This implementation guide allws patients to log in via smart-on-fhir and manage their consent to share data to other patients, related persons, practitioners, and organizations. It also allows payers to record the apps that have been grantred access to APIs.

Contract document that defines the terms for access to an API set such as the CARIN Blue Button API or other Implementations that fall within the CMS Patient Access API

The MemberExchangeConsent profile expresses a member’s desire to have their health data transfered from a prior health plan to their current health plan. If a digital signature is to be provided as an optional element for the Consent record it is supplied as a signature in a Provenance record that refers to the consent resource.

Consent resource generated by a Health Plan after capturing the consent from a member to retrieve their health information from a prior health plan. The consent resource will capture the following information:

• The member
• The payer organization the member authorizes to retrieve their data
• The payer organization from which the member data is to be retrieved
• The scope of the data to be retrieved, whether all data or specific sensitive data categories are to be excluded
• The duration of the sharing either one-time or for a period
• An optional digital signature.

Codesystem to define data segmentation rules. The client will define a codesystem with a unique identifier. The codesystem will include a list of codes from a codesystem that should be used to redact records from the results returned as apart of an API request that needs to be conformant with data segmentation rules.

FHIR Consent resource generated from DataHolder registering a third-party app to access a suite of APIs

Device or software application seeking access to data. This would typically be associated with an organization record for a software developer.

FHIR Consent resource generated from Data Subject authorizing a third-party app to access their data.

FHIR Consent resource generated from an authorized request by an individual to grant or deny access to their data. The request can also be made to the privacy/compliance department of a payer by someone with authority/power of attorney to act on behalf of the data subject.

Consent resource generated by a Health Plan after capturing the consent from a member to retrieve their health information from a prior health plan. The consent resource will capture the following information:

• The member
• The payer organization the member authorizes to retrieve their data
• The payer organization from which the member data is to be retrieved
• The scope of the data to be retrieved, whether all data or specific sensitive data categories are to be excluded
• The duration of the sharing either one-time or for a period
• An optional digital signature.

Type of software application, web site, service or hardware device

Identify the types of consent granted by a patient

Record scopes for patient sharing with a consumer application

Identifier Type

Code System to describe choices made by consumers when sharing their data

Code System to describe the patient sharing permissions for sharing with 3rd party apps

Code System to describe types of application, service, web site or device

Example of a US Core Patient Record

A SAFHIR Consent example of an App being registered by a data holder

A SAFHIR Consent example of an App access being revoked by a data holder

Contract terms for CARIN Blue Button IG Access

Example of a SAFHIR Member consent to sharing with a third-party app

Contract Terms for US Core API Access

Contract Terms for Da Vinci Payer Data Exchange

Contract Terms for Da Vinci Formulary

Contract Terms for Da Vinci Plan-Net.

Example of an Organization Record for the developer/Owner of the MyCareAI App identified in the device record.

The Data Holder’s Endpoint definition for their FHIR API

The App Developer’s Endpoint definition for their Web Site

An Organization Resource that defines the characteristics of the App Developer Organization

An Organization Resource that defines the characteristics of the Application Developer Organization

A list of codes that fall into a sensitive information category:

http://terminology.hl7.org/CodeSystem/v3-ActCode

BH: behavioral health information sensitivity Policy for handling information related to behavioral and emotional disturbances affecting social adjustment and physical health, which is afforded heightened confidentiality.

Usage Note: If there is a jurisdictional mandate, then use the applicable ActPrivacyLaw code system, and specify the law in addition to this more generic code.

SAMPLE codeset

An Endpoint profile to document when a provider directory was updated

A list of codes that fall into a sensitive information category:

http://terminology.hl7.org/CodeSystem/v3-ActCode

HIV: HIV/AIDS information sensitivity

Policy for handling HIV or AIDS information, which will be afforded heightened confidentiality. Information handling protocols based on organizational policies related to HIV or AIDS information that is deemed sensitive.

Usage Note: If there is a jurisdictional mandate, then use the applicable ActPrivacyLaw code system, and specify the law in addition to this more generic code.

Based on codesets provided by CareFirst 20201-05-05

A list of codes that fall into a sensitive information category:

http://terminology.hl7.org/CodeSystem/v3-ActCode

MH: mental health information sensitivity

Policy for handling information related to psychological disorders, which is afforded heightened confidentiality. Mental health information may be deemed specifically sensitive and distinct from physical health, substance use disorders, and behavioral disabilities and disorders in some jurisdictions.

Usage Note: If there is a jurisdictional mandate, then use the applicable ActPrivacyLaw code system, and specify the law in addition to this more generic code.

Based on codesets provided by CareFirst 20201-05-05

An Organization Resource that defines the characteristics of the Data Holder Organization

Example of a member granting data access to another payer service organization

A list of codes that fall into a sensitive information category:

http://terminology.hl7.org/CodeSystem/v3-ActCode

SUD: substance use disorder information sensitivity

Policy for handling information related to alcohol or drug use disorders and conditions caused by these disorders, which is afforded heightened confidentiality.

Usage Note: If there is a jurisdictional mandate, then use the applicable ActPrivacyLaw code system, and specify the law in addition to this more generic code.

Based on codesets provided by CareFirst 20201-05-05

The Device record for a developer’s application