Patient Choice for better Outcomes
As patient information moves from one HIPAA-covered entity's medical records onto a patient's computing device and potentially onto some other HIPAA-covered entity, there needs to be some assurance to the patient that the software apps and services involved in the transfer operate with best practices, to protect the user's information.
Users want to be assured that they can recover access to sites that hold their most private information.
Trust Registry for Patient Choice
The Trust Registry:
- Exposes all certified entities with an API that allows the user access to each conformant web site. See the IDEF registry as JSON blob
- Helps the user understand their choices and lead them to source of a personal identifier.
- Helps the user find any and all sources of Patient Health Information by finding their Medical Record Locators
Web App for Patient Choice
- A Web App (aka Progressive Web App or PWA) is simply a web site that can install a service worker on the smartphone with a cache of common resources to improve performance both on and off-line.
- This Trust Registry site can be installed on the user's mobile computing device with the Add to Home Screen feature of the browser.
- Visit the Proposed Health Care Solution, a demonstration of the IDEF Health Care Profile.
Native App for Patient Control
- A Native app has more control of the data stored on the user's device and can create a secure authentication protocol with any Identifier chosen by the user.
- A Native app has control over the keystore which is able to maintain the keying material in the secure enclave, or Trusted Execution Environment of the computing device.
- The Kantara Trust Framework: Identity Assurance for US Healthcare consists of comments prepared for the ONC call for input. It also lists out the Healthcare Identity principles.
- Those comments make clear that there is no meaningful Patient Choice if the patient app is not trustworthy!