41
Patient portals & personal health apps

Patient portals and personal health apps in New Zealand

Embed Size (px)

Citation preview

Patient portals &personal health apps

An ecosystem for personal health apps

HL7 New Zealand workshop

10 November 2014

Alastair Kenworthy, Ministry of Health

3

Personal health information across the ecosystem

5

Almost 100 general practices were offering a patient portal in September 2014

37,000 patients had been provisioned a portal account

Ngaio uses a smartphone app to help manage her diabetes

She performs blood glucose and cholesterol tests at home and uploads the results to her patient portal

She graphs these results alongside lab test results, blood pressure, weight and exercise data

She consults her doctor online with any concerns

Clinical data repository

Repository delegates request and receives authorisation to

permit access to the appApp web service

The app (a) authenticates itself to the repository and requests access to (b) save and retrieve data

Performs home blood test, uploads results and views alongside

other data

Access control service

Logs in and authorises access to the app

Clinical data repository

Repository delegates request and receives authorisation to

permit access to the appApp web service

The app (a) authenticates itself to the repository and requests access to (b) save and retrieve data

Performs home blood test, uploads results and views alongside

other data

Access control service

Logs in and authorises access to the app

Record locator service

X.509 client cert.

JSON web

token

Auth. scopes

An ecosystem that supports many users, apps,

publishers, patient portals, repositories and access

control services

Sharing portal and repository data with an app

will be under explicit patient control

Blue Button provides a model for our own personal

health app ecosystem

Blue Button is about apps having access to repository

documents and shared health summaries via a

standard API

Blue Button solutions paira data service with

an access control service

In our ecosystem, data services will be provided by patient portals, clinical data

repositories and a record locator service

Each patient portal will be coupled with an access

control server

Patient portals will be the docking points where personal health apps

connect to the ecosystem

Portal systems will expose patient information and

communication functions via a standard API

OAuth2 is the chosen protocol for authentication

and authorisation

Digital certificates for mutual authentication will

enable patient portals, repositories and access

control services to operate within a circle of trust

Patient portal accountswill be linked to

National Health Index (NHI) number

Patient portals and apps will allow the user to login with Real Me, which must

add OAuth2 support

Support people who use portals and apps on behalf

of others will have their own user accounts

NHI number will become another federated identity attribute under Real Me,

which must add support for OpenID Connect

Health Provider Index (HPI) identities will be used

and there will be an open electronic addressing

scheme and directory of health practitioners,

facilities and organisations

Patient portals and repositories will have

RESTful APIs, based where practical on HL7 FHIR

Rich apps will support SNOMED CT and LOINC for

clinical terminology

31

SNOMED for ambulance clinical impressions

A record locator service will enable document

search across all repositories

Apps will need to support the clinical document

metadata standard and a common repository API

CDRCDR

Clinical data repository

Record locator service

Record locator service

one index across n sources, serving clinical workstations, patient portals and apps

Storing, locating and retrieving clinical documents (XDS model)

Authorisation scopes will include:

search:[<NHI number>]

summary:[<NHI number>]

send-email-to:<address>

Patient portals and apps will support defined CDA

document types, FHIR resources and common

media types

10041 Medications, Allergies and Adverse Reactions

10043 CDA Common Templates

10047 Comprehensive Clinical Assessments for Older People

10050.2 Maternity Care Summary

10052 Ambulance Care Summary

GP2GP and NZePS

Xero has an API that enables account owners to

grant access to apps

Public apps are registered at api.xero.com and

certification is not needed

Access tokens are issued for a limited time

Certified apps may connect to portals and repositories

Publishers will be asked to register new apps

Accredited agents will test and certify apps against

published standards

A directory of repository, patient portal and

authorisation server endpoints will be published