FHIR Chat · Patient Friendly API Checklist · patient empowerment

Stream: patient empowerment

Topic: Patient Friendly API Checklist

view this post on Zulip Virginia Lorenzi (Jun 10 2021 at 04:29):

Calling all patient app vendors. FHIR has a Safety checklist and a Security checklist. If it had a patient-friendly checklist, what would it have on it? @Lisa Nelson suggested human readable descriptions in conjunction with any codes, for example.

@Michele Mottini @Ricky Sahu @Jennifer Blumenthal @Debi Willis @John Keyes @Abbie Watson @Nancy Lush

view this post on Zulip Michele Mottini (Jun 10 2021 at 12:20):

Seem a strange idea to me - patients would not see or consume FHIR, apps / clients do - and they can have very different requirements
(For example human readable descriptions are certainly good if FHIR is consumed by apps that then display the data directly to the user, but for example the SMART health card / VCI implementation guides has profiles that _forbid_ such descriptions, because the use of the data is different - albeit still for a patient in the end)

view this post on Zulip Brian Postlethwaite (Jun 12 2021 at 21:07):

Do you mean that when data is destined for a patient, and not for a practitioner (within the Organization) then there should be other checks to be done?
E.g. Only being able to access their own data, or data they are consented to access, via a patient smart token?

view this post on Zulip Virginia Lorenzi (Jun 12 2021 at 21:34):

Data destined for patient or their proxy. @Michele an example would be on a PHR, if you got a SNOMED code without a description, the app would need to look up the code to provide the description. This assumes the app has access to SNOMED and knows how to do that. It doesn't preclude the lookup by the app - having the description helps not make it required.

view this post on Zulip Virginia Lorenzi (Jun 12 2021 at 21:35):

Another idea we heard at the WGM was patient friendly descriptions for terms.

view this post on Zulip Virginia Lorenzi (Jun 12 2021 at 21:37):

@Michele Mottini why are the descriptions forbidden in VCI - is it for privacy?

view this post on Zulip Josh Mandel (Jun 12 2021 at 21:54):

In the SMART Health Cards case, we need very small payloads that can fit in QR codes; we omit any text that can be inferred from other values, so we omit display text for standardized codes like CVX

view this post on Zulip Peter Jordan (Jun 13 2021 at 02:44):

Depends if the code is truly 'standardized' from the client perspective, even to the point where the system element is not required to interpret a code. Otherwise, certainly for the CVX COVID-19 vaccine codes, using CodeableConcept.text might have the fewest characters as, with codes from 5 different code systems and value sets in the SMART Health Cards Vaccination IG, the code system url will be required to interpret the code.

view this post on Zulip Virginia Lorenzi (Jun 20 2021 at 03:29):

More like what would a patient, or their app want so the patient can be most empowered? Patient apps are usually created by small vendors and some patients are writing their own. What are the qualities of a patient friendly FHIR server? @Brian Postlethwaite

view this post on Zulip Dave deBronkart (Jun 23 2021 at 02:36):

I think we need a better recollection of what was said at the time. I know it sounded compelling during DevDays but I don't recall. Help, someone?

As I recall the idea was at least to help patients know what was being exchanged but I don't recall the compelling aspect.

view this post on Zulip Ryan Harrison (Jul 08 2021 at 20:18):

@Virginia Lorenzi Alrighty, I'll take a shot...

Checklist, from the perspective of a patient

I know... [^1]
[ ] The custodian of my health data
[ ] Who has access to my health data, and why

I have the power to...
[ ] Grant my consent without special effort
[ ] Withdraw my consent without undue burden (e.g. if I consent easily online, I shouldn't need to fax or call to withdraw my consent)
[ ] Redress inaccuracies or violations of my HIPAA rights (e.g. who is the redress contact and what is the escalation path)

I understand...
[ ] Because descriptions are in non-technical language [^2]
[ ] That my data will not be used outside the bounds/context of my consent

[^1] Patient application of Privacy guidelines from Safety Checklist presentation (https://www.devdays.com/wp-content/uploads/2019/12/Diego-Kaminker-Safety-Check-List-_-DevDays-2019-Amsterdam.pdf)
[^2] To my mind, this would include access to any code sets used.

view this post on Zulip Ryan Harrison (Jul 08 2021 at 20:23):

Or "I understand that, in entrusting the app with my most sensitive data, the app has a (fiduciary?) duty to act in my interest."
as a more expansive version of "I understand that my data will not be used outside the bounds/context of my consent."

view this post on Zulip Raheel Sayeed (Sep 29 2021 at 19:52):

Note entirely for APIs, but for privacy --> privacy focused interop document "Privacy Manifest" was proposed by BCH/SMARTHealthIT in a paper

view this post on Zulip Virginia Lorenzi (Oct 04 2021 at 04:05):

how does it compare with https://hl7.org/fhir/R4/safety.html @John Moehrke fyi

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -