This informational 'test' provides an overview of APPC tests and defines value sets used when creating Patient Privacy Policy Consent documents during Connectathon. Please read what follows and complete the preparation described before the Connectathon.
The APPC profile enables creating Patient Privacy Policy Consent documents of many, many variations. We have created test cases that cover some of the common use cases in the APPC profile for consent documents that would be commonly created for patients in health care facilities, eg consent disclose patient's data to an facility or to restrict disclosure of data from a specific individual provider.
Content Creators:
Content Consumers:
The APPC Profile does not mandate how Consent documents get from a Content Creator to a Content Consumer. It could be XDS, another IHE profile, or a non-IHE method.
At the Connectathon, we ask Content Creators to upload the Patient Privacy Policy Consent documents it creates into the Samples area of Gazelle (menu Connectathon-->Connectathon-->List of samples, on the 'Samples to share' tab. Content Consumers will find uploaded samples under the same menu on the 'Samples available for rendering' tab.
Each APPC Patient Privacy Policy Consent document applies to a single PATIENT. In a consent document, the patient ID and assigning authority values are encoded with the AttributeId urn:ihe:iti:ser:2016:patient-id . A patient may have more than one privacy policy consent.
We do not identify a single 'test patient' that must be used for creating APPC documents for Connectathon testing. The Content Creator may include any valid Patient ID. If the policy restricts or allows access based on values the XDS metadata for a patient's documents, the Content Creator may use a Patient ID in for clinical document(s) the policy applies to.
APPC Patient Privacy Policy Consent documents rely on the affinity domain agreeing to a set of PATIENT PRIVACY POLICIES that apply to ORGANIZATIONS and INDIVIDUAL PROVIDERS. These policies, organizations, providers are identified by unique identifiers that are recognized within the affinity domain, and are encoded in a patient's consent document.
To enable the APPC Content Creator to specify different policies, this test defines values for various attributes used in policies:
The tables below contain value sets that are defined for the purpose of Connectathon testing of the APPC profile.
POLICIES FOR CONNECTATHON TESTING OF APPC:
Policies: (APPC use case) |
PolicySetIdReference | Policy description |
FOUNDATIONAL POLICY (all use cases) |
urn:connectathon:bppc:foundational:policy |
By default, in this Connectathon affinity domain, document sharing is based on the value of Confidentiality Code (DocumentEntry.confidentialityCode). This policy (inherited from BPPC) is applied to all documents.
A patient may also choose to apply one of the additional policies below.
|
FULL ACCESS TO ALL | urn:connectathon:policy:full-access | The patient agrees that the document may always be shared. (This is equivalent to having a confidentiality code of "U".) |
DENY ACCESS TO ALL | urn:connectathon:policy:deny-access | The patient prohibits the document from ever being shared. (This is equivalent to having a confidentiality code of "V".) |
DENY ACCESS EXCEPT TO PROVIDER | urn:connectathon:policy:deny-access-except-to-provider | The patient prohibits the document from being shared except with the provider(s) identified in the consent document. |
DENY ACCESS TO PROVIDER |
urn:connectathon:policy:deny-access-to-provider | The patient prohibits the document from being shared with the provider(s) identified in the consent document. The referenced individual provider(s) is prohibited from accessing this patient's documents (ie no read or write access). |
DENY ACCESS EXCEPT TO FACILITY |
urn:connectathon:policy:deny-access-except-to-facility | The patient prohibits the document from being shared except with the facility(ies) identified in the consent document. |
DENY TO ROLE | urn:connectathon:policy:deny-access-to-role | The patient prohibits the document from being shared with providers who have the role(s) identified in the consent document |
FULL ACCESS TO ROLE | urn:connectathon:policy:full-access-to-role | The patient allows the document to be shared with providers who have the role(s) identified in the consent document. The patient prohibits the document from being shared with providers with any other role(s). |
LIMIT DOCUMENT VISIBILITY (use case 6) |
1.3.6.1.4.1.21367.2017.7.104 | The patient prohibits sharing the referenced clinical document(s) and this privacy policy consent document with any healthcare provider or facility. |
ORGANIZATIONS/FACILITIES defined in the "Connectathon Domain":
XACML AttributeId--> Facility |
urn:ihe:iti:appc:2016:document-entry:healthcare-facility-type-code (DocumentEntry.healthcareFacilityTypeCode) |
urn:oasis:names:tc:xspa:1.0:subject:organization-id |
Connectathon Radiology Facility for IDN One | code=”Fac-A” displayName=”Caregiver Office” codeSystem=”1.3.6.1.4.1.21367.2017.3" |
urn:uuid:e9964293-e169-4298-b4d0-ab07bf0cd78f |
Connectathon Radiology Facility for NGO Two | code=”Fac-A” displayName=”Caregiver Office” codeSystem=”1.3.6.1.4.1.21367.2017.3" |
urn:uuid:e9964293-e169-4298-b4d0-ab07bf0cd12c |
Connectathon Dialysis Facility One | code=”Fac-B” displayName=”Outpatient Services” codeSystem=”1.3.6.1.4.1.21367.2017.3" |
urn:uuid:a3eb03db-0094-4059-9156-8de081cb5885 |
Connectathon Dialysis Facility Two | code=”Fac-B” displayName=”Outpatient Services” codeSystem=”1.3.6.1.4.1.21367.2017.3" |
urn:uuid:be4d27c3-21b8-481f-9fed-6524a8eb9bac |
INDIVIDUAL HEALTHCARE PROVIDERS defined in the "Connectathon Domain":
XACML AttributeId--> Provider |
urn:oasis:names:tc:xacml:1.0:subject:subject-id | urn:oasis:names:tc:xspa:1.0:subject:npi | urn:oasis:names:tc:xacml:2.0:subject:role |
Dev Banargee | devbanargee | urn:uuid:a97b9397-ce4e-4a57-b12a-0d46ce6f36b7 |
code=”105-007” |
Carla Carrara | carlacarrara | urn:uuid:d973d698-5b43-4340-acc9-de48d0acb376 |
code=”105-114” |
Jack Johnson | jackjohnson | urn:uuid:4384c07a-86e2-40da-939b-5f7a04a73715 | code=”105-114” displayName=”Radiology Technician” codeSystem="1.3.6.1.4.1.21367.100.1" |
Mary McDonald | marymcdonald | urn:uuid:9a879858-8e96-486b-a2be-05a580f0e6ee | code=”105-007” displayName=“Physician/Medical Oncology” codeSystem="1.3.6.1.4.1.21367.100.1" |
Robert Robertson | robertrobertson | urn:uuid:b6553152-7a90-4940-8d6a-b1017310a159 | code=”105-007” displayName=“Physician/Medical Oncology” codeSystem="1.3.6.1.4.1.21367.100.1" |
William Williamson | williamwilliamson | urn:uuid:51f3fdbe-ed30-4d55-b7f8-50955c86b2cf | code=”105-003” displayName=“Nurse Practitioner” codeSystem="1.3.6.1.4.1.21367.100.1" |
XDS Document Sources:
XACML AttributeId--> Source Id: |
urn:ihe:iti:appc:2016:source-system-id (SubmissionSet.sourceId) |
Use sourceId as assigned in Gazelle to Connectathon XDS Doc Sources | Various XDS Document Sources systems |
CONFIDENTIALITY CODES:
XACML AttributeId--> ConfidentialityCode: |
urn:ihe:iti:appc:2016:confidentiality-code (DocumentEntry.confidentialityCode) |
normal | code=”N” displayName=”normal” codeSystem=”2.16.840.1.113883.5.25" |
restricted | code=”R” displayName=”restricted” codeSystem=”2.16.840.1.113883.5.25" |
very restricted | code=”V” displayName=”very restricted” codeSystem=”2.16.840.1.113883.5.25" |
unrestricted | code=”U” displayName=”unrestricted” codeSystem=”2.16.840.1.113883.5.25" |
PURPOSE OF USE:
XACML AttributeId--> Purpose of use: |
urn:oasis:names:tc:xspa:1.0:subject:purposeofuse |
TREATMENT | code=”99-101” displayName=”TREATMENT” codeSystem="1.3.6.1.4.1.21367.3000.4.1" |
EMERGENCY | code=”99-102” displayName=”EMERGENCY” codeSystem="1.3.6.1.4.1.21367.3000.4.1" |
PUBLICHEALTH | code=”99-103” displayName=”PUBLICHEALTH” codeSystem="1.3.6.1.4.1.21367.3000.4.1" |
RESEARCH | code=”99-104” displayName=”RESEARCH” codeSystem="1.3.6.1.4.1.21367.3000.4.1" |
There is no evaluation for this informational test. If the systems testing the APPC Profile do not do the set-up described above, then APPCC tests at Connectathon will not work.