APPC_Read_This_First
Introduction
This informational 'test' provides an overview of APPC tests and defines value sets used when creating Patient Privacy Policy Consent documents during Connectathon. Please read what follows and complete the preparation described before the Connectathon.
Instructions
WHICH APPC TESTS SHOULD I RUN?
The APPC profile enables creating Patient Privacy Policy Consent documents of many, many variations. We have created test cases that cover some of the common use cases in the APPC profile for consent documents that would be commonly created for patients in health care facilities, eg consent disclose patient's data to an facility or to restrict disclosure of data from a specific individual provider.
Content Creators:
- Run tests for two of the APPC uses cases; you may choose from the Meta test which two you want to run. Test names are APPC_Case*.
- Run one test -- APPC_Other_Use_Case -- that allows you to create a Patient Privacy Policy Consent document of your choosing. We hope you use this to demonstrate the depth & breadth of your capabilities as a APPC Content Creator.
- Support your APPC Content Consumer test partners that want to demonstrate their View or Structured Policy Processing capabilities using your APPC document(s).
- Optional: There is no requirement in APPC that the Content Creator be able to act as an XDS Doc Source and thus be able to submit your APPC documents to an XDS Repository/Registry. If you have this capability, you can run test APPC_Submit_PolicyConsentDoc.
Content Consumers:
- If you support the View Option, we assume that you can render any APPC document from a Content Creator
- If you support the Structured Policy Processing Option, you will run the associated test.
HOW DO APPC DOCUMENTS GET FROM THE CONTENT CREATOR TO THE CONTENT CONSUMER?
The APPC Profile does not mandate how Consent documents get from a Content Creator to a Content Consumer. It could be XDS, another IHE profile, or a non-IHE method.
At the Connectathon, we ask Content Creators to upload the Patient Privacy Policy Consent documents it creates into the Samples area of Gazelle (menu Connectathon-->Connectathon-->List of samples, on the 'Samples to share' tab. Content Consumers will find uploaded samples under the same menu on the 'Samples available for rendering' tab.
WHICH PATIENT SHOULD BE USED FOR APPC TESTS?
Each APPC Patient Privacy Policy Consent document applies to a single PATIENT. In a consent document, the patient ID and assigning authority values are encoded with the AttributeId urn:ihe:iti:ser:2016:patient-id . A patient may have more than one privacy policy consent.
We do not identify a single 'test patient' that must be used for creating APPC documents for Connectathon testing. The Content Creator may include any valid Patient ID. If the policy restricts or allows access based on values the XDS metadata for a patient's documents, the Content Creator may use a Patient ID in for clinical document(s) the policy applies to.
WHAT PRIVACY POLICIES, & OTHER VALUE SETS ARE DEFINED FOR APPC TESTING?
APPC Patient Privacy Policy Consent documents rely on the affinity domain agreeing to a set of PATIENT PRIVACY POLICIES that apply to ORGANIZATIONS and INDIVIDUAL PROVIDERS. These policies, organizations, providers are identified by unique identifiers that are recognized within the affinity domain, and are encoded in a patient's consent document.
To enable the APPC Content Creator to specify different policies, this test defines values for various attributes used in policies:
- Policies - that a patient may apply to his/her documents
- Facilities - where a patient could receive care; facilities have an identified type.
- Providers - who provide care for a patient; providers have an identified role.
- Doc Sources - who create a patient's document(s) shared in an XDS environment
- Confidentiality Codes - applied to a patient's document that can be part of a policy
- Purpose of Use -
The tables below contain value sets that are defined for the purpose of Connectathon testing of the APPC profile.
- APPC tests will ask Content Creators to use these when creating APPC Patient Privacy documents.
- APPC Content Consumers should recognize these values.
POLICIES FOR CONNECTATHON TESTING OF APPC:
Policies: (APPC use case) |
PolicySetIdReference | Policy description |
FOUNDATIONAL POLICY (all use cases) |
urn:connectathon:bppc:foundational:policy |
By default, in this Connectathon affinity domain, document sharing is based on the value of Confidentiality Code (DocumentEntry.confidentialityCode). This policy (inherited from BPPC) is applied to all documents.
A patient may also choose to apply one of the additional policies below.
|
FULL ACCESS TO ALL | urn:connectathon:policy:full-access | The patient agrees that the document may always be shared. (This is equivalent to having a confidentiality code of "U".) |
DENY ACCESS TO ALL | urn:connectathon:policy:deny-access | The patient prohibits the document from ever being shared. (This is equivalent to having a confidentiality code of "V".) |
DENY ACCESS EXCEPT TO PROVIDER | urn:connectathon:policy:deny-access-except-to-provider | The patient prohibits the document from being shared except with the provider(s) identified in the consent document. |
DENY ACCESS TO PROVIDER |
urn:connectathon:policy:deny-access-to-provider | The patient prohibits the document from being shared with the provider(s) identified in the consent document. The referenced individual provider(s) is prohibited from accessing this patient's documents (ie no read or write access). |
DENY ACCESS EXCEPT TO FACILITY |
urn:connectathon:policy:deny-access-except-to-facility | The patient prohibits the document from being shared except with the facility(ies) identified in the consent document. |
DENY TO ROLE | urn:connectathon:policy:deny-access-to-role | The patient prohibits the document from being shared with providers who have the role(s) identified in the consent document |
FULL ACCESS TO ROLE | urn:connectathon:policy:full-access-to-role | The patient allows the document to be shared with providers who have the role(s) identified in the consent document. The patient prohibits the document from being shared with providers with any other role(s). |
LIMIT DOCUMENT VISIBILITY (use case 6) |
1.3.6.1.4.1.21367.2017.7.104 | The patient prohibits sharing the referenced clinical document(s) and this privacy policy consent document with any healthcare provider or facility. |
ORGANIZATIONS/FACILITIES defined in the "Connectathon Domain":
XACML AttributeId--> Facility |
urn:ihe:iti:appc:2016:document-entry:healthcare-facility-type-code (DocumentEntry.healthcareFacilityTypeCode) |
urn:oasis:names:tc:xspa:1.0:subject:organization-id |
Connectathon Radiology Facility for IDN One | code=”Fac-A” displayName=”Caregiver Office” codeSystem=”1.3.6.1.4.1.21367.2017.3" |
urn:uuid:e9964293-e169-4298-b4d0-ab07bf0cd78f |
Connectathon Radiology Facility for NGO Two | code=”Fac-A” displayName=”Caregiver Office” codeSystem=”1.3.6.1.4.1.21367.2017.3" |
urn:uuid:e9964293-e169-4298-b4d0-ab07bf0cd12c |
Connectathon Dialysis Facility One | code=”Fac-B” displayName=”Outpatient Services” codeSystem=”1.3.6.1.4.1.21367.2017.3" |
urn:uuid:a3eb03db-0094-4059-9156-8de081cb5885 |
Connectathon Dialysis Facility Two | code=”Fac-B” displayName=”Outpatient Services” codeSystem=”1.3.6.1.4.1.21367.2017.3" |
urn:uuid:be4d27c3-21b8-481f-9fed-6524a8eb9bac |
INDIVIDUAL HEALTHCARE PROVIDERS defined in the "Connectathon Domain":
XACML AttributeId--> Provider |
urn:oasis:names:tc:xacml:1.0:subject:subject-id | urn:oasis:names:tc:xspa:1.0:subject:npi | urn:oasis:names:tc:xacml:2.0:subject:role |
Dev Banargee | devbanargee | urn:uuid:a97b9397-ce4e-4a57-b12a-0d46ce6f36b7 |
code=”105-007” |
Carla Carrara | carlacarrara | urn:uuid:d973d698-5b43-4340-acc9-de48d0acb376 |
code=”105-114” |
Jack Johnson | jackjohnson | urn:uuid:4384c07a-86e2-40da-939b-5f7a04a73715 | code=”105-114” displayName=”Radiology Technician” codeSystem="1.3.6.1.4.1.21367.100.1" |
Mary McDonald | marymcdonald | urn:uuid:9a879858-8e96-486b-a2be-05a580f0e6ee | code=”105-007” displayName=“Physician/Medical Oncology” codeSystem="1.3.6.1.4.1.21367.100.1" |
Robert Robertson | robertrobertson | urn:uuid:b6553152-7a90-4940-8d6a-b1017310a159 | code=”105-007” displayName=“Physician/Medical Oncology” codeSystem="1.3.6.1.4.1.21367.100.1" |
William Williamson | williamwilliamson | urn:uuid:51f3fdbe-ed30-4d55-b7f8-50955c86b2cf | code=”105-003” displayName=“Nurse Practitioner” codeSystem="1.3.6.1.4.1.21367.100.1" |
XDS Document Sources:
XACML AttributeId--> Source Id: |
urn:ihe:iti:appc:2016:source-system-id (SubmissionSet.sourceId) |
Use sourceId as assigned in Gazelle to Connectathon XDS Doc Sources | Various XDS Document Sources systems |
CONFIDENTIALITY CODES:
XACML AttributeId--> ConfidentialityCode: |
urn:ihe:iti:appc:2016:confidentiality-code (DocumentEntry.confidentialityCode) |
normal | code=”N” displayName=”normal” codeSystem=”2.16.840.1.113883.5.25" |
restricted | code=”R” displayName=”restricted” codeSystem=”2.16.840.1.113883.5.25" |
very restricted | code=”V” displayName=”very restricted” codeSystem=”2.16.840.1.113883.5.25" |
unrestricted | code=”U” displayName=”unrestricted” codeSystem=”2.16.840.1.113883.5.25" |
PURPOSE OF USE:
XACML AttributeId--> Purpose of use: |
urn:oasis:names:tc:xspa:1.0:subject:purposeofuse |
TREATMENT | code=”99-101” displayName=”TREATMENT” codeSystem="1.3.6.1.4.1.21367.3000.4.1" |
EMERGENCY | code=”99-102” displayName=”EMERGENCY” codeSystem="1.3.6.1.4.1.21367.3000.4.1" |
PUBLICHEALTH | code=”99-103” displayName=”PUBLICHEALTH” codeSystem="1.3.6.1.4.1.21367.3000.4.1" |
RESEARCH | code=”99-104” displayName=”RESEARCH” codeSystem="1.3.6.1.4.1.21367.3000.4.1" |
Evaluation
There is no evaluation for this informational test. If the systems testing the APPC Profile do not do the set-up described above, then APPCC tests at Connectathon will not work.