Healthcare Exchange Standards

Discussions of Interoperability Exchange, Privacy, and Security in Healthcare by John Moehrke - CyberPrivacy. Topics: Health Information Exchange, Document Exchange XDS/XCA/MHD, mHealth, Meaningful Use, Direct, Patient Identity, Provider Directories, FHIR, Consent, Access Control, Audit Control, Accounting of Disclosures, Identity, Authorization, Authentication, Encryption, Digital Signatures, Transport/Media Security, De-Identification, Pseudonymization, Anonymization, and AI Transparency.

Thursday, August 21, 2025

Standards Development Contracts

The medium sized contracts that I envision would be where I help an organization develop a standard or defend their position within a standard development project. Where a "standard development" effort is not limited to core standards like FHIR, CDA, or HL7; but inclusive of international Implementation Guides (what IHE calls a Profile, or HL7 calls accelerators), or regional Implementation Guides.

I have even used the Implementation Guide tooling to produce a private publication (for the VA - MyHealtheVet) that defines how existing data would map to FHIR Resources and be aligned with us-core. I use this tooling in my own experiments as it is a quick way to get a publication that is easy to author and edit over time.

Leading a standard project takes a good bit of negotiations and consensus building. These are skills that I have been working over the past 25 years (actually more, as I also did this in the internet standards world in the 80s and 90s with TCP/IP, NFS, Telnet, FTP, and a few others that many people today don't remember are foundations of the internet.)

Defending an organizations position is similar but very different. It involves discovering the potential problems and crafting a solution that the author and contributors find as understandable and worthy of addressing. Sometimes this effort is simply helping by providing examples of good and bad outcomes; such as working examples.

Along with this is providing tooling to support internal testing, simulation, and demonstration.

Developing Standards is the best way to develop a market for your product to further enhance. Standards are not a threat to a product unless that product is not truly adding value. By defining standards, one moves the opportunity for improvement up into the application layer.

Organizations, which might be provider or payer organizations, or might be regional organizations, often need to refine a standard to make it more clear for their region, and thus make testing and dispute resolution more effective.

I am well-seasoned to be able to help you with this effort. These projects might be medium, but they might also be small or large. The size is more defined by the outcome needed. Contact me at Moehrke Research.

Small contracts are also encouraged

Tuesday, August 19, 2025

Small contracts

Over the past few years, I have taken on small contracts. These would be a few hours and be focused on delivering a training session or two. These were never big enough projects for my employer at the time, so they allowed me to take these on "the side". I would tend to work these in the evenings and weekends so as to not interfere with my day job at the time.

Now that I am looking for contracts, these small contracts are something I am looking forward to. There is not much fuss in getting them going, and they are a great way for me to interact with groups of people just getting going in Interoperability or Healthcare Informatics.

Training in Healthcare Privacy and Security

The subject matter that I am known for is teaching FHIR Privacy and Security topics. I have presented a HL7 Tutorial on "FHIR Privacy and Security" many times. I am not limited to giving this tutorial at HL7. HL7 has a recording from a few years ago that is freely available through HL7 sponsored by ONC (now ASTP). If you just want to listen to the recording, then the HL7 recorded tutorial is good enough. But if you have specific use-case that you want me to focus on and have discussion, design, and policy writing; then this might be a good small contract to start with me.

I can also handle going deeper on each of the topics within the tutorial. I have had to make the 3-hour tutorial very high level. Which is a good level for many people, but does not satisfy someone who is focusing on a given topic:

Access Control - considering Privacy Consent
Access Control - considering Break-Glass
Audit Logging - to detect intrusion and investigate
Audit Logging - to inform an Accounting of Disclosures or Access Log to a Patient
Digital Signatures
Document Encryption
Consent encoding in FHIR and management over time
Data Sensitivity Tagging methodologies and architectures
De-Identification / Pseudonymization / Anonymization
Provenance

Training in Healthcare Infrastructure -- Implementation Guides

IHE IT Infrastructure Profiles

XDS / XCA / XCPD -- Document Sharing
MHD / MHDS / PDQm / PMIR
mXDE -- decomposing Documents into FHIR Resources with Provenance
Basic Audit Log Patterns (BALP)
Privacy Consent on FHIR (PCF)
Digital Signatures (DSG)

FHIR International Patient Summary (IPS)
FHIR International Patient Access (IPA)
FHIR Data Segmentation for Privacy (DS4P)
FHIR Consent
FHIR AuditEvent
FHIR Provenance
FHIR Signature

Contact me at Moehrke Research.

Copyright and Trademark

HL7®, HEALTH LEVEL SEVEN®, CARE CONNECTED BY HL7®, CCD®, CDA®, FHIR®, and GREENCDA™ are trademarks owned by Health Level Seven International. HL7®, HEALTH LEVEL SEVEN®, CARE CONNECTED BY HL7®, CCD®, CDA®, and FHIR® are registered with the United States Patent and Trademark Office.

Surely there are other copyright and trademarks that I should recognize, but everyone else seems to be reasonable; expecting readers of blogs know that I am not trying to claim or take ownership of their copyright and trademarks.

Pages

Thursday, August 21, 2025

Standards Development Contracts

Tuesday, August 19, 2025

Small contracts

Training in Healthcare Privacy and Security