Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Writing
  3. Grammar

2014-09-02-P EHR Verb Categorization by Record Entry

advertisement 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
Verb Categorization by Record-Entry Events
EHR Interoperability-Privacy and Security Work Groups
Verb Harmonization Initiative Work-in-Progress Notes
Steve Hufnagel, facilitator, 2 September 2014 DRAFT-P
INTRODUCTION1: Privacy and Security can provide authorization and access controls to EHR system
operations and information exchanges, which result in record-entry lifecycle state transitions; where,
 CRUDEA (Create, Read, Update, Delete, Execute, Append) are underlying computer operations
 Record entries go through a sequence of lifecycle events (aka state transitions)
 EHRS FM operation verbs are “triggers” to the record-entry state transitions
 Security audit log and/or provenance metadata may be captured, at the record-entry state
transitions, as Fast Healthcare Interoperability Resources (FHIR).



The goal of this initiative is to align EHR, Security and Privacy terms.
The objectives / approach of this initiative are to iteratively
1. categorize the verbs by the Record-Entry lifecycle events they trigger
2. align events and their trigger verbs in the context of each Record-Entry lifecycle event
3. align lifecycle events, Privacy and Security controls, and EHR operational verbs.
The products of this initiative are:
1. Domain Analysis Model (DAM) (e.g., State Transition Model of record-entry events)
2. Vocabulary, taxonomy (abstract hierarchy) and glossary of “terms”; where,
 term implies classes or objects containing record-entry nouns and operation verbs.
REFERENCE: See companion Excel workbook “EHRS-FM Verb triggers mapped to Record-Entry
Lifecycle Events Harmonization-Matrix and Definitions.xlsx”, which also contains the glossary of terms.
REQUESTED ACTION: Please pose questions and provide suggestions for improvement.
ASSUMPTIONS: Lifecycle Event State Transition Diagram (below)
1. Foundational Events need full provenance metadata resource; while, derived events may only need privacy
& security metadata resource; where,
 Events/States are adjectives for Record-Entries (e.g., originated/ retained and encrypted record-entry)
 One-or-more verbs can trigger one-or-more events/states
o (e.g., Export record-entry results-in an exported and disclosed record-entry)
2. Within an EHRS-FM profile, this Notional Record-Entry-Lifecycle State-Transition-Diagram should be
adapted to define "fit-for-purpose" state-transitions and state-transition metadata according-to scope-of
practice, organizational-policy and jurisdictional-law.
 e.g. business Rules may change the “Final State” from “Destroyed” to “Archived” and/or remove “Destroyed”.
SUGGESTIONS / ISSUES:
1. 7/29/14 MvdZ – CRUDEA needs Query and Search [Michael Van Der Zel]
2. 7/29/14 TW – Categorizations/ hierarchies based-on policy (e.g., read access of sensitive data).
a. 7/30/14 SH – What provenance is associated with ABAC access to sensitive data
3. 7/29/14 RDG - “Disambiguate” verb may be merited. [Reed Gelzer]
4. 7/29/14 RDG - The EHR FM R2 glossary definition for Attest/Attested may or may not line up entirely with
its use here.
1
This Introduction is based on the 2014-07-15 EHR Interoperability Workgroup and Privacy and Security Workgroup PSS discussions.
47
48
49
50
51
52
5. 7/29/14 RDG - The EHR FM R2 Glossary does not have Verify as a noun or verb.
6. 7/29/14 RDG - Consider the concept that there are undoubtedly transition events that are aggregations of
simultaneous transition types. For example, when executing an amendment on a Record Entry, a common
scenario will include retaining the original as an immutable entry AND executing the amendment transition
to an Amended record AND retaining the amended record entry as an immutable entry? Presumably
“aggregated transition events” would be designed in and “hard coded” or configurable.
stm Notional State-Transition-Diagram (STD); where, EHRS-FM operarion verbs trigger Record-Entry Lifecycle-Events 2
Linked = 1
Boundary states
are derived.
Linked = 0
Encrypted = 1
unlink
De-Identified = 0
Encrypted = 0
decrypt
decrypt
encrypt
link
Translated = 1
translate
transmit
Transmitted = 1
Foundation Record-Entry State-Machine results in an immutable record; where, state-transitions and
associated metadata are according-to scope-of-practice, organizational-policy and jurisdictional-law
re-identify
pseudomize
De-Identified = 1
Originated/
Retained = 1
de-identify
originate
receive
business rule to
receive or originate
without retaining
Initially, all
states = 0
Legal Hold = 0
business
rule
Attested = 1
amend
amend
attest
Amended = 1
Inmutable
Record
verify
amend
Received/ Retained
=1
remove hold
business
rule
verify
Immutable
Record
view
extract
Outputed/ Reported
=1
Viewed/ Accessed =
1
Extracted = 1
Verified = 1
verify
place
hold
Legal Hold = 1
output
attest
decide
Decided = 1
attest
destroy
depricate
archive
re-activate
Deprecated/
Retracted = 1
Destroyed = 1
Deprecated/
Retracted = 0
Archived = 1
disclose
restore
Archived = 0
Disclosed = 1
destroy
Final State
RBAC & ABAC
Record-Entry State-Transition
Trigger
Event
 A hierarchy from high-level RBAC (Role-Based Access-Control) managed CRUDEA (Create, Read, Update, Delete, Execute, Append) categorized
RELC events, to ABAC (Attribute-Based Access-Control) managed low-level operational-verb event-triggers defines where provenance (e.g., who,
what, when, where, why, how) metadata (e.g., FHIR) is associated with "foundational" RBAC managed state-transitions (leading to immutable
records), and also associated with ABAC managed sensitive-data accesses; where, shared-records should include RBAC provenance metadata.
MetaData
53
54
Figure 1 Notional State Transition Machine for Record-Entry Lifecycle Events




55
56
57
58
59
60
61
62
63
64
 This notional RELC (Record-Entry Life-Cycle) State-Transition-Machine defines "fit-for-purpose" state-transitions with associated access-controls and
metadata according-to scope-of practice, organizational-policy and jurisdictional-law; where, security metadata is associated with all state-transitions.
State Transition from Archived to Destroyed was added.
Direct transition from originate receive to destroy was added for non-retained information
Immutable record transition from Originated / Retained or Received / Retained was added
RBAC & ABAC added as managing record-entry state-transitions
Legend



Record-Entry Lifecycle Event
EHRS-FM Verb
Privacy & Security verb
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
Manage an EHR
1. CRUDEA (Create, Read, Update, Delete, Execute, Append)
(1) ISSUE: What about Query and Search [Michael Van Der Zel]
(2) Control Access (Privacy & Security) applies to all operational verbs
(a) Authenticate
(b) Authorize
(c) NOTE: RBAC is at the CRUDEA level, ABAC is at the operational verb level [Steve Hufnagel]
(3) Metadata, with each type of CRUDEA (Create, Read, Update, Delete, Execute, Append)
(a) Provenance
(b) Privacy & Security Track
(i) Log (Logging typically means the recording of implementation level events that happen as the program
is running (methods get called, objects are created, etc.). As such it focuses on things that interest
programmers)
(ii) Audit (Auditing is about recording domain-level events: a transaction is created, a user is performing an
action, etc. In certain types of application (Banking) there is a legal obligation to record such events.)
(4) Privacy & Security Modify_Status These are at the CRUDEA level [Steve Hufnagel]
(a) Abort
(b) Activate
(c) Cancel
(d) Complete
(e) Hold
(f) Jump
(g) Nullify
(h) Release
(i) Resume
(j) Suspend
2. Maintain
(a) Foundational Lifecycle Events/States and associated Trigger Verbs
(i) CRUDEA, FHIR: Provenance & Security Event, RBAC access controls
1. Originate/ Retain Event-State may be triggered by the following verbs.
a. Originate
i. Capture
ii. Enter
b. Retain
i. Store
ii. Save
2. Receive/ Retain Event State-transition may be triggered by the following verbs:
a. Exchange (needs definition!)
(i) Receive
1. Import Import
(ii) Retain
1. Store
2. Save
3. Auto Populate
4. Copy
5. Duplicate
111
112
113
114
115
116
117
118
119
120
121
122
6. Reproduce
(ii) CRUDEA, FHIR: Provenance & Security Event, [if Attest is done separately from Originate],
1. Amend Event State-transition may be triggered by the following verbs:
a. Amend [deprecated to edit in glossary action required!]
b.
Update [top level verb]  RECOMMENDATION: Change Amend Event to Update Event
i. Edit, [Definitions refer to amend, action required!]
ii. Redact
iii. Replace [Out of place?]
iv. Annotate Annotate
v. Append
vi. Integrate
vii. Tag [aka flag, does not require re-attest, out of place? Where does this belong?, EHRS Definition
123
124
125
126
127
is flag for follow-on action] ACTION: Security definition of Tag
2. Attest Event State-transition may be triggered by the following verbs:
a. Sign (includes a digital signature) =? Attest (does attest include a signature?)
3. Verify Event State-transition may be triggered by the following verbs:
a. Verify Verify
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
(iii) CRUDEA, FHIR: Provenance & Security Event
1. Destroy Event State-transition may be triggered by the following verbs:
a. Purge Purge (specific type of delete where recovery is NOT possible))
b. Delete (recovery is potentially possible)
(b) Derived Lifecycle Events/States and associated Trigger Verbs
(i) CRUDEA, FHIR: Security Events
1. View/ Access Event State-transition may be triggered by the following verbs:
a. Access (privacy permission … ability to read) =? Read (data operation)
b. Collect
c. Use
d. Transmit , Exchange
e. Harmonize
f. Determine
g. Analyze
h. Decide
i. Privacy permissions constrain or require logging of the data operations
j. FHIR: Security Event
2. Disclose Event State-transition may be triggered by the following verbs: (Deprecated verb)
a. Disclose (privacy operation?)
b. Export (deprecated) Export
c. Exchange (send and receive  recommend deprecation of Exchange)
d. Render
i. Print
ii. Present
e. Forward
f. Transfer
g. FHIR: Security Event
3. Output/ Report Event State-transition may be triggered by the following verbs:
a. Transmit
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
b. Export Export
c. Exchange
d. Render
i. Print
ii. Present
e. Forward
f. Transfer
g. Disclose (based on Privacy & Security policy)
h. FHIR: Security Event
i. NOTE: This may result in a Receive/ Retain event for the recipient
4. Transmit Event State-transition may be triggered by the following verbs:
a. Transmit
b. Export Export
c. Exchange
d. Render
i. Print
ii. Present
e. Forward
f. Transfer
g. Disclose (based on Privacy & Security policy)
h. FHIR: Security Event
i. NOTE: This may result in a Receive/ Retain event for the recipient
j. ISSUE: What is the difference between Output/Report and Transmit?
5. Extract Event State-transition may be triggered by the following verbs:
a. Extract
b. Excerpt
c. Derive
d. FHIR: Security Event
e. NOTE: This may result in a Create/ Retain event for a new record-entry
(ii) CRUDEA, FHIR: Provenance & Security Event
1. Link Event State-transition may be triggered by the following verbs:
a. Link
b. Tag
c. Track
d. Log
e. Audit
f. Sustain (Ops.) [Out of place?]
g. FHIR: Security Event
2. Unlink Event State-transition may be triggered by the following verbs:
a. unlink
b. FHIR: Security Event
3. Translate Event State-transition may be triggered by the following verbs:
a. Translate
b. Convert
c. Encrypt Encrypt
d. Decrypt Decrypt
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
4.
5.
6.
7.
8.
9.
e. (Modify) Data Visibility [Does this belong here?]
f. De-identify De-identify
i. Pseudonymize
ii. Anonymize
iii. Mask Mask
iv. Redact
v. Hide
g. FHIR: Security Event
h. NOTE: This may result in a Create/ Retain event for a new record-entry
Pseudomynize Event State-transition may be triggered by the following verbs:
a. Pseudonymize
b. De-identify De-identify
c. FHIR: Security Event
d. NOTE: This may result in a Create/ Retain event for a new record-entry
De-Identify Event State-transition may be triggered by the following verbs:
a. (Modify) Data Visibility [Does this belong here?]
b. De-identify De-identify
i. Pseudonymize
ii. Anonymize
iii. Mask Mask
iv. Redact
v. Hide
c. FHIR: Security Event
d. NOTE: anonymize and randomize missing?
e. NOTE: This may result in a Create/ Retain event for a new record-entry
Re-Identify Event State-transition may be triggered by the following verbs:
a. (Modify) Data Visibility [Does this belong here?]
b. Re-identify, Re-identify
c. Identify
d. Unmask
e. Unhide
f. FHIR: Security Event
g. NOTE: This may result in a Create/ Retain event for a new record-entry
Place Legal Hold Event State-transition may be triggered by the following verbs:
a. Annotate / [Log]
b. Tag
c. FHIR: Security Event
d. NOTE: This may result in a Create/ Retain event for a new record-entry
Remove Legal Hold Event State-transition may be triggered by the following verbs:
a. Annotate / [Log]
b. Tag
c. FHIR: Security Event
d. NOTE: This may result in a Destroy event for a copied record-entry, put on legal hold.
Encrypt Event State-transition may be triggered by the following verbs:
a. Encrypt Encrypt
b. FHIR: Security Event
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
10.
11.
12.
13.
14.
c. NOTE: This may result in a Create/ Retain event for a new record-entry
Decrypt Event State-transition may be triggered by the following verbs:
a. Decrypt Decrypt
b. FHIR: Security Event
c. NOTE: This may result in a Create/ Retain event for a new record-entry
Archive Event State-transition may be triggered by the following verbs:
a. Archive Archive
b. Backup Backup
c. FHIR: Security Event
d. NOTE: This may result in a Create/ Retain event for a new record-entry
Restore Event State-transition may be triggered by the following verbs:
a. Restore Restore
b. Recover
c. FHIR: Security Event
d. NOTE: This may result in a Create/ Retain event for a new record-entry
Deprecate/ Retract Event State-transition may be triggered by the following verbs:
a. Remove
b. Obsolete
c. Tag [Out of place?]
d. FHIR: Security Event
e. NOTE: This may also result in an archive event
Re-Activate Event State-transition may be triggered by the following verbs:
a. Re-activate
b. Annotate / [Log]
c. Tag [Out of place?]
d. Restore Restore
e. Recover
f. FHIR: Security Event
g. NOTE: This may result in a Create/ Retain event for a new record-entry
Related documents
List of verbs describing tasks
List of verbs describing tasks
MODAL-VERBS
MODAL-VERBS
Creating your Mission Statement PowerPoint (Laurie Beth Jones)
Creating your Mission Statement PowerPoint (Laurie Beth Jones)
The Future of Standards John D. Halamka MD HITSC Workplan
The Future of Standards John D. Halamka MD HITSC Workplan
Grammar - Cloudfront.net
Grammar - Cloudfront.net
Goals and Objectives powerpoint
Goals and Objectives powerpoint
Common Non-action Verbs Stative Units 1 2
Common Non-action Verbs Stative Units 1 2
The Helpful Hundred – Planning for Instruction
The Helpful Hundred – Planning for Instruction
Download
advertisement