AS3_BUC1

Submitted by sfranconi on Tue, 08/20/2024 - 15:58

1. User Authentication: 

  • Citizens connect to the mobile application using a combination of credentials such as username and password or biometric data (e.g., fingerprint, facial recognition). 

 

2. IPS or ePS Sharing Functionality: 

  • Within the application, the "xShare Yellow Button" serves as the mechanism for initiating the sharing of the patient summary. 
  • Citizens can customise their sharing preferences in the app’s preferences page, including: 
    • Expiration Time: Setting a validity period after which the shared IPS link becomes inactive. 
    • One-Time Password (OTP): An added layer of security requiring the healthcare provider to enter an OTP to access the shared IPS. 
    • Selective Sharing: Choosing specific sections of the patient summary to share, depending on the citizen’s privacy preferences. 
    • Snapshot and Up-to-date Data: Deciding whether to share a static snapshot of the IPS at the current moment or provide access to up-to-date data. 
    • FHIR or CDA: For the Pilot purposes we’ll give the choice from the app to select the type of patient summary to be displayed and shared. 

 

3. QR Code Generation and Sharing Options: 

  • Upon confirming their preferences and pressing the yellow button, the app generates a secure link to the Electronic Health Record (EHR) viewer, presented as a QR code. 
  • Citizens have multiple options for sharing this QR code, including displaying it for camera scans or sending it via email to the healthcare provider. 

 

4. Healthcare Provider Access: 

  • The healthcare provider receives the QR code and, upon scanning or clicking the link, is redirected to an Electronic Health Record (EHR) viewer. 
  • By submitting the previously set OTP, the healthcare provider's request is validated through the API Gateway. 
  • Upon successful validation, the patient summary document is retrieved from the FHIR/CDA Server, allowing the healthcare provider to review the patient’s medical summary. 
Document Version: 
V1.0
Responsible party: 
Cyprus - NeHA (add contact email address)
Source: 
xShare
As-Is Situation: 

Project Overview: 

The project focuses on developing a mobile application designed to provide citizens with access to their International Patient Summary (IPS) and the European Patient Summary (ePS). This initiative aims to enhance healthcare delivery and patient access to medical information, ensuring that critical health data is easily accessible and securely managed. 

 

Development Status: 

The mobile application is currently under development, with core functionalities being implemented to enable the display and management of the IPS and the ePS for users. The application is designed to be user-friendly, ensuring that citizens can easily navigate and access their health summaries without technical difficulties. 

Currently available products/services and its vendors: 
NCP – National Contact Point managed by National eHealth Authority (HL7 CDA).
eHealth4U – Proposed solution for national EHR managed by University of Cyprus (HL7 FHIR).
Which health-related standard does your organisation uses and its alignment to the EEHRxF?: 
HL7 FHIR and HL7 CDA.
Actors/Users and their Roles: 

Citizen 

Sharing user (IPS + ePS). 

Healthcare provider 

Receiving user. 

Mobile Application  

Access and Sharing interface. 

Web Application (EHR) 

IPS and CDA Viewer. 

FHIR Server 

IPS Host. 

NCP 

CDA Host for European Patient Summary. 

API Gateway 

Intermediary Software for User authentication and authorization. 

Serves the requested patient summary (IPS FHIR or ePS CDA). 
User Perspective: 
Enhanced User Control and Customisation: Transitioning from limited control to allowing users to tailor their patient summary sharing preferences, enhancing privacy and personalization.
Improved Security and Privacy: Evolving from existing security concerns to implementing biometric, OTP, and secure QR code sharing, significantly boosting trust and data protection.
Ease of Access and Sharing: Moving from cumbersome sharing processes to a simplified "yellow button" feature, making patient summary sharing straightforward and user-friendly.
Better Healthcare Delivery: Shifting from potential delays in healthcare delivery to ensuring timely access to the patient summary by healthcare providers, leading to improved care and outcomes.
Increased User Empowerment: Progressing from limited user engagement in health management to empowering users with direct control over their health information, encouraging proactive health practices.
System Perspective: 
The integration of the "xShare Yellow Button”, into our existing platforms and systems is envisioned to be seamless and intuitive. The button will be positioned within our application's user interface, ensuring it is easily accessible for users wishing to share their Patient Summary. This integration is designed to work harmoniously with the application's architecture, leveraging the API Gateway for secure data retrieval and sharing processes. When a user opts to share their patient summary by pressing the xShare Yellow Button, the application will communicate with the API Gateway, which in turn interacts with the FHIR Server or the CDA/NCP Server to fetch the required patient summary data. This data is then securely shared according to the user's preferences, including aspects such as expiration time, OTP for access, and specific sections of the IPS to be shared.
Health Information Domain(s) - HIDs: 
Patient summary
Electronic prescription
Electronic dispensiation
Care plan
Scenarios for the xShare Yellow Button: 

HIDs 

xShare Yellow Button basic functionality 

Maturity 

Download 

One-time share 

Linked options 

Start TRL 

End TRL 

Patient summary 

X 

X 

X 

3 

6-7 

Electronic prescription 

X 

X 

X 

1 

4-5 

Electronic dispensation 

X 

X 

X 

1 

4-5 

Medical image  
and image report 

 

 

 

 

 

Laboratory results 

 

 

 

 

 

Discharge report 

 

 

 

 

 

Telemonitoring 

 

 

 

 

 

Care plan 

X 

X 

X 

3 

6-7 
National/regional strategy: 
Cyprus has the eHealth Law from the National eHealth Authority.
Strategy towards EHDS: 
Current eHealth Law to be legally revised to be aligned with the EHDS.
Business Goals/Benefits and KPIs: 

Business Goal: Sharing patient summary data with a click of a button. 

KPIs: 

User Engagement and Adoption 

  • Activation Rate: Percentage of users who use the xShare Yellow Button after registration. 
  • Share Frequency: Average number of times a user shares their patient summary per month. 

 

User Satisfaction 

  • User Satisfaction Score: User satisfaction with the patient summary sharing process, measured through surveys, system usability scale questionnaire, or feedback forms. 
  • Net Promoter Score (NPS): Likelihood of users recommending the application to others, indicating overall satisfaction and the app's value. 

 

Security and Privacy 

  • Unauthorized Access Attempts: Number of detected unauthorized attempts to access shared patient summary data. 
  • Privacy Settings Utilization Rate: Percentage of users customising their privacy settings (e.g., setting expiration times, OTP usage). 

 

Health Outcomes and Utility 

  • Healthcare Provider Engagement: Number of healthcare providers accessing patient summary data shared through the application. 
  • Impact on Healthcare Delivery: Qualitative assessments of how the use of shared patient summary data has influenced healthcare outcomes or decisions. 
Application: 
In the patient summary screen of the Mobile Application.
Data Preconditions: 
IPS data to be hosted in our FHIR server.
European Patient Summary data to be hosted in our NCP server.
System Preconditions: 
xShare Yellow Button technical implementation guidelines.
User Preconditions: 
User patient summary profile to exists, user account in our backend.
Trigger: 
Pressing the xShare Yellow Button.
Challenges/Limitations: 
No offline functionality
Adoption from citizens.
Countries should upload their MVC in OpenNCP (for translations).
Involved stakeholders in the BUC definition: 
Pancyprian medical association.
Pharmaceutical organisations / Pharmacists.
Citizens/patients.
Application of pseudonymisation filters: 
No
Basic Workflow: 

1. User Authentication: 

  • The user opens the mobile application and logs in using their chosen method of authentication (username and password or biometric data). 

 

2. Accessing the patient summary: 

  • Once authenticated, the user navigates to the section of the app where their Patient Summary (IPS or ePS) is displayed. 

 

3. Initiating Share: 

  • The user decides to share their patient summary with a healthcare provider and presses the prominently displayed "xShare Yellow Button" to initiate the sharing process. 

 

4. Customising Sharing Preferences: 

  • The user is presented with options to customise their sharing preferences, including setting an expiration time for the shared link, requiring an OTP for access, selecting specific sections of the patient summary to share, and choosing between a live data link or a snapshot. 

 

5. Generating QR Code/Link: 

  • After confirming their preferences, the application generates a secure link to the patient summary, presented as a QR code or a direct link, depending on the user's choice. 

 

6. Sharing the IPS: 

  • The user chooses to share the QR code or link through their preferred method, such as showing it for a camera scan or sending it via email to the healthcare provider. 

 

7. Healthcare Provider Accesses patient summary: 

  • The healthcare provider receives the QR code or link, scans or clicks it, and is redirected to an EHR viewer where they can access the patient summary. 
  • If required, the healthcare provider enters the OTP provided by the user to gain access to the information. 

 

8. Successful Data Retrieval: 

  • The API Gateway validates the request, and it retrieves the IPS document from the FHIR server, making it available to the healthcare provider for review. 
  • The API Gateway validates the request, and it retrieves the European patient summary document from the NCP Server, making it available to the healthcare provider for review. 

 

9. Healthcare Provider Reviews patient summary: 

  • The healthcare provider reviews the patient's PS, now equipped with the necessary information to provide informed healthcare services or make decisions based on the patient's medical history. 

 

Alternative Workflows: 

1. Authentication Failure 

  • User fails to authenticate: The user enters incorrect login credentials or experiences a failure in biometric authentication. 
  • Alternative Flow: The system prompts the user to retry authentication, offering password recovery options or reattempting biometric authentication. 

 

2. Connectivity Issues 

  • Poor or no internet connection: The user attempts to access or share their patient summary without a stable internet connection. 
  • Alternative Flow: The application displays a message indicating the need for internet access and retries the connection once available. 

 

3. Preferences Customisation Errors 

  • Incomplete preference settings: The user tries to proceed without setting all required sharing preferences. 
  • Alternative Flow: The system prompts the user to complete all necessary preference settings before proceeding. 

 

4. QR Code/Link Generation Failure 

  • System fails to generate QR code/link: Due to a technical glitch, the application cannot generate the shareable QR code or link. 
  • Alternative Flow: The system displays an error message and offers the user the option to retry generating the QR code/link. 

 

5. Sharing Process Interruption 

  • User unable to share QR code/link: The user encounters issues while attempting to share the QR code or link (e.g., email or camera function not working). 
  • Alternative Flow: The application suggests alternative sharing methods or allows the user to save the QR code for later sharing. 

 

6. Healthcare Provider Access Denied 

  • Incorrect OTP or expired link: The healthcare provider enters an incorrect OTP or attempts to access the patient summary through an expired link. 
  • Alternative Flow: The system notifies the provider of the incorrect OTP or expired link and advises contacting the patient for a new link or correct OTP. 

 

7. Data Retrieval Failure 

  • API Gateway - FHIR server – NCP server issues: There are problems retrieving the patient summary due to API Gateway failures or FHIR Server errors or NCP server errors. 
  • Alternative Flow: The application notifies the healthcare provider of the issue and suggests retrying later, while automatically reporting the issue for technical support. 

 

8. User Revokes Access Before Provider Uses Link 

  • User decides to revoke access: After sharing the patient summary link, the user chooses to revoke access before the healthcare provider uses it. 
  • Alternative Flow: The system allows the user to revoke shared access at any time, automatically invalidating the shared link and notifying the healthcare provider if they attempt to access it.