OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

regrep message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [regrep] RE: DNS like distributed search for RegistryObjects


John,
 
Great posting.  Actually you mis-read me - I'm not pushing this off!  What I'm saying is that before people start writing code - we need to have a clear understanding of what the code is intended to enable!
 
As John well knows - I've been looking at this whole issue for five years+ now - beginning with my work on BizID and creating a person managed model for credentialling and content sharing.  This is a radically different model.  It puts people in charge of their information and who has access to it from the ground up.  It provides for ISP style providers - just like we have web page content services - but uses SOA to control that access - instead of it being an open model like webpages (if you know the URL - you can access it).  And of course - just like with web pages - you can track who accesses what, when, and then also do IP blocking as needed based on policies.
 
Here in the US corporations own your information not you.  In the EU there is a shift the other way with information privacy laws.  So the challenge is to provide a service that people embrace and see essential to keep updated.  And preferably one they can access say from their local library PCs (sincere thanks to Bill Gates) via a web browser.
 
With ownership comes responsibility however - to keep that information current and consistent.  With today's US model - the corporations spend huge amounts trying to keep up with that ever changing data as you noted - people are very mobile.  Conversely for people - its a huge task to have to chase down every instance of information and get it updated.  But the potential is huge - for people to provide the "URL" aka BizID - to their registry information - and then that acting as the conduit.  And of course people can have multiple BizIDs - because people have multiple personae - e.g. Patient, Citizen, Consultant, Employee, Soccer Coach, School Parent, Business Traveller, Customer, Seller etc - and thus should be able to selectively profile what is available as views - and then track that access. 
 
The existing web based EHR providers are only touching just one or two aspects of this - along with services like Liberty, Passport and even Google.  None are yet providing the vital missing piece - ability to see the audit use trail and a dashboard that shows subscribers to your information and the policy they have to access that.  (Maybe someone like Google can break the mold here?)
 
I'm very pleased that the IHE/XDS is defining a whitepaper on Registry connectivity - there's a huge need to provide a common vision that can meet both the people expectations and the technology connectivity needs.
 
I look forward to us here all contributing toward that vision - so that the functionality that registry can deliver is in alignment with the business models and needs.  Ultimately there has to be a real sense of the business value being created here - for hospitals and care centers to be able to invest.
 
I know once we have that in hand - actually enabling this with XML and Registry APIs is the relatively easy bit - I don't see any rocket science needed - all this stuff is very familiar terrain - and code is readily to hand to accomplish that.
 
Thanks, DW
 

 


-------- Original Message --------
Subject: RE: [regrep] RE: DNS like distributed search for
RegistryObjects
From: "Moehrke, John (GE Healthcare)" <John.Moehrke@med.ge.com>
Date: Fri, April 14, 2006 8:42 am
To: "David RR Webber (XML)" <david@drrw.info>, "Matt MacKenzie"
<mattm@adobe.com>
Cc: <john@maphin.net>, "Farrukh Najmi" <Farrukh.Najmi@Sun.COM>,
<regrep@lists.oasis-open.org>

David,
 
The concern you have is healthy, and I can assure you that the efforts are all linked. The IHE would rather see standards developed within standards organizations. I am confident that is the reason John passed this use-case along to regrep. John Hardin is involved in the IHE efforts as well. The IHE is also dealing with the laundry list of patient matching, privacy and security issues you raise. Again, we are passing some of our needs off to organizations like SAML and XACML. We are pushing our own standards organizations (HL7, DICOM, ASTM) to fill some gaps. Third, the IHE does clearly describe the residual risks that need to be solved in Policy, Procedure and Magic. So please don't push this request aside as not being thought through (challenge us to prove it, yes). We (IHE) can encourage standards to fill gaps that we identify within the healthcare market, but clearly we can't force the problem to be solved.
 
Right now we are in the process of writing a white paper on the subject of connecting multiple Registries. The reality is that Registries will be the master over a region, that region today is small based on past administrative influences (healthcare company owned, state government run, NHIN contracts). This is the architecture that you referred to as IHE/XDS. The problem is that people are not very sedentary, they like to go on vacations and change jobs. Thus we perceive needs in the future to find historical information across all. Thus why we bring this need up. The issues this raises have not been lost on us: privacy, policy, contractual, safety, etc.
 
John Moehrke
GE Healthcare


From: David RR Webber (XML) [mailto:david@drrw.info]
Sent: Thursday, April 13, 2006 8:32 AM
To: Matt MacKenzie
Cc: john@maphin.net; Farrukh Najmi; regrep@lists.oasis-open.org
Subject: RE: [regrep] RE: DNS like distributed search for RegistryObjects

Farrukh,
 
I'm concerned here as part of what John is asking for is NOT a technology solution.
 
Fire, Aim, Point - I suspect we need a little more Point, Aim, Fire - and BCM directed analysis first... as to the business needs and actual service models.
 
The models John is indirectly referencing are basically competing proprietary approaches to this from service providers - there are literally dozens of these competing for market share. http://www.ehto.org/ehto/ehealthrecord.html
 
Paradoxically none of them seem to have the slightest idea (the ones of asked!) about the notion of shared registry services - basically they are "eyes down" - their answer is "Yes - we can do that - just buy our service / install our software".  The notion of supporting an open public API specification is something they do not have time to waste chasing...because their system has all the information you ever need.
 
Now - there is however the IHE/XDS work.  For me this has always been the mostly likely candidate - because the biggest issue here is NOT technology - its policy and security and access models.
 
Who is allowed to see what?  How do you credential the search query?  You certainly cannot just hand out patient information willy-nilly.  The best I think you can hope for is to ascertain that a registry MAY have information that relates to a patient.  Notice - data entry screw-ups happen frequently in busy hospital and care center environments - so matching on Patient Name, Telephone #, Age, Address, SSN with some weighting algorithm may be needed ( I wrote one of these for 3M Healthcare some 10 years ago now to reconcile patient records across city care providers - such as Cincinnatti, Baltimore, Pittsburg and so on where you have same patient going to one or more providers in the same city care group).  Notice even the SAME hospital may have duplicate records for the one patient!
 
Given all these caveats - here's a short list of business factors:
 
1) Security model is essential - who is making query, what information is to be matched, what can be returned?
 
2) Audit trail is essential - who accessed the information and when?
 
3) What certificates and authentication can be applied?  To the patient themselves, and to the requester?
 
4) Who owns the information?  The patient or the care provider?
 
5) What API needs to be defined to support the business requirements?
 
6) How do care providers begin to participate in this?
 
I suspect the answers to much of this lay in a joint collaboration with IHE/XDS, NIST, OHC Project and this TC - to hammer out extensions to the existing IHE/XDS secure server - because that way - whatever is built then becomes immediately accessible to all those currently implementing those servers...
 
See: http://ebxmlforum.blogspot.com/2006/04/open-healthcare-framework-ohf-project.html
 
Thanks, DW


-------- Original Message --------
Subject: [regrep] RE: DNS like distributed search for RegistryObjects
From: "Matt MacKenzie" <mattm@adobe.com>
Date: Thu, April 13, 2006 8:45 am
To: "Farrukh Najmi" <Farrukh.Najmi@Sun.COM>,
<regrep@lists.oasis-open.org>
Cc: <john@maphin.net>

It is possible to represent a classification scheme using DNS-SD...which I
think is a great idea as it would allow for very fine grained partitioning.
Please let me know how I can help, I'll try my best to find some time.
-matt

-----Original Message-----
From: Farrukh Najmi [mailto:Farrukh.Najmi@Sun.COM]
Sent: Thursday, April 13, 2006 8:14 AM
To: regrep@lists.oasis-open.org
Cc: john@maphin.net; Matt MacKenzie
Subject: DNS like distributed search for RegistryObjects


Dear Colleagues,

Attached is an email from John Hardin whom many of you may know already.

John's email has reminded me of the the need for the TC to define a DNS
like distributed search for RegistryObjects.
He shares a very real use case from Electronic Patient Records world on
how important this functionality is.

I share this sense of importance and would like to propose that we as a
TC consider starting a work item focused on
defining a normative spec addressing this requirement. As a starring
point we could study past work by Matt MacKenzie on the subject:

http://www.oasis-open.org/committees/download.php/6852/tn-ebreg-dnssd-02.htm
l


What do Matt and TC colleagues think?

--
Regards,
Farrukh
--------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. You may a link to this group and all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]