Data Provenance –Use Case (Discovery) Ahsin Azim– Use Case Lead Presha Patel – Use Case Lead 1

Proposed Use Case & Functional Requirements Development Timeline 2 Week Target Date (2014) All Hands WG Meeting Tasks Review & Comments from Community via Wiki page due following Tuesday by 8 P.M. Eastern 16/12 Use Case Kick-Off & UC Process Overview Introduce: In/Out of Scope & Assumptions Review: In/Out of Scope & Assumptions 26/19 Review: In/Out of Scope & Assumptions Introduce: Context Diagram & User Stories Review: Context Diagram & User Stories 36/26Review: Context Diagram & User StoriesReview: Continue Review of User Stories 47/3 Review: Finalize User Stories Introduce: Pre/Post Conditions Review: Pre/Post Conditions 57/10 Review: Pre/Post Conditions Introduce: Activity Diagram & Base Flow Review: Activity Diagram & Base Flow 67/17 Review: Activity Diagram & Base Flow Introduce: Functional Requirements & Sequence Diagram Review: Functional Requirements & Sequence Diagram 77/24 Review: Functional Requirements & Sequence Diagram Introduce: Data Requirements Review: Data Requirements 87/31 Review: Finalize Data Requirements Introduce: Risks & Issues Review: Risks & Issues 98/7 Review: Risks and Issues Begin End-to-End Review End-to-End Review by community 108/14End-to-End Comments Review & dispositionEnd-to-End Review ends 118/21Finalize End-to-End Review Comments & Begin ConsensusBegin casting consensus vote 128/28Consensus Vote*Conclude consensus voting

Sections for Review 3 Today we will be reviewing: 1.Overview of S&I Wiki Page to submit UC comments 2.Scenarios and User Stories Introduce: 1.Pre-Post Conditions (time permitting) Double click the icon to open up the Word Document with the sections for review

Draft Use Case Information Interchange per scenario 4 End Point (EHR) End Point (EHR) Data Source (EHR, Lab, Other) Assembler (EHR, HIE, other systems) Assembler (EHR, HIE, other systems) Data Source (EHR, Lab, Other) Transmitter ONLY (HIE, other systems) Transmitter ONLY (HIE, other systems) Scenario 1 Scenario 2 Scenario 3 Data Source (EHR, Lab, Other) Data Source (EHR, Lab, Other) Pre-step – Creation of the data and associated provenance information

Based on the Context Diagram, we can break up our workflows into 3 different scenarios: 1.Data Source  End Point 2.Data Source  Transmitter  End Point 3.Data Source  Assembler  End Point Note – For each of the above, there is a pre-step associated with creation of the data and associated provenance information Draft Definitions: Data Source – Health IT System where data is created (the true source) Transmitter – A system that serves as a pass through connecting two or more systems Assembler– A system that extracts, composes and transforms data from different patient records End Point – System that receives the data 5 Scenarios 6/26 - options for Data Source Data Author Record/ Document Source

Scenario 1: Data Source  End Point User Story 1: A patient arrives at the ophthalmologists office for her annual eye exam. The ophthalmologist conducts an eye exam and captures all of the data from that visit in his EHR. The ophthalmologist electronically sends the information back to the patient’s PCP (where all data in the report sent was created by the ophthalmologist). User Story 2: A patient wishes to transmit the Summary of Care Document she downloaded from her PCP to her Specialist. Rather than downloading and sending it herself, she requests that the PCP transmits a copy of the document on her behalf to her Specialist. PCP is the only author of the Summary of Care Document and also the sender of the information to the Specialist. The Specialist understands from the document’s provenance that it is authentic, reliable, and trustworthy. 6 User Stories – Scenario 1 Notes – 6/26 Provenance for the request made to PCP is not in scope in his user story.

Scenario 2: Data Source  Transmitter  End Point User Story 1: While training for a marathon, a patient fractures his foot. The patient’s PCP refers the patient to an orthopedic specialist for treatment. After the PCP electronically sends the referral, the information is passed through an HIE, before being received by the orthopedic specialist’s system. The orthopedic specialist receives the summary of care with provenance information and an indication that the data passed through an HIE. 7 User Stories – Scenario 2

Scenario 3: Data Source  Assembler  End Point Note: A community of providers have established a data use agreement that allows them to upload data to an HIE repository. When data is sent to the repository, the provenance information is also included. User Story 1: A patient is rushed to the Emergency Department due to a car accident. The physician on hand wants to obtain the patient’s summary record before administering care. The physician queries the HIE repository and receives a summary record from the past six months. The data received includes the provenance information from the originating sources and also information that identifies the assembler and the actions they have taken. User Story 2: A patient with diabetes goes to Lab A to have his blood drawn. Lab A sends the lab results to the PCP’s EHR with provenance information attached. Upon reviewing the lab results, the PCP decides to refer the diabetic patient to a specialist for consultation. The PCP electronically sends the referral to the specialist with the lab results from Lab A along with relevant data originating in the PCP’s own EHR. 8 User Stories – Scenario 3

Scenario 3: Data Source  Assembler  End Point Use Story 3: A PCP tethered PHR enables patient to download and transmit Summary of Care records to anyone she chooses. Patient downloads full Summary of Care Document, disaggregates the medications, problems, and vital signs in the document and then copies these into her PHR along with medications, problems and vital signs added previously. Patient then sends selected medications, vitals, and problems from PHR to her Fitness Trainer. The Fitness Trainer understands that the information received has been assembled by the patient and that it was authored by various other clinical staff. 9 User Stories –Scenario 3 (Cont.)

Pre-Post Conditions (time permitting) Preconditions Where it exists, the assembling software, is integrated into systems such as EHRs, PHRs, and HIEs – indicating the type of information for a receiver to use as provenance for calculating reliability, and the organization or person responsible for deploying it There exists an Access Control System that allow the assembler to perform necessary tasks for predecessor artifacts and newly assembled artifacts All systems generating or consuming any artifact are capable of persisting the security labels received and data segmentation based the security labels assigned by the artifact generator, which may be an assembler 10 Post Conditions Receiving system has incorporated provenance information into its system and association of the provenance information to the source data is persisted Sending and receiving systems have recorded the transactions in their security audit records

A look ahead: Data Provenance Next Week 11 July 3 rd, 2014 – All Hands Community Meeting (2:30-3:30) – Finalize Scenarios and User Stories – Discuss Pre-Post conditions Provide your comments on the bottom of this page

Support Team and Questions Please feel free to reach out to any member of the Data Provenance Support Team: Initiative Coordinator: Johnathan Coleman: OCPO Sponsor: Julie Chua: OST Sponsor: Mera Choi: Subject Matter Experts: Kathleen Conner: and Bob Yencha: Support Team: – Project Management: Jamie Parker: – Use Case Development: Presha Patel: and Ahsin Azim: – Harmonization: Rita Torkzadeh: – Standards Development Support: Amanda Nash: – Support: Lynette Elliott: and Apurva Dahria: 12