Add to collection(s) Add to saved
  1. Science
  2. Health Science

MiHIN Request Basic Provider Information from Statewide Directory

advertisement 
MICHIGAN HEALTH INFORMATION NETWORK SHARED SERVICES
REQUEST BASIC PROVIDER INFORMATION FROM STATEWIDE DIRECTORY
Use Case Category = Health Provider Directory
Use Case Prerequisites = None
Approved Date: 05/21/2013
Effective Date:
Change Control
Version
Number
1.0
3.0
Revision
Date
3/27/13
3/27/13
4/1/13
C. Gingrich
J. Shaw
C. Gingrich
4, 11
4.0
5.0
4/1/13
5/7/13
C. Gingrich
C. Gingrich
All
All
6.0
5/8/13
C. Gingrich
All
7.0
8.0
9.0
12/26/13
05/15/14
05/29/14
Zimbelman
Fontaine
Fontaine
2.0
Author(s)
Section(s)
11.4
Intro, 11.4
footnote
Summary
Initial Draft
Updates (minor)
Removed an audit requirement
per T. Pletcher discussion and
added ‘organization’ to Basic
Query definition.
General Edits
Updated to new legal Use Case
Agreement template
Updates from internal review
with MiHIN HPD Team
Added approval date
Updated
Updated definition of
participating organization,
added HIPAA language
Approved
Date
Effective
Date
05/21/13
05/21/13
This Use Case Agreement (“Use Case”) is one of several Use Cases and is effective and binding
upon the undersigned Participating Organization (“Participating Organization”), and subject to
the Qualified Data Sharing Organization Agreement /Virtual Qualified Data Sharing
Organization Agreement/Consumer Qualified Data Sharing Agreement/Sponsored Shared
Organization Agreement/State Sponsored Sharing Organization Agreement/(the “Agreement”)
between the Participating Organization and the Michigan Health Information Network Shared
Services (“HIN”), as of the last date in the signature block hereto. HIN and Participating
Organization are referred to herein collectively as “Parties” and individually as a “Party.”
1.
GOAL. The goals of the HIN Directory Basic Query Service are: a) to provide tools for
Participant Organizations to have real-time access to Health Professional and Electronic Service
Information for the purpose of fulfilling treatment, payment or operational functions as defined
in the HIPAA Privacy Rule, and b) to enable Participating Organizations and authorized Health
Professionals to securely exchange healthcare information.
2.
PURPOSE. This Directory Basic Query Use Case Agreement a) documents the
supported types of database access, data results, and data use and b) defines organizational roles
Page | 1 of 9
and responsibilities for HIN and Participating Organization(s) as they pertain to Basic Queries of
the Directory.
3.
USE CASE DIAGRAM.
Web User Interface based Query
Application Programming Interface (API) based Query
4.
DEFINITIONS.
4.1
Affiliation means the relationship between a Person Record and an Organization
Record or between two Organization Records.
4.2
Affiliation Type means the type of relationship or Affiliation between a Person
Record and an Organization Record or between two Organization Records. For
example employed by, admitting privileges, etc.
4.3
Electronic Address means a string that identifies the transport protocol and end point
address for communicating electronically with a recipient. A recipient may be a
person, organization or other entity that has designated the electronic address as the
point at which it will receive electronic messages. Examples of an electronic address
are an email address (Direct via SMTP) or URL (SOAP / XDR). Communication with
an electronic address may require a digital certificate.
4.4
Electronic Service Information (ESI) means all information reasonably necessary to
define an electronic destination’s ability to receive and consume a specific type of
information (e.g. discharge summary, patient summary, laboratory report, query for
Page | 2 of 9
patient/provider/healthcare data). The information should include the type of
information (e.g. patient summary or query) the destination’s Electronic Address (see
definition above), the Messaging Framework supported (e.g. SMTP, HTTP/SOAP),
Security information supported or required (e.g. digital certificate) and specific
payload definitions (e.g. CCD C32 V2.5). In addition, this information may include
labels that help identify the type of recipient (e.g. medical records department).
4.5
Health Information Network (HIN) means Michigan Health Information Network
(MiHIN) Shared Services.
4.6
Health Professional means any person holding a clinical or non-clinical position
within or associated with an organization that provides healthcare or healthcare related
services. People who contribute to the gathering, recording, processing, analysis or
communication of health information. Examples include but are not limited to
Physicians, Physician Assistants, Nurse Practitioners, Nurses, Medical Assistants,
Home Health Professionals, Administrative Assistants, Receptionists, Clerks, etc.
4.7
Health Provider Directory (HPD) (“the Directory”) means the state-wide shared
service established by HIN that contains contact information on Health Professionals,
Healthcare Organizations, Electronic Addresses and Electronic Service Information, as
a resource for authorized users to obtain efficient, accurate and reliable contact
information and securely exchange health information.
4.8
Information Source means any Participating Organization that provides information
that is added to the Directory.
4.9
Network Downtime means a Party is unable to transmit and receive data from the
Internet for any reason, including but not limited to the failure of network equipment
or software, scheduled or unscheduled maintenance, general Internet outages, and
events of force majeure.
4.10 Organization Record means any record in the Directory that primarily relates to a
company or other organization (i.e., not a person).
4.11 Participating Organization means an organization that has entered into at least one
of: (a) the Qualified Data Sharing Organization Agreement, or (b) the Virtual
Qualified Data Sharing Organization Agreement, or (c) the Participant Agreement and
which has also entered into this Use Case Agreement with HIN.
4.12 Person Record means any record in the Directory that primarily relates to an
individual person.
4.13 Qualified Data Sharing Organizations (QO) as defined in the Qualified Data
Sharing Organization Agreement.
4.14 Virtual Qualified Data Sharing Organization (VQO) as defined in the Virtual
Qualified Data Sharing Organization Agreement.
Page | 3 of 9
5.
MESSAGE CONTENT.
5.1 Primary Use. To provide up-to-date Health Professional, Electronic Address and
Electronic Service Information, such as Direct Addresses, to authorized Health
Professionals to facilitate contact look-up and secure exchange of health information
for the purpose of meeting operational, treatment or payment obligations as defined in
the HIPAA Privacy and Security Rules.
5.2 Additional Terms. The Participating Organization’s may use the Directory consistent
with the terms herein and as otherwise permitted by the Agreement, provided,
however, that in no case shall Participating Organization use or share data in a manner
inconsistent with this Use Case, as applicable. To the extent there is an express
conflict between the terms herein and the Agreement, the Agreement, as applicable,
shall prevail.
6.
FEES.
There will be no fees associated with the Directory Basic Query Service for the purpose of this
Use Case Agreement. Potential fees between HIN and the Participating Organization and
associated payment terms may be defined in each Participating Organization’s Statement of
Work for this effort.
7. APPROVED DIRECTORY BASIC QUERY ACCESS METHODS.
HIN will provide two methods for Participating Organization(s) to perform Basic Query
access to the Health Provider Directory:
8.1 A Web Based User Interface containing predefined search capabilities and associated
functionality to query and retrieve Directory data.
8.2 Application Programming Interfaces (APIs) which may be used by Participating
Organization(s) within their own software applications or their instance of a commercial
product to query and retrieve Directory data.
9. DATA USE POLICIES.
9.1 Permitted Uses and Limitations on Use
9.1.1 The data provided as a result of querying the Directory is provided to
Participating Organization(s) for informational purposes only.
9.1.2 Participating Organization(s) shall not retain the data other than for the
immediate use for the purpose of performing treatment, payment or operational
Page | 4 of 9
functions.
9.1.3 Participating Organization(s) may not sell or assign the data to outside parties.
9.1.4 Any reliance upon, interpretation of and/or use of the data by Participating
Organization(s) is solely and exclusively at the discretion of the Participating
Organization.
9.1.5 Participating Organization(s) may retain the Directory data for purposes of
maintaining operational logs, including audit logs, or to meet legal reporting
requirements.
9.1.6 Participating Organization(s) shall not represent the data in any way other than as
expressed in this Use Case Agreement.
10.
SERVICE LEVEL. The Parties desire that the Directory Basic Query Services meet the
service levels set forth below:
10.1 Availability The Parties desire that Basic Query access to the Directory be available
and accessible on-demand 24x7x365, excluding regular scheduled maintenance windows
or other unforeseeable events, either thru the web-based UI or thru the Directory Basic
Query API’s pursuant to the “Attachment D - Service Levels of HIN HIE Platform” in
the Agreements.
10.2 Response Time The resulting data response time from a basic query Directory
submission via the web based UI will be returned within 10 seconds. The resulting data
response time of a basic query submitted via API call(s) will be returned within 10
seconds.
10.3 System or Network Downtime Notwithstanding Section 8.1, if the Parties experience
a System or Network Downtime event, query processing may error or time-out. If the
error(s) occur during submission of a query, HIN will return an error message indicating
the type of error. HIN will not store or resolve query requests that occur during system
or network outages. Participating Organization(s) may resubmit the query when the
issue(s) have been resolved.
11.
AUDITING.
11.1 Abilities to Audit. The Parties shall monitor and audit all access to and use of its
system related to this Use Case for system administration, security, and other legitimate purposes
consistent with each Party’s standard operating procedures, as per the Agreement.
11.2
Audit Logs.
11.2.1 Audit Logs for Directory Basic Query via Web User Interface
11.2.1.1 HIN will gather audit data for access to the Directory via the Basic
Query Access Method. HIN shall, at a minimum, log the following
information: (i) identity (e.g. unique identifier) of individual logged
Page | 5 of 9
into the system; (ii) date and time of query submission; (iii) content of
query submission; and (iv) any Notices, failures, or network events.
11.2.2 Audit Logs for Directory Basic Query via API’s
11.2.2.1 Participating Organization(s) shall, at a minimum, log the
following information: (i) identity (e.g. unique identifier) of
individual logged into the system; (ii) date and time of query
submission; (iii) any Notices, failures, or network events that
occurred during the query formulation or submission process, and (iv)
any other audit data required to ensure successful query development,
submission or error tracking.
11.2.2.2 Except as provided in the foregoing, HIN shall not be obligated to
maintain and shall not be responsible for either maintaining records of
the content of any query submission between the Parties or inspecting
the content of the query results.
11.3 Production of Audit Logs Upon a good faith written request by a Party, the nonrequesting Party shall produce the requested audit logs within five (5) business days
from the date of the request to the requesting Party or a detailed written explanation of
why the requested logs cannot be produced.
11.4 Retention of Audit Logs The Parties shall retain audit logs in accordance with any and
all requirements set forth in Applicable Laws and Standards1, including but not limited
to the requirements under the Health Insurance Portability and Accountability Act of
1996, Public Law 104-191, and regulations at 45 CFR Part 160, Part 162, and Part 164,
the Michigan Public Health Code, MCL 333.1101 et seq., the Data Sharing Agreement,
and as otherwise necessary to comply with this Use Case.
12.
12.1
RESPONSIBILITIES OF THE PARTIES.
Participating Organization Responsibilities.
12.1.1 Participating Organization(s) shall use the HIN approved Access Methods of
accessing the Directory as described in Section 7.
12.1.2 Participating Organization(s) are responsible for verifying the accuracy of
Directory data prior to using it for treatment, payment or operational needs, in
particular those where Protected Health Information (PHI) is being
communicated.
1
“Applicable Laws and Standards” is a defined term in the QDSOA, VQDSOA, CQDSOA, SSOA and SSSOA.
Page | 6 of 9
12.1.3 Participating Organization(s) are responsible for the security and protection of
Directory data.
12.1.4 Participating Organizations are responsible for providing contact information to
HIN prior to using the Directory, for the purpose of receiving information
pertaining to maintenance schedules, unplanned downtime event notifications,
and other communications necessary for administrative, operational and
maintenance activities.
12.1.5 Participating Organizations are responsible for the use of the Directory API’s and
any issues resulting from using them with their own software applications or
within their instance of commercial software.
12.1.6 If Participating Organization(s) experience difficulties accessing or otherwise
using the Directory Basic Query web-based user interface or API’s, they will
notify HIN immediately so that the issue may be resolved as soon as possible.
12.1.7 Participating Organization(s) shall not intentionally send queries requiring
significant amounts of network or system resources, and, if they discover that
such a request has been submitted, shall halt the request and notify HIN of the
occurrence. Participating Organization will work with HIN to identify the issue.
Participating Organization will also communicate to HIN whether the issue
requires code changes to the Participating Organization software and, if so,
provide a schedule for correcting the issue. If the issue is with the web-based UI,
HIN will provide a schedule for correcting the issue.
11.5
HIN Responsibilities
11.5.2 HIN shall be responsible for protecting the Directory data.
12.3.1 HIN shall receive and process Participating Organization supplied updates to
the Directory on an ongoing, scheduled basis, so as to keep the data as
current as possible, given the supplied updates.
12.3.2 HIN will monitor the network, application and system resources associated
with the Directory.
12.3.3 HIN will notify Participating Organization of scheduled maintenance
windows, including dates, start and end times associated with expected
downtime.
12.3.4 HIN may terminate any query, regardless of access method, if it causes
degradation or interruption of the Directory service. HIN will notify
Participating Organization(s) if a query submitted by them or their
participants has caused system degradation or interruption to the Directory
services.
Page | 7 of 9
12.3.5 HIN will notify Participating Organization(s) if there is an unscheduled
interruption to the Directory service, and keep them informed of the
estimated amount of time it will take to bring the service back on-line. HIN
will notify the Participating Organization(s) when the service has been
restored.
13
OTHER TERMS.
13.3 Data Format, Validation and Transmission Specifications.
13.3.1 Data Format
13.3.1.1 The specifications for the query access are set forth on the HIN
website.
13.3.2 Transmission
13.3.2.1 The specifications for the HIN approved secure transport methods
are set forth on the HIN website.
13.3.3 Disclaimers
13.3.3.1 Limitations of Data HIN will use reasonable care to collect and
load Directory data as it becomes available from Participating
Organization(s). HIN, however, does not warrant the accuracy of the data
for any given purpose. Participating Organization(s) shall consider the data
informational, and shall verify the accuracy of the data prior to using it for
any purpose, including the use of the data associated with the transfer,
communication or documentation of health information, including but not
limited to Protected Health Information (PHI).
13.4 Information for Trial Implementation and Pilots
13.4.1
All additional terms and limitations pertaining to Pilots undertaken
for this Use Case shall be specified as Exhibits, which amend this Use Case
between the Parties upon mutual written agreement to the Pilot terms in any
such Exhibit(s).
[Signature Page Follows]
Page | 8 of 9
IN WITNESS WHEREOF, the undersigned have caused this Use Case to be accepted by their
duly authorized representatives effective on the date written below, whichever is later.
MICHIGAN HEALTH INFORMATION
NETWORK SHARED SERVICES
PARTICIPATING ORGANIZATION
Organization Name
By:
By:
Name:
Name:
Title:
Title:
Date:
Date:
Page | 9 of 9
Related documents
reading
reading
LCS District Parent Involvement Policy
LCS District Parent Involvement Policy
Construction Check List for The Preserve, Delwood Point, and
Construction Check List for The Preserve, Delwood Point, and
MIHIN Generic Use Case 9116922_1 v7 03-11-14
MIHIN Generic Use Case 9116922_1 v7 03-11-14
Faculty Directory Information Form
Faculty Directory Information Form
Data Classification Examples
Data Classification Examples
Download
advertisement