This page is part of the PACIO Advance Directive Information Implementation Guide (v0.1.0: STU 1 Ballot 1) based on FHIR R4. . For a full list of available versions, see the Directory of published versions
Advance Directive Interoperability (ADI) involves communication of advance directive information across multiple parties including who the information is about, their healthcare agents and identified advisors, and care providers. The author, who is also the person the information is about, needs access to create, modify, remove, and share this information either directly or through an authorized third party. Users of this information are the appointed healthcare agents or advisors, care providers in emergency, intensive, or critical care environments, or others providing longer term care in a skilled nursing or other similar facility.
Advance directive information contains patient specific information, which means that it needs to be protected with proper security and privacy protections to avoid malicious or unintentional exposure of such information. All Advance Directive Interoperability exchanges must be appropriately secured in transit and access limited only to authorized individuals.
The ADI IG focuses on providing a structure to share data and information. Policy, legal, and regulatory differences across states and local areas may impact the workflow and requirements associated with Advance Directives Information. Implementors should review the current context for where this IG is expected to be used to ensure those requirements are met.
All implementers of the Advance Directive Interoperability Implementation Guide (IG) SHOULD follow the FHIR Security guidance, Security and Privacy Module, and the FHIR Implementer’s Safety Checklist guidance as defined in the FHIR standard where applicable and not otherwise superseded by this Section of the ADI IG.
For the purposes of Advance Directive Interoperability, additional security conformance requirements are as follows:
scopes_supported
property.launch-ehr
: support for SMART’s EHR Launch modelaunch-standalone
: support for SMART’s Standalone Launch modeclient-public
: support for SMART’s public client profile (no client authentication)client-confidential-symmetric
: support for SMART’s confidential client profile (symmetric client secret authentication)sso-openid-connect
: support for SMART’s OpenID Connect profilecontext-banner
: support for “need patient banner” launch context (conveyed via need_patient_banner token parameter)context-style
: support for “SMART style URL” launch context (conveyed via smart_style_url token parameter)launch-ehr
is supported
context-ehr-patient
: support for patient-level launch context (requested by launch/patient scope, conveyed via patient token parameter)context-ehr-encounter
: support for encounter-level launch context (requested by launch/encounter scope, conveyed via encounter token parameter)context-standalone-patient
: support for patient-level launch context (requested by launch/patient scope, conveyed via patient token parameter)context-standalone-encounter
: support for encounter-level launch context (requested by launch/encounter scope, conveyed via encounter tokenpermission-offline
: support for refresh tokens (requested by offline_access
scope)For the purposes of Advance Directive Interoperability, privacy conformance requirements are as follows: