(g)(7) Application access — patient selection Topics

Get Started. It's Free
or sign up with your email address
(g)(7) Application access — patient selection Topics by Mind Map: (g)(7) Application access — patient selection Topics

1. Proctor Sheet: Requirements - Attestation

1.1. g.7.0: Attestation Procedure

1.1.1. 1 Developer completes and submits the Attestation Form within the Drummond Portal to their Account Manager.

1.2. g.7.1: Developer-Supplied Test Client

1.2.1. 1 Using the developer-supplied API test client, Proctor will verify the following minimum requirements during the test event:

1.2.1.1. • Verify the API call being executed (including any messages being sent from the client to the API server) and the results returned from the API server to the API client in raw form (XML, JSON, or other computable format).

1.2.1.2. • Authenticate to the API server using a valid login or other security credential and demonstrate the ability to use a validated security token for the API session for subsequent API calls until the session expires or time out.

1.2.1.3. • Demonstrate the communication security layer being used between the API Client and the API Server.

1.2.1.3.1. Tool: SSL Server Test

1.2.2. Postman - API Test Client

1.2.2.1. Screen1: Response Example

1.3. g.7.2: Application Access Patient Selection

1.3.1. 1 Visual inspection of Test client making API call to get patients match Health IT developer supplied parameter(s).

1.3.2. 2 Visual inspection of API return. Test confirms that:

1.4. g.7.3: API Documentation

1.4.1. 1 Developer provides documentation describing the API, with the intended audience of developers, and includes at a minimum:

1.4.2. 2 Developer supplies the API’s Terms of Use, which needs to include, at a minimum, any associated developer policies and required developer agreements.

1.4.3. 3 Developer verifies API documentation supplied is available via a publicly accessible hyperlink.

1.4.4. 4 Proctor reviews submitted documentation and verifies:

1.4.5. CHPL Examples

1.4.5.1. Product Listing

1.4.5.2. G7 Public Doc

1.5. ONC Criteria and Standards

2. Guidance

2.1. No API standard required, but HL7 FHIR highly encouraged

2.2. Security

2.2.1. Pre-registration of Applications using API allowed, but cautioned

2.2.2. Follow Best Practices

2.2.3. Implement a "Trusted Connection"

2.2.3.1. § 170.210(a)(2): Standards Hub Reference

2.2.3.2. § 170.210(c)(2): Standards Hub Reference

2.2.4. HIPPA Privacy Rule Considerations

2.2.4.1. Final Rule Response

2.3. Public Link to API Documentation

2.4. Developer Demonstrate API Functionality

2.5. Upgrading API After Certification: Condtions:

2.5.1. Notify ONC-ACB of Changes

2.5.2. Keep API Documentaton Up-to-date AfterCertification

2.5.3. Update Transparency/Disclosure Documentation

3. g.7 relationship to g.2

3.1. NONE (See g.9)

4. H.1 Relied Upon Third Party

4.1. EDGE Protocol Interfaces (SMTP, etc)

5. Design / Implementation Considerations (g.7, g.9)