Cybersecurity

IHE IT-Infrastructure Fall 2023

The IHE IT-Infrastructure committee has approved four milestones; sIPS, NPFS, DSUBm, and PDQm match alternative. This winter quarter will be a lighter load, recognizing the holidays: Patient Scheduling, prospective look at FHIR R5/6, and evaluating impact of Gender Harmony.   This article is published before these are formally published, so I include a (will be at)

[ Read More ]

Teaching an AI/ML/LLM should be a distinct PurposeOfUse

I have been thinking about a specific need around AI/ML. That is, that when data are being requested/downloaded for the intent of feeding to a Machine Learning; this action should be distinguished from a request for Treatment. This came up on a TEFCA/QTE call this week, where a question was posed as to how a

[ Read More ]

Test Interactions in a Production Environment

I covered how to include Test data in Production Environments using the HTEST tag. That article explained how data that is not real patient data, that is to say ‘test’ data, would be tagged with HTEST. This is a clear indication of what data in the Production Environment is test data vs not test data.

[ Read More ]

California Bill 352 – aka sex and gender sensitivity

The following question(s) were asked today, and I figure my response is informative to a broader audience. Has anyone implemented anything pertaining to this? Prevent the disclosure, access, transfer, transmission, or processing of medical information related to gender affirming care, abortion and abortion-related services, and contraception to persons and entities outside of this state in

[ Read More ]

IHE Basic Audit Log Patterns using #FHIR AuditEvent

The Basic Audit Log Patterns (BALP) is a Content Profile that defines some basic and reusable AuditEvent patterns. The Audit Log Patterns defined rely on the ATNA Profile for transport of the AuditEvent and query/retrieval of AuditEvents previously recorded. The patterns defined may be used as they are, or further refined to specific use-cases. Where

[ Read More ]

HL7 Cyber Security Event – recordings available

 Announced this morning that HL7 and ONC are making available the recordings of the presentations given at the HL7 CyberSecurity Event. These presentations were very well done, and I encourage everyone to watch them all. https://tinyurl.com/hl7sec

[ Read More ]

#HL7 #FHIR Security Education Event

Join me at the #HL7 #FHIR Security Education Event virtually this August 8 & 9! I’ll be speaking on:  FHIR Security and Privacy for Developers FHIR Security & Privacy Capabilities FHIR Security Practical Application FHIR Consent: How to record, assert, and evaluate: IHE Privacy Consents on FHIR See the full agenda and register at: https://info.hl7.org/hl7-fhir-security-education-event

[ Read More ]

Patient Requested Restrictions

 Many in the USA are reviewing and preparing comments on HTI-1. I used to do this top to bottom, but don’t really have a work driver to base my comments upon. So I now end up reviewing and commenting on very targeted sections. As part of my advisory position on SHIFT Shift (formerly Protecting Privacy

[ Read More ]

IHE IT-Infrastructure Spring 2023

The IHE IT-Infrastructure committee continues to produce new and improved specifications for HIE interoperability. This spring we are publishing a supplement that was out for public-comment, a whitepaper that was out for public-comment. We are placing into Public-Comment an IG publisher formatted Profile that was previously published, and a brand-new Implementation Guide supporting Privacy Consents

[ Read More ]

Transitioning Federated HIE from XCA to FHIR Query

I already have one proposal for the transition from the current Federated Health Information Exchange to supporting FHIR, that is based on a transition from CDA to FHIR-Documents. In that proposal, I make it clear that this is NOT an end-state, but rather a method to more smoothly transition. A key point of a smooth

[ Read More ]