Implementation Guidance > Consumer Responsibility
Data Consumer Responsibility
Privacy and Security
Prior to implementing the integrations in this implementation guide, an organization shall complete security and privacy risk assessments and implement the recommendations of those assessments. Care should be taken to ensure that the confidentiality and integrity of Personal Health Information in transit and at rest can be maintained at a level that is appropriate.
The information received by adopters when submitting/receiving referrals is considered personal health information within the meaning of PHIPA.
Access to personal health information must be restricted to Health Information Custodian (HIC) or an agent acting on behalf of the HIC and collected, used or disclosed on a need-to-know basis, as specified in data sharing agreements and legislation, including PHIPA. Furthermore, Health Information Custodian (HIC) or an agent acting on behalf of the HIC must consider if personal health information is necessary for the purposes of the eReferral or eConsult. If personal health information is necessary, Health Information Custodian (HIC) or an agent acting on behalf of the HIC must consider how much personal health information is reasonably necessary for the purpose of the eReferral or eConsult. Under PHIPA, Health Information Custodian (HIC) or an agent acting on behalf of the HIC must not collect, use or disclose personal health information if other information will serve the purpose or collect, use or disclose more personal health information that is reasonably necessary to meet the purpose, among other requirements.
As a result, access to the health patient information must be restricted to only appropriately authorized users and used on a need-to-know basis as specified in data-sharing agreements and corresponding legislation.
User Credentials
To support all instances where personal health information is collected used and disclosed, user name or ID mnemonic SHALL be included in each data transfer between the source and target systems for audit and logging purposes and also for the referral messages to identify the user who initiated the request, when that request was initiated by an actual user (as opposed to when performed by a system with no PHI disclosure to an individual user). Refer to the Connectivity section for further details.
System Responsibility for User Authorization, Authentication
A “system” level integration is when a RMS Source representing many users registers with an RMS Target, instead of registering individual users. In this case, the RMS Target grants and restricts access to the RMS Source, and it is not able to identify, authorize or authenticate individual users according to its regular processes. The RMS Target has to trust the identity information provided by the RMS Source.
For this reason, it is the responsibility of the RMS Source to authorize and authenticate its users, and place appropriate user level access controls to ensure it's users access only the appropriate information that the client system has access to.
Furthermore, when submitting a referral from the RMS Source to the RMS Target, the RMS source is responsible for ensuring the accuracy of the identity of the requester specified in the ServiceRequest. Requester identities should be tied to authenticated & authorized user accounts, and never be entered ad-hoc via free text by the user.
Logging
Both the RMS Source and RMS Target MUST log all activity performed via the API. The only exception to this is that PHI from FHIR Utility Servers MUST be cleared shortly after use.
With a “system” level integration, when a client system submits a new service request the client MUST include the requester information in the ServiceRequest resource.
With a “system” level integration, for GET calls to the eReferral server, the client system must log the user initiating each GET call (this information is invisible to the eReferral server).
Message Conformance
The consumer shall implement request messages that are well-formed and conform to this specification.