tag:blogger.com,1999:blog-4384692836709903146.post1179453188349266918..comments2024-03-27T09:55:23.143-07:00Comments on Dispatch from the Digital Health Frontier: The June HIT Standards Committee MeetingJohn Halamkahttp://www.blogger.com/profile/04550236129132159307noreply@blogger.comBlogger9125tag:blogger.com,1999:blog-4384692836709903146.post-17418701691930187402011-06-27T07:24:37.975-07:002011-06-27T07:24:37.975-07:00As Coordinator of the S&I Framework Provider D...As Coordinator of the S&I Framework Provider Directories (PD) initiative, I want to echo John Halamka's comment: the feedback from the Standards Committee does not constitute a mandate to the PD initiative to explore a specific family of standards only - rather it serves as input into our open, transparent and community-driven process. Through this process, we will evaluate the range of standards (LDAP, DNS, microformats, and other potential candidates) to address the use cases and success criteria that the community agrees upon. <br /><br />Also, not to turn John's blog into a billboard, but we're all aware that there have been some bumps in the road as we figure out how best to incorporate the feedback from the Standards Committee to the S&I Framework, particularly with respect to this initiative - so stay tuned for updates and opportunities to gain further clarity. (I can also personally be reached anytime at jitin.asnaani@siframework.org).Jitin Asnaaninoreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-77200328975398679272011-06-24T18:47:01.674-07:002011-06-24T18:47:01.674-07:00As I explained at the June HIT Standards Committee...As I explained at the June HIT Standards Committee meeting, the Committee takes two kind of actions<br /><br />1. Making recommendations to ONC as input to rulemaking. It does this very rarely because ONC then has to act using specific processes and timelines. At the June meeting, the Committee was asked for forward its Metadata recommendations to ONC for rulemaking.<br /><br />2. Offering input to the S&I Framework process including suggested standards, constrains, and guidance as to which standards are good enough, which need work and which need to be created from scratch. The Provider Directory work was forwarded to the S&I Framework as input, not as recommendations for rulemaking. I just signed the letter.John Halamkahttps://www.blogger.com/profile/04550236129132159307noreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-40888790080511248992011-06-24T07:04:33.529-07:002011-06-24T07:04:33.529-07:00Your latest comment is NOT consistent with how the...Your latest comment is NOT consistent with how the DECISION was presented to the S&I Framework PD sprint committee. It was presented as a final decision to reject LDAP and force the use of microformats and google/bing (ok, not that strong, but I know some took it that way). I LIKE your comment, and would really like it to be clarified to the S&I Framework. I WANT the microformat, and hCard, and vCard to be given just as much chance as DNS, LDAP, and HL7 v3… an open and transparent evaluation is all I ask for.John Moehrkehttps://www.blogger.com/profile/04526719420117446030noreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-2139643750152650152011-06-24T03:36:26.711-07:002011-06-24T03:36:26.711-07:00The HITSC Privacy and Security Workgroup has submi...The HITSC Privacy and Security Workgroup has submitted input to the S&I Framework process and not selected provider directory standards. The provider directory report was not a set of formal recommendations to ONC for rulemaking, as was done for metadata.John Halamkahttps://www.blogger.com/profile/04550236129132159307noreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-37004916629894932702011-06-23T20:08:26.407-07:002011-06-23T20:08:26.407-07:00Can someone answer why are we even brothering with...Can someone answer why are we even brothering with the S&I Framework Provider Directory effort to identify use case requirements when it looks like the HITSC and Privacy & Security workgroups are chosing standards?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-56417474100455196762011-06-23T13:22:38.549-07:002011-06-23T13:22:38.549-07:00John,
Will there be emissaries and a feedback loop...John,<br />Will there be emissaries and a feedback loop to bridge between the HIT SC's "microformats/search" recommendation for PD to the ONC S&I framework? That could help, so that there aren't disconnects in assumptions and objectives. (That kind of thing also happened for a while with the Direct Project). While everyone is familiar with web search, the concept of using it for PD seems to be controversial as to its reliability and precision, given that it <i>seems</i> to lack validation of the content. Would there be conformance tests, certification? As we know, existence of a standard is no assurance that thousands of organizations all implemented it consistently. From a user perspective, would I just type "John Halamka BIDMC" into Google and find you accurately? What about "John Smith, Mass Ave, Boston?" How would EHRs interoperate with it? Certainly it appears simple. Would it meet the requirements? Can that really be known at this point? People participating in the PD initiative will want to understand this in much more depth than available in the info published thus far.Davidhttps://www.blogger.com/profile/13251393010554964308noreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-24030591545271165902011-06-23T11:18:49.174-07:002011-06-23T11:18:49.174-07:00I am very glad that you are leading this effort an...I am very glad that you are leading this effort and I appreciate that you publish these summaries from your point of view. I am concerned that there is so much experience in Healthcare and Internet space that is being ignored. I certainly hope this is not intentional, but it is painful anyhow. <br /><br />a) please don't reinvent data classification, it is a very mature part of IT Security http://healthcaresecprivacy.blogspot.com/2010/08/data-classification-key-vector-through.html<br /><br />b) Data Classification is just one vector. Just like User-Role is just one vector. Access Control inclusive of Privacy considers them all. http://www.ihe.net/Technical_Framework/upload/IHE_ITI_TF_WhitePaper_AccessControl_2009-09-28.pdf<br /><br />c) Complex Consent does not need to be NwHIN portable. Enforce it at the Data-Source, no need to tell Data-User why they don't get access.<br /><br />d) Once Data-Source determines data can be disclosed; control of the copy becomes Data-User responsibility.<br /><br />Regarding Provider Directories:<br /><br />e) the HITSC should not be making the Policy decision on 'who' or 'how' one decides to trust. Certificates are self-validating, the infrastructure does not need to add this complexity (risk of failure). Organizations will make different decisions on who to trust, and for what they trust them to do.<br /><br />f) I was listening closely and there was disagreement about this new model. I know you like it, but it has some real questionable operational issues. Now it has been presented to S&I today by Dixie as a solid mandatory solution to replace LDAP recommendation. <br /><br />g) Please explain how Google/Bing/Yahoo is an authority on Healthcare, but IHE/HL7/DICOM are not? <br /><br />Metadata<br /><br />h) CDA is not an envelope, it is a document. XDS Metadata is a generic envelop that can carry MANY document types of documents including DICOM and CCR. Why was it not considered? I understand that there are people that misunderstand XDS as being restricted.. it's only restriction is to a document that has a MIME-TYPE. the XDS Metadata is specifically designed to be content agnostic, yet derived from CDA as a mature model.<br /><br />i) experience with CDA and XDS is available at http://tinyurl.com/wwxds . This experience is EXTENSIVE. It should NOT be ignored. If it there is a good reason for it to be ignored, please explain.<br /><br />Patient Identity Matching<br /><br />j) Matching Consumers credit reporting in the financial industry has lots of false positive/negative; but their failures don't hurt/dismember/kill. <br /><br />k) Please look at XCPD. It has included much input from many global subject matter experts, including Voluntary Patient ID. It is primarily the work of those involved in NwHIN.<br /><br />Also:<br />I agree with the comments from dining_phil and DavidJohn Moehrkehttps://www.blogger.com/profile/04526719420117446030noreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-41223321720669824312011-06-23T09:08:09.910-07:002011-06-23T09:08:09.910-07:00John, your minutes are so timely ahd helpful. Not ...John, your minutes are so timely ahd helpful. Not only that, but your comments during the meetings are thoughtful and made in a positive spirit. Thank you. <br /><br />I do question something in this post, though. OID-bashing seems to be popular in the HIT SC. While I acknowledge that OIDs are difficult to read, they're also internationalized, language-neutral, and not healthcare-specific. http://en.wikipedia.org/wiki/Object_identifier describes their origin in International Telecommunications Union and ISO. Just because HL7 uses them doesn't make them unique to healthcare. They are used in other industry-neutral standards (e.g., X.509 digital certificates, X.500 directories) some of which are being advocated by the same HIT SC! <br /><br />If OIDs aren't chosen for the metadata, that's up to the committen, but the reason given should not be because HIT SC wants to use "internet standards" or "non-healthcare-specific standards."<br /><br />Thanks again for your leadership.Davidhttps://www.blogger.com/profile/13251393010554964308noreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-66030815770793007662011-06-22T23:04:59.946-07:002011-06-22T23:04:59.946-07:00I have suggested that the S&I Framework Provid...I have suggested that the S&I Framework Provider Directory sprint group follow what is being proposed in the Standards Committee for the purposes of harmonization. <br /><br />At the same time, I don't agree with the re-contextualization of X.500 and LDAP since it's logically the simplest and most scalable Internet solution using TC 215 Health Informatics data elements. <br /><br />DNS will not scale to the same extent. Microdata, may be useful for helping search engines import structured data as part of their content business models, but the schema in the X.500/LDAP national Directory will be far more relevant to existing stakeholders, including Certificates, and a direct address, as defined by organizations themselves who already have this in place, in Active Directory, LDAP, etc.Peter Bachmanhttps://www.blogger.com/profile/12252983630493459378noreply@blogger.com