Stream: Security and Privacy
Topic: Consent IG?
Isaac Vetter (Feb 22 2019 at 15:27):
Hi Security & Privacy FHIR experts!
This is probably a naive question - ONC's new, draft rule references the “Consent Implementation Guide” created by SAMHSA. Is that a FHIR IG? I can't seem to find it on fhir.org or samhsa.gov or google.
John Moehrke (Feb 22 2019 at 16:18):
it is not a work of HL7, IHE, or any other standards organization. I am not clear how ONC can reference this. I find only a slide deck on ONC site, and a github site
https://www.healthit.gov/sites/default/files/c2spresentation_0.pdf
https://github.com/bhits/consent2share
John Moehrke (Feb 22 2019 at 16:18):
so is now a github site all that is needed to qualify for ONC recommendation?
Cooper Thompson (Feb 22 2019 at 17:00):
If you are asking about the Consent2Share IG, it's on gforge. The github, slides, and video presentation I found are all about the Consent2Share app instead of the IG I think.
Cooper Thompson (Feb 22 2019 at 17:11):
There is a profile on Simplifier too. Though that isn't referenced in the ONC materials, I was looking at it only as informative content.
Grahame Grieve (Feb 22 2019 at 23:57):
we already believe that significant work is required here. I think that ONC
Grahame Grieve (Feb 22 2019 at 23:57):
ONC's reference in this case is hope over reality
David Pyke (Feb 25 2019 at 16:42):
Yeah, when I saw that in the NPRM, I was surprised that I'd never heard of it. Even more surprised when I found it in the CBCP documents.
David Pyke (Feb 25 2019 at 16:46):
The bigger question, is now that SAMHSA has pulled all HL7 participation, will this even get moved forward?
David Pyke (Feb 25 2019 at 18:30):
Just FYI, We're checking with ONC how they want to proceed. Consent2Share was pushed by SAMHSA but not pursued and never balloted.
John Moehrke (Feb 25 2019 at 21:59):
is their core profile (structureDefinition) a useful core profile within the FHIR specification Consent resource? That is to say, we know Consent can be used for many things, it would be helpful to have a basic Privacy Consent profile, and having that at the FHIR core level seems logical.
This would also need to have some resources applied, but if it is just taking their structureDefinition and using it, then that is minimal... If however a whole IG needs to be written, that is a bit more work and does require a bit more balloting and experimentation.
Grahame Grieve (Feb 25 2019 at 23:14):
SAMHSA has pulled all HL7 participation
?
Jose Costa Teixeira (Apr 28 2020 at 20:22):
does anyone know the status of the consent2share?
John Moehrke (Apr 28 2020 at 20:27):
died because it was not done within an organization that has lifecycle management.... should have been an IHE or HL7 project... but it wasn't
Jose Costa Teixeira (Apr 29 2020 at 16:38):
Asking opinions: Does consent2share deserve to be looked at (evntly recovered)? Was it implemented somewhhere?
Jose Costa Teixeira (Apr 29 2020 at 16:39):
I would like to see pros/cons of solutions between e2e encryption, TLS+mutual auth... and possible architectures to address security
John Moehrke (Apr 29 2020 at 16:39):
consent 2 share was not bad. It just was not advanced beyond first draft
Jose Costa Teixeira (Apr 29 2020 at 16:40):
how does it stand compared to SMART etc?
Jose Costa Teixeira (Apr 29 2020 at 16:40):
i see several people asking the same question, perhaps it's worth some guidance
Jose Costa Teixeira (Apr 29 2020 at 16:42):
I don't know if it would even make sense some summary comparison - because the issue with these matters is that at some point, the decision makers cannot follow the discussion because it is technically deep
Jose Costa Teixeira (Apr 29 2020 at 16:44):
comparison = risk-based, because there is no zero-risk, and because institutions may have different risk appetites, right?
John Moehrke (Apr 29 2020 at 17:00):
SMART has no function for consent. consent to share has no app or user identification/authentication... you must use them together
Mohammad Jafari (Apr 29 2020 at 21:24):
@Jose Costa Teixeira can you share your consent use-case? There is an ongoing LEAP Consent project focused on a consent decision service, if that's what you're looking for:
https://sdhealthconnect.github.io/leap/
Jose Costa Teixeira (May 04 2020 at 07:04):
My use cases are mostly ouside of consent - the decision service will include a few things, not only consent.
Do you mean among my use cases, the one that is actually about consent?
John Moehrke (May 04 2020 at 15:18):
Jose, you were asking about consent2share... that is a consent use-case... so Mohammad was just asking for the use-cases that you were looking for consent2share to cover.
Jose Costa Teixeira (May 04 2020 at 15:24):
ah ok
Jose Costa Teixeira (May 04 2020 at 15:25):
sorry, it's all new to me :)
Julie Maas (Aug 18 2021 at 14:50):
@Mohammad Jafari has there been any testing of CDS outside of the LEAP project? (For example, connectathons or other pilots?) And are there any known implementations in the wild? Thank you!
Mohammad Jafari (Aug 18 2021 at 17:10):
We were approached by a few different groups who were interested in doing that but I am not aware of any pilots at the moment. We did have interoperability testing to a limited extent in the previous connectathons.
John Moehrke (Aug 18 2021 at 18:17):
@Julie Maas did you mean CDS? Or Consent?
Julie Maas (Aug 18 2021 at 18:21):
I mean consent as in this project.
John Moehrke (Aug 18 2021 at 18:24):
oh LEAP CDS... okay. because without the context CDS could be a bunch of things.
Last updated: Apr 12 2022 at 19:14 UTC
