structured data capture (sdc) ucr to standards crosswalk analysis

Structured Data Capture (SDC)UCR to Standards Crosswalk Analysis

July 11, 2013

UCR to Standards Crosswalk • UCR-Crosswalk Analysis Update

– Added three new standards • CDA Questionnaire Form IG• CDA Questionnaire Response IG• Author of Record (esMD)

– Completed Mapping of all Standards against Requirements– Identified suitable Standards for Transport, Security, and Authentication

• Transport: SOAP and REST• Security: TLS • Authentication: SAML 2.0

Transport & Security Content & Structure

# Transaction Transport Authentication

Security/ Encryption Service

Authorization

/ConsentOrganizer/ Container Item Payloads

Reference Information

Model

II01EHR System - Send

Form/template request to Form/Template Repository

SOAPREST SAML TLS

RFDXD*IHE DEX

XUA N/A

To be considered over the longer term:

FHIMCIMICDASH


Form/Template Request to Form/Template Repository with relevant patient data

SOAPREST SAML TLS RFD

XD*XUABPPC

ODM (partial)ICSR (partial)HL7 V3 - Patient Administration Domain

CDA R2CCDACommon Formats (partial)

II03Form/Template Repository

- Sends blank form/template

SOAPREST

SAML TLSRFDXD* (partial)IHE DEX

XUA

CDA R2 (partial)CDA Questionnaire Form IGIHE DEXXHTMLODM (partial)

CDA R2 (partial)CDA Questionnaire Form IGX-FormsXHTMLCommon Formats (partial)CDS Knowledge Sharing IG

II04

Form/Template Repository - Sends form/template with

populated patient data*consider dependency on how

population occurs

SOAPREST SAML TLS

RFDXD* (partial)IHE DEX

XUABPPC

CDA R2 (partial)CDA Questionnaire Form IGIHE DEXXHTML

CDA R2 (partial)CDA Questionnaire Form IGX-FormsXHTMLCDS Knowledge Sharing IG

II05EHR System - Sends

completed form/template structured data

SOAPREST SAML TLS RFD

XD* (partial)

XUABPPCAuthor of Record (esMD)

CDA Questionnaire Response IG

CDA Questionnaire Response IGCDA R2 (partial)CCDA (partial)X-Forms (partial)CDS Knowledge Sharing IG (partial)

S04

Form/Template Repository - (Conditional) Auto-

population of retrieved form / template with EHR-

sent patient data

N/A IHE DEX XUABPPC

ISO 11179 (partial)ODM CDS Knowledge Sharing IG

S05

EHR System - (Conditional) Auto-population of

displayed form / template with EHR-derived patient

data

N/A IHE DEX N/A ISO 11179 (partial)ODM CDS Knowledge Sharing IG

S08EHR System - Store

structured data from form/template in standard

formatN/A RFD X-Forms

XHTML

# Transaction Transport Authentication Security/Encryption Notes on dependencies


Form/template request to Form/Template Repository

SOAPRESTDirect (SMIME)

SAMLTLSDirect (SMIME)HTTPS

• Create IG guidance around substitutable transport options (for all requirements)


Form/Template Request to Form/Template Repository with

relevant patient data


SAMLTLSDirect (SMIME)HTTPSXD*

• Do some of the services specify specific transports?

II03 Form/Template Repository - Sends blank form/template


SAMLTLSDirect (SMIME)HTTPSXD* (partial)

II04Form/Template Repository -

Sends form/template with populated patient data



II05 EHR System - Sends completed form/template structured data



Transport and Security

4

Transport & Security – Transport

Standard Summary of Findings from UCR Crosswalk

Keep?Y/N Rationale Gaps &

Mitigation

SOAP~Transport~

HITSC Rating:*M: 100A: 100SI: 100T: 100

(Y) Fits:Commonly used transport standard.

(P) Partially Fits:

(N) Does not Fit:

Y • Supports all of the anticipated content• Mature • Widely adopted• Synchronous

REST~Transport~

HITSC Rating:*M: 100A: 100SI: 42.9T: 88.3

(Y) Fits:Commonly used transport standard.

(P) Partially Fits:

(N) Does not Fit:

Y • Supports all of the anticipated content• Mature • Adoption increasing• Synchronous

Direct (SMIME)~Transport~~Security~

HITSC Rating:*M: 88.2A: 96.5SI: 42.9T: 81.7

(Y) Fits:Can be used as an additional or optional layer of security on top of REST and/or SOAP

(P) Partially Fits:

(N) Does not Fit:SOAP and REST may be sufficient on their own. Is there any reason to keep DIRECT?

N • Supports all of the anticipated content• Maturing/Mature• Adoption increasing• Asynchronous

• Potential future consideration

5

Transport & Security – SecurityStandard Summary of Findings from UCR

CrosswalkKeep?Y/N Rationale Gaps &

Mitigation

XD*~Security~

HITSC Rating:*M: 93.3A: 93SI: 52.4T: 84.8

(Y) Fits:

(P) Partially Fits:Related to metadata for existing documents that have been registered

Could require modifications/ extensions to be appropriate to use with other standards (RFD for example)

(N) Does not Fit:

Not on T&S

• Consider in Content & Structure • Does specify the use of TLS

TLS~Security~


(Y) Fits:Fulfills all Information Interchange requirements for Security

(P) Partially Fits:

(N) Does not Fit:

Y • Highly functional and fitting to the Use Case• Mature standard• Adoption increasing• Superset of SSL• Gives assurance that you don’t have “rogue node”

participation• FISMA requires TLS for exchange w/ Federal

Agencies• Both sides supply and validate security certificates• TLS v1.0 is recommended

• Cost and management of certificate is an issue

• TLS v1.1 & v1.2 is still not widely accepted (about 10-12%)

HTTPS(SSL)

~Security~


(Y) Fits:Fulfills all Information Interchange requirements for Security

(P) Partially Fits:

(N) Does not Fit:

N • Mature standard• Widely adopted • Less security options

• TLS specifies the exchange & validation of certificates at both sides – would not get with HTTPS/SSL

• Long term sustainability?

6

Transport & Security – AuthenticationStandard

Summary of Findings from UCR Crosswalk


Mitigation

SAML 2.0~Authentication~


(Y) Fits:Fits all Information Interchange Requirements for Authentication

(P) Partially Fits:

(N) Does not Fit:

Y • Standard adopted & mature for use in relevant SDC transactions• Ability to communicate assertion from one user to another is some use

cases is a mandate – and in all of our user stories provides an additional level of content

• SAML 2.0 with SOAP and OAuth 2 with REST are the traditional approaches

• SAML 2.0 is not designed to work with REST

7

8

# Transaction Service Authorization /Consent

Organizer/Container Item Payloads

Reference Information

ModelNotes on dependencies

II01

EHR System - Send Form/template

request to Form/Template

Repository

RFDXD*IHE DEX

XUA N/A

FHIMCIMICDASH

II02

EHR System - Send Form/Template

Request to Form/Template Repository with relevant patient

data

RFDXD*

XUABPPC

ODM (partial)ICSR (partial)HL7 V3 - Patient Administration Domain

CDA R2CCDACommon Formats (partial)

II03Form/Template

Repository - Sends blank

form/template


XUA

CDA R2 (partial)CDA Questionnaire Form IGIHE DEXXHTMLODM (partial)

CDA R2 (partial)CDA Questionnaire Form IGX-FormsXHTMLCommon Formats (partial)CDS Knowledge Sharing IG

II04

Form/Template Repository - Sends form/template with populated patient

data


XUABPPC

CDA R2 (partial)CDA Questionnaire Form IGIHE DEXXHTML

CDA R2 (partial)CDA Questionnaire Form IGX-FormsXHTMLCDS Knowledge Sharing IG

II05EHR System -

Sends completed form/template structured data

RFDXD* (partial)

XUABPPC

CDA Questionnaire Response IG

CDA Questionnaire Response IGCDA R2 (partial)CCDA (partial)X-Forms (partial)CDS Knowledge Sharing IG (partial)

Content & Structure

8

Content and Structure – Service / Container


Keep?Y/N Rationale Gaps & Mitigation

RFD~Service~

HITSC Rating:*M: 89A: 94.7SI: 33.3T: 79.5

(Y) Fits:Fulfills all Information Interchange Requirements for Service category

(P) Partially Fits:

(N) Does not Fit:

Y • RFD in its current instantiation specifies SOAP• RFD is an integration profile• It lays down the plumbing and delegates

specifics about content & domain knowledge for content profiles

• Would allow for substitutability of various content forms

• Use of XUA or other is left to the clinical domains

• RFD to reconsider REST as well as SOAP

• At some points, RFD may be too specific for SDC IG

XD*~Service~


(Y) Fits:Describes the payload

(P) Partially Fits:Partially supports II03, II04 & II05

Related to metadata for existing documents that have been registered

(N) Does not Fit:

Discuss • Discuss more with SDC All Hands WG• Specifies the use of TLS

• Doesn't have any provisions for "Form" and "Auto-population“

• Could require modifications/ extensions to be appropriate to use with RFD

IHE DEX~Service~

~Container~

HITSC Rating:*M: 67.1A: 86SI: 0T: 59.7

Not finalized yet. Not mature. Lack of substantial experience out there with IHE DEX; The way it currently defines data element does not fit well with other X Paths

Container for II03 & II04

Discuss • Discuss more with SDC All Hands WG • Not mature & tested yet

9

Content and Structure – Container & PayloadsStandard Summary of Findings from

UCR CrosswalkKeep?Y/N Rationale Gaps & Mitigation

CDA R2~Container~

~Item Payloads~


(Y) Fits: II02

(P) Partially Fits:Fulfills II03, II04 & II05 partially

(N) Does not Fit:

Discuss

CDA Questionnaire

Form & Response

IGs~Container~

~Item Payloads


(Y) Fits:II03 (Form), II04 (Form) & II05 (Response)Questionnaire as defined could be a generic document -- form/templateDeveloping templates to inform these two guides -- form is not yet specific to a patient, in the case of a CDA R2 document always in relation to a patient

(P) Partially Fits:

(N) Does not Fit:

Discuss • May be able to leverage part of the standards to develop section-level XML templates for the SDC data buckets

• RFD currently states that X-Forms of XHMTL should be used for the response

• Are the CDA IGs compliant?

XHTML~Container~

~Item Payloads~HITSC Rating:*M: 98.3A: 100SI: 4.76T: 79.7

(Y) Fits:Fulfills II03 & II04 requirements

(P) Partially Fits: Consider using something more generic like HTML5, HTML or XMLXHTML is basically a restricted HTML(N) Does not Fit:

Discuss

10

Content and Structure - Container & Payloads



Mitigation

C-CDA~Item Payload~


(Y) Fits:Mapped to II02(P) Partially Fits:Partially to II05.CCDA contains specific templates of CDA. Issues may arise when document is being pushed out as a C-CDA document.(N) Does not Fit:

Discuss • Use CDA-based standards but do not constrain to the available CCDA templates (?)

• Would need to define new CCDA templates

Common Formats

~Item Payload~


(Y) Fits:

(P) Partially Fits:Fulfills II02 & II03

Common Formats are exchanged using CDA XML file structure (document structure: CDA, file format: XML

(N) Does not Fit:

Discuss

X-Forms~Item Payload~

HITSC Rating:*M: 36.7A: 89.5SI: 0T: 46.8

(Y) Fits:(P) Partially Fits:XML DerivativeFulfills II03 & II04 because X-Forms was intended to be used for these Information Interchange Transactions(N) Does not Fit:

Discuss

11

Content and Structure – PayloadStandard Summary of Findings from

UCR CrosswalkKeep?Y/N Rationale Gaps &

Mitigation

CDS Knowledge Sharing IG

~Item Payload~


(Y) Fits:Fulfills II03 & II04Good fit for the content of the form itselfConsider as the payload

(P) Partially Fits:Partially II05

Supports transformation of the form data into some other modelSDC to look at how transformations could work with the standards so it could be published in multiple formats

(N) Does not Fit:

Discuss • There could be an extension to the schema to support II01 & II02 requests

12

Content and StructureStandard Summary of Findings from UCR

CrosswalkKeep?Y/N Rationale Gaps &

Mitigation

XUA~Authorization

/Consent~


(Y) Fits:Fulfills all Information Interchange Requirements for Service category

T&S standard(P) Partially Fits:

(N) Does not Fit:

Y

BPPC~Consent~

HITSC Rating:*M: 100A: 61.9SI: 61.9T: 81.7

(Y) Fits:

(P) Partially Fits:Only fulfills II03, II04 & II05 requirements

T&S Standard(N) Does not Fit:

Y • More explicitly tied to the concept of community-exchanges

CDA Consent Directive IG

~Consent~


Was not evaluated Discuss • Also look at this more closely

13

Content and StructureStandard Summary of Findings from

UCR CrosswalkKeep?Y/N Rationale Gaps &

Mitigation

ODM~Container~


(Y) Fits:Fulfills S04 & S05

(P) Partially Fits:Partial for II02 & II03Content of ODM is non-restrictive. Use for quality measure reporting. Capable of accommodating other data elements if properly configured.

(N) Does not Fit:

N • Partially fits and constrained for specific Use Cases

ICSR~Container~


(Y) Fits:

(P) Partially Fits:Partial for II02

Part of public health initiative in S&I Framework(N) Does not Fit:

N • Partially fits and constrained for specific Use Cases

HL7 V3 - Patient

Administration Domain ~Container~


(Y) Fits:Full solution for II02

(P) Partially Fits:HL7 V3 Doesn’t support returning form data

(N) Does not Fit:

Discuss

14

structured data capture (sdc) ucr to standards crosswalk analysis

Documents

formtemplate request

partialii05ehr system

requirementsii02ehr

dependenciesii01ehr

system functions

fhimcimicdash ii02ehr

ucr crosswalk

displayed form template