1. Data Access Framework (DAF) HL7 September 2013 John Feikema Coordinator, Standards & Interoperability Framework Office of the National Coordinator for Health IT 1

2. Initiative Introduction Data Access Framework Initiative o History o Importance o Scope o Expected Outcomes o Timeline Questions & Answers Agenda 2

3. S&I Framework Phases & Data Access Framework (DAF)Activities 3 PhasePlanned Activities Pre-Discovery  Development of Initiative Synopsis  Development of Initiative Charter  Definition of Goals & Initiative Outcomes Discovery  Creation/Validation of Use Cases, User Stories & Functional Requirements  Identification of interoperability gaps, barriers, obstacles and costs  Review of Vocabulary Implementation  Creation of aligned specification  Documentation of relevant specifications and reference implementations such as guides, design documents, etc.  Validation of Vocabulary  Development of testing tools and reference implementation tools Pilot  Validation of aligned specifications, testing tools, and reference implementation tools  Revision of documentation and tools Evaluation  Measurement of initiative success against goals and outcomes  Identification of best practices and lessons learned from pilots for wider scale deployment  Identification of hard and soft policy tools that could be considered for wider scale deployments

4. Background to Data Access Framework (DAF) BlueButton initiatives enabled patients to access to their own data DAF is a similar concept, except it is focused on enabling providers to access their patient’s data both within and across organizations –Current industry standards are not modular enough to allow the different types of data access desired by Providers –NwHIN targeted and distributed queries –Multiple ONC initiatives Query Health, Innovation projects identified multiple data access challenges within and across organizations 4

5. DAF will identify/create/modify standards to solve basic data access issues faced by providers within their own organization and across organizations in a modular and substitutable fashion. DAF is focused on enabling providers, their tools and applications to access their patient’s data Through new or modified standards DAF will allow providers to use new and innovative applications improve and fill gaps (such as medication tracking, long term care needs) in patient care What is DAF? 5

6. Data Access Framework Problems to Solve Data Portability –Patient moving from one provider to a new provider Quality Improvement –A need for customized “small data analytics” for quality improvement –NwHIN/Targeted Query Remote “chart pulls” Public Health –Common framework needed 6

7. DAF - Example Real World Scenarios A provider wants to access data about a particular population within his/her practice using quality measures For example the provider wants to know all diabetic patients with HbA1c > 7% within their organization A provider wants to access the complete medical history of a patient to improve care and use new tools and applications to improve care Tools include predictive modeling, comparison with existing data sets etc. Enable applications such as Medication Adherence and Tracking to be used by patients and care givers. Enable social workers and other care givers to consume the patient information and determine the next steps in providing care. These may include determining what kind of long term care facility best suits the patient based on their demographics, diagnosis, medications etc. Build an Extraction capability (such as an API) from EMRs 7

8. Local DAF User Story #1 Document Metadata Based Access (Patient Level Query) Summary: A Provider accesses clinical summary documents on an ad-hoc basis for a new diabetic patient with documented poor glucose control by querying for clinical summary documents in his/her local EHR system. A new patient arrives to a small family practice in Boston, MA. The PCP sees a 48 year-old male, with Diabetes Mellitus Type I (DM I) diagnosis since age 12. The patient has a history of myocardial infarction (MI) at age 37 and a stroke at age 43. The patient admits that he often forgets to take his medication as prescribed and often forgets to check his blood sugar levels throughout the day. The patient travels for works and has been admitted to different ER’s numerous times for acute complications due to elevated blood sugar levels. All healthcare facilities where the patient was admitted generated clinical summaries and sent the information to patient’s new physician at the patient’s request. The clinical summaries have been stored in the local document repository database within the organization. For today’s visit, the physician generates an ad-hoc query within the EHR to access all clinical summary documents produced locally and those received from other healthcare facilities, so that he can check if the patient’s HbA1c levels were greater than 7% and if the glucose levels were greater than 100mg/dL over the past 5 years the EHR system queries the document repository database to retrieve the requested information and sends back multiple clinical summary documents to the physician for additional review. This information provides the physician required context to understand the severity of circumstances that led to the patient’s ER admission, the severity of the patient’s non-adherence to medications and formulate a plan to improve the patient’s lifestyle and adherence to medications to mitigate future ER visits and reduce or prevent the progression of established comorbidities.

9. Local DAF User Story #2 Data Element based access (Patient Level Query) Summary: A Gastroenterologist wants to refer his/her patient to an Endocrinologist within the same organization. The Gastroenterologist queries for the patient’s records in preparation for the referral and discovers some of it is sensitive and requires the patient’s consent. With patient approval, the Gastroenterologist updates appropriate security labels within the patient’s protected information so that it can be accessed by the Endocrinologist at a future visit. In accordance with best practice, the Gastroenterologist orders fasting glucose lab tests for new or current Hepatitis C patients. The Gastroenterologist’s EHR receives results from source systems based on queries which are set up to run automatically, and alerts him when a patient’s fasting glucose lab results are between 100 mg/dL and 125 mg/dL. During an initial encounter with a VA patient for Hep-C, the Gastroenterologist is alerted that the patient’s glucose intolerance lab results are very high. The Gastroenterologist wants to refer the patient to an Endocrinologist in his practice. In preparation for the referral, the Gastroenterologist queries the repository for all of the patient’s records including sensitive records disclosed to him by the VA per the patient’s consent. The Gastroenterologist receives a response to this query and is alerted that information related to the patient’s Hep-C, which was diagnosed during substance abuse treatment, is protected under Title 38, and may not be disclosed without patient consent. Before making the referral, the Gastroenterologist asks the patient whether she consents to disclose protected information to the Endocrinologist. The patient agrees, and signs an electronic consent directive. The Gastroenterologist’s EHR updates the security labels on this patient’s protected information authorizing the Endocrinologist to query for her records. When the Endocrinologist’s EHR system queries Gastroenterologist’s EHR, it is authorized to receive the patient’s records including the Title 38 protected information. When researchers within the Endocrinologist’s practice query for Hepatitis C patients, they will not receive the results for patients who have not consented to disclosure for research, because they are not authorized.

10. DAF – Challenges Data Access Framework has to support a wide variety of user stories (samples illustrated below) 10 Data Access Mechanism (Query) Formats Document based access Data element based access Data Access using quality measures Granularity of Data being accessed Patient Level Data Get me the latest lab report for a patient so that I can check if their HbA1c > 7% Retrieve lab information for a patient for the past year where HbA1c > 7% Use a Quality Measure such as NQF 0059 to retrieve patient data for diabetic patients with HbA1c > 7% Population Level Data Retrieve population level information about patients who had a surgical procedure within the last 3 days to prepare for their care transition. Retrieve population level information about patients with age >=65 and HbA1c>7% stratified by ethnicity and preferred language to determine planning needs for the population. Use Quality Measure such as NQF0059 to retrieve population level information about diabetic patients with HbA1c>7%.

11. DAF – Modularity To support the various user stories and access mechanisms there is a need to create a modular and substitutable framework that can evolve with the industry over time: –Modular framework can be best visualized as a stack of standards with multiple layers independent of each other –Substitutable standards will provide the ability to replace standards for a single layer and reuse standards from the other layers Basic Transport Protocols Application Transport Protocols Query Structure Query Vocabularies and Value Sets Authentication/Autho rization Result Structure Result Vocabularies and Value Sets Information Models Transport Layer Security Layer Query Structure Query Results Data Model to support queries Data Access Framework 11

12. Basic Transport Protocols Application Transport Protocols Query Structure Query Vocabularies and Value Sets Authentication/Autho rization Result Structure Result Vocabularies and Value Sets Information Models DAF – Substitutability Transport Layer Security Layer Query Structure Query Results Data Model to support queries Data Access FrameworkInitial Candidate Standards HTTP SMTP SOAP (IHE SOAP) SOAP (IHE SOAP) RESTful (IHE mHealth) RESTful (IHE mHealth) Direct TLS+SAML TLS+OAuth2 S/MIME ebRIM/ebRS HL7 FHIR HL7 HQMF C-CDA HL7 v2.5.1 QRDA I, II, III MU2 ModSpec RTM 12

13. Basic Transport Protocols Application Transport Protocols Query Structure Query Vocabularies and Value Sets Authentication/Autho rization Result Structure Result Vocabularies and Value Sets Information Models Subway™ can do it! Bread Layer Meat Layer Cheese Layer Veggie Layer Condiment Layer Build your own Sub Italian Herbs and CHeese Pastrami 9 Grain Wheat 9 Grain Honey Oat Ham Turkey Roast Beef Swiss Cheddar Monterey Jack Lettuce Tomatoes Onions Italian 13 Mayo Ranch Mustard

14. Data Access Framework Local Access via Intra-Organization Query Targeted Access via Inter-Organization Query Multiple Data Source Access via Distributed Query (Query Health) – Completed Initiative Standards based approach to enable access at all levels: Local, Targeted, and Distributed Create and disseminate queries internal to organization Query Structure Layer APIs Receive standardized responses Query Results Layer Create and disseminate queries internal to organization Query Structure Layer APIs Receive standardized responses Query Results Layer Create and disseminate queries to external organization Query Structure Layer Transport Layer Authentication/Authorization Layer Receive standardized responses from external orgs Query Results Layer Create and disseminate queries to external organization Query Structure Layer Transport Layer Authentication/Authorization Layer Receive standardized responses from external orgs Query Results Layer Create and disseminate queries to multiple orgs Governed by a network Receive aggregated or de-identified responses Focus on Information Model for the network and leverage standards from earlier phases. Create and disseminate queries to multiple orgs Governed by a network Receive aggregated or de-identified responses Focus on Information Model for the network and leverage standards from earlier phases. Data Source Data Source Data Source Query Request Query Response X Hospital System Y Hospital System DAF – Overall Context 14

15. DAF – Scope The work of this initiative will be done in 2 phases: Phase 1 is focused on Local Access via Intra Organization Query Phase 2 is focused on Targeted Access via Inter Organization Query The following capabilities are In-Scope: Define the modular layers for Data Access Framework to support identified business and functional requirements. Identify the existing standards that can be used for each layer of the Data Access Framework including guidance for substitutability of standards for both Local Access and Targeted Access. Define Implementation Guides leveraging existing standards where necessary to structure queries and query results for identified business and functional requirements. Identify standardized APIs that allow applications to query data in a consistent manner across EHRs. We will work with the FACAs and OPP to coordinate policy issues 15

16. Data Access Framework Wiki Page http://wiki.siframework.org/Data+Access+Framework+Homepage Data Access Framework Wiki Page 16