1 / 5

Enhancing Cross-Border Health Data Exchange: A Profile Proposal for epSOS Infrastructure

This proposal, presented to the IT Infrastructure Planning Committee in 2010, addresses the challenges of the European epSOS infrastructure for seamless cross-border health data exchange. It outlines two critical use cases: dispensation of ePrescriptions and retrieval of Patient Summary documents. The document emphasizes security measures including the enforcement of national security policies and patient privacy policies, and suggests improvements to query and retrieve operations to enhance the efficiency of health care provider interactions. Proposed solutions include XCA Extensions and RLUS List operations, with low implementation effort and alignment with proposed standards.

alamea
Télécharger la présentation

Enhancing Cross-Border Health Data Exchange: A Profile Proposal for epSOS Infrastructure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Query and Retrieve Brief Profile Proposal for 2009/10 presented to the IT Infrastructure Planning Committee J. Caumanns, S. Bittins, G. Heider, M.Hurch, M. Tiani 27. September 2010

  2. Use Case • The European epSOS infrastructure allows for a seamless cross-border exchange of health data • Use Case 1: Dispensation of ePrescriptions • Use Case 2: Retrieval of Patient Summary document • Security Measures • Enforcement of national security policies at the consumer and provider site • Enforcement of patient privacy policy (derived from the patient’s consent) at the provider site • SAML for Authentication and Authorization claim (XUA, TRC) • pseudonyms may be used as patient identifiers • must allow for end-to-end encryption using PAKE (2011 extension)

  3. The Problem • distinct XCA operations for query and retrieve hinder the enforcement of provider site security policies • retrieve does not contain a patient Id (how to discover the consent) • caching of policy decisions is a violation of SOA principles • for both epSOS use cases the consuming HCP has no added value from the separation of query and retrieve • only one Patient Summary per patient • XCA metadata do not allow for a selection of dispensable ePrescriptions • on-demand semantic mapping and transcoding is much easier with a single query-and-retrieve • national security safeguards will cause further problems • trapdoor functions for deriving doc-IDs from metadata IDs • end-to-end encryption (metadata and data)

  4. Proposed Standards & Systems • Option 1: XCA Extension • LeafClassWithRepositoryItem response format • full spec available from epSOS • Option 2: RLUS list() operation • OMG/HL7 RLUS with HL7 common CDA semantic signifier • full spec available from epSOS

  5. Discussion • Both solutions have been fully specified for the European epSOS project • XCA Extension: J. Caumanns, Ch. Parisot, K. Witting, B. Majurski • RLUS List: J. Caumanns, St. Lotti, G. Cangioli • effort for specification: low • effort for implementaion: low (acc. to Tiani Spirit) • fits very well with the proposed profile on minimum XD* metadata because by retrieving the data with the query only adminstrative metadata (if at all) is needed with the response

More Related