Does not Fit:
Y • More explicitly tied to the concept of community-exchanges
• Point to in the IG when applicable
CDA Consent Directive IG
~Consent~
HITSC Rating:*M: 75.95A: 94.74SI: 9.52T: 68.62
Was not evaluated Y • CDA Questionnaire Form & Response IGs use this IG to document consent
• Point to in the IG when applicable
14
Content and Structure
Standard Summary of Findings from UCR Crosswalk
Keep?Y/N Gaps & Mitigation
ODM~Container~
HITSC Rating:*M: 88.6A: 94.7SI: 0T: 72.5
(Y) Fits:Fulfills S04 & S05
(P) Partially Fits:Partial for II02 & II03Content of ODM is non-restrictive. Use for quality measure reporting. Capable of accommodating other data elements if properly configured.
(N) Does not Fit:
N
ICSR~Container~
HITSC Rating:*M: 79.3A: 87.7SI: 38.1T: 73.7
(Y) Fits:
(P) Partially Fits:Partial for II02
Part of public health initiative in S&I Framework(N) Does not Fit:
N
HL7 V3 - Patient Administration
Domain ~Container~
HITSC Rating:*M: 58.3A: 78.1SI: 50T: 63.2
(Y) Fits:Full solution for II02
(P) Partially Fits:HL7 V3 Doesn’t support returning form data
(N) Does not Fit:
Discuss
15
