CONSENT2SHARE TECHNICAL COMPONENTS V2.1

Transcription

1 CONSENT2SHARE TECHNICAL COMPONENTS B L U E P R I N T V2.1

2 C2S Technical Components Blueprint Interface and Web s Detail G HIE H EHR CLIENT PC I ClamAV J Audit Server K Reporting Server L DIRECT M Terminology N Drools Guvnor Check Viruses Log Audit Events Deliver Reports Send Secure Lookup Coded Concept Get Tagging Rules E STS Secure Token Federated Security Get User ID Provider Request CCD from the HIE Manage Users Manage Profile A1 A3 Staff Admin UI User A2 A4 Staff Acct. Value Set Manage Value Sets Get ID D1 D2 D3 D4 REG API Registration PAT API -User Setup API PHR API Health s PLS API Provider Lookup Create Locally PHR CACHE D13 PLS Register In HIE Request CCD from HIE F Update (Optional) B1 B3 B5 Share Profile Data Entry UI B2 B4 B6 Provider Consent View Search Providers Manage Providers Manage Consents Try My Consents Settings View, Save and Share Request/Response Look Up Value Set Categories Look Up Providers D5 D6 D7 D8 D9 VSS API Value Set DSS API Data Segmentation TRY API Try My Policy PCM API Consent Management VAL API Validator Get Consent VSS CACHE D14 PCM Segment Get Validate Before/After Segmentation Store Consent Directives D10 PEP API Policy Enforcement Point Segment UMA SMART on FHIR IBM BlueMix Cloud Foundry C1 System Admin UI Role and Permission C2 Upload Providers Upload Providers Manage Roles and Permissions Get Consent D11 D12 CTX API Context Handler RPM API Role & Permission Management Makes Access Decision Based On Policy

3 C2S Business Components Blueprint Interface and Web s Detail STS Staff Admin UI E Secure Token Federated Security Provider Request CCD from the HIE A1 A3 User A2 A4 Staff Acct. Value Set Manage Providers Manage Consents Consent2Share Engine D6 D7 D8 DSS API Data Segmentation TRY API Try My Policy PCM API Consent Management Get Consent Segment Get Request CCD from HIE F B1 B3 B5 Share Profile Data Entry UI B2 B4 B6 Provider Consent View Try My Consents Settings Get Consent D9 D10 D11 VAL API Validator PEP API Policy Enforcement Point CTX API Context Handler Validate Before/After Segmentation Segment Makes Access Decision Based On Policy Store Consent Directives

4 C2S Technical Components Blueprint Detail F Connectors F1 XDS.b Registry/Storage 41 F6 API F2 XDS.b Retrieval Find Add Get F3 Create Data Query IHE PDQ 47 F7 F4 C-CDA Validation Runtime Entity Query IHE PIX 45 F8 F5 Semantic Mapping Runtime ID Cross-Ref. 44 G HIE

5 C2S Technical Components Blueprint ACS Detail D Access Control s D11 CTX API Context Handler D12 PEP API Policy Enforcement Point D6 D5 DSS API Data Segmentation VSS API Value Set Look Up Value Set Categories D9 VAL API Validator

6 C2S Integration Components Blueprint REFERENCE A1. Management Is a module used by administrative staff to create and manage patient accounts. A2. Staff Account Management Is a module used by power user (administrative staff) to create and manage user accounts. A3. User Management Is a module used by administrative staff to create and manage user accounts. A4. Value Set Management Is used by administrative staff to manage value sets and map them to appropriate sensitivity categories and privacy settings. B. UI Is an application component that is used by the patient to manage his/her health information. B1. Share A module that uses consents to share patient health information between providers and/or patients and providers. B2. Provider A module to search and manage the patient s providers. B3. Identity A module used to create and manage patient records in the HIE. B4. Consent A module used to create and manage consent policies that determine the level of privacy applied to the patient s health record when it is shared between providers and/or patients and providers. B5. Data Entry A module used for patient self-managed health data, track fitness/health progress, and collect medical readings from electronic medical devices. B6. View A module used to view medical records/health information retrieved from the. C1. Role and Permission Management A module to manage roles and permissions and associate them. C2. Upload Providers A module to upload files with provider information in the format provided by CMS. D1. REG API Registration (REG) API handles patient account creation and requests. D2. PAT API User Setup (PAT) API links a "" record (e.g. patient, self, or guardian) to a standard user account and allows the UAA to associate it with a user functions template. D3. PHR API Health (PHR) API handles requests for viewing and sharing patient health information, and patient entered data. D4. PLS API Provider Lookup (PLS) API handles requests such as when a user searches for a provider. D5. VSS API Value Set (VSS) API handles the creation and editing of value sets with the potential to use external services (e.g VSAC). D6. DSS API Data Segmentation (DSS) API handles the segmentation of a patient s sensitive health information per their consent. BRMS service is included in DSS. D7.TRY API Try My Policy (TRY) API allows patients to try-their-policy against their medical record or a sample medical record in order to view the segmented medical record. D8. PCM API Consent Management (PCM) API handles the creation and editing of consent, and also provides the policy for segmentation. D9. VAL API Validator (VAL) API validates CCDA R1 and 2.1 documents based on schema and schematron rules D10. PEP API Policy Enforcement Point (PEP) API recieves requests for patient information and records and checks to see how to handle the request. D11. CTX API Context Handler (CTX) API makes decisions based on the consent policy. D12. RPM API Role and Permission Management (RPM) API handles the creation and editing of roles and permissions, and association between them. D13. PHR CACHE Temporarily stores patient health information retrieved from the. D14. VSS CACHE Temporarily stores value set information in cache memory. E. Secure Token Federated security model that controls access across several modules and services by issuing tokens for authentication and authorization. F. (F1-F8) A component that provides the Consent2Share application with common semantic process and interoperability capabilities to enable access to patient health data via a standards based HIE implementations. G. HIE The system components where the patient health information originates, and which integrates with the and Portal. H. EHR The system component that providers use to manage a patient s health records and where patient health data will originate. I. ClamAV An open source anti-virus engine used in a variety of situations including scanning, web scanning, and end point security. J. Audit Server Logging events which have long-term business significance. K. Reporting Server Enabling delivery of reports on a real-time or scheduled basis to the web, to the printer, or to a variety of file formats. L. DIRECT A standards-based system component used for secure communication and transactions between providers, patients and health care organizations. M. Terminology A standards-based third-party service used to manage coded concepts via SOAP/REST. N. Drools Guvnor A centralized repository for Drools Knowledge Bases, with rich web based GUIs, editors, and tools to aid in the management of large numbers of rules. SMART on FHIR A set of open specifications to integrate apps with Electronic Health s, portals, Health Information Exchanges, and other Health IT systems. UMA User-Managed Access. OAuth-based access management protocol standard. Items Not Displayed in Blueprint Edge Server and Discovery Server Configuration Server Transaction Tracing & Circuit Breaker UI* Log Aggregation* Policy Repository Rabbit-MQ & Asynchronous s* *Currently Not implemented