Health Provider Directory Advanced query and data extract
use case agreement
Use Case Category = Health Provider Directory
Use Case Prerequisites = None
Approved Date: 05/21/13
Updates to HPD Request Form
Transfer to new legal template
Incorporated feedback from HIN HPD Team
Incorporated additional feedback from HIN HPD Team
Eliminated Draft labels for clear line copy
Added approved date
Intro, 11.4 footnote
Updated definition of participating organization, added HIPAA language
This Use Case Agreement (“Use Case”) is one of several Use Cases and is effective and binding upon the undersigned Participating Organization (“Participating Organization”), and subject to the Qualified Data Sharing Organization Agreement /Virtual Qualified Data Sharing Organization Agreement/Consumer Qualified Data Sharing Agreement/Sponsored Shared Organization Agreement/State Sponsored Sharing Organization Agreement/(the “Agreement”) between the Participating Organization and the Michigan Health Information Network Shared Services (“HIN”), as of the last date in the signature block hereto. HIN and Participating Organization are referred to herein collectively as “Parties” and individually as a “Party.”
As background, the Health Provider Directory (HPD) Basic Query Service goals are: a) to provide tools for Participant Organizations to have real-time access to Health Professional and Electronic Service Information for the purpose of fulfilling treatment, payment or operational functions as defined in the HIPAA Privacy Rule, and b) to enable Participating Organizations and authorized Health Professionals to securely exchange healthcare information.
The goal of the Health Provider Directory (HPD) Advanced Query and Data Extract service is for HIN to offer, on a limited, preapproved basis, tools for Participating Organizations and their participants that permit query access to and data storage of the data within the Directory beyond that which is permitted with the Basic Query service. The Directory Advanced Query access includes permissions to see additional data elements that are not part of the Basic Query service, enables extensive query capability, data retrieval of multiple records from the Directory, and allows Participating Organizations to store the results for analysis internal to their organization.
This Health Provider Directory (HPD) Advanced Query and Data Extract Use Case Agreement documents; a) the process for requesting Advanced Query access to the Directory, b) the supported types of database access, data results, data storage and data use and c) defines organizational roles and responsibilities for HIN and Participating Organizations as they pertain to advanced queries, data extracts and use of the Directory data.
Use Case Diagram.
Web User Interface based Query
Application Programming Interface (API) based Query
Advanced Query Application Programming Interfaces are API’s written by HIN for use by Participating Organizations who have requested and have been approved for Advanced Query Access, which provides the capability to access Directory data elements that are not part of the standard, Basic Query Directory access.
Affiliation means the relationship between a Person Record and an Organization Record or between two Organization Records.
Affiliation Type means the type of relationship or Affiliation between a Person Record and an Organization Record or between two Organization Records. For example employed by, admitting privileges, etc.
Application programming interface (API) is a protocol intended for use as an interface by software components to communicate with each other. An API is a library that may include specification for routines, data structures, object classes, and variables.
Basic Query refers to any one-time query submitted to the Directory for the purpose of obtaining data related to healthcare professional, healthcare organization or Electronic Service Information. Basic Query access is the ‘standard’ access given to the Directory through logging in to the web portal or through the Basic Query API’s.
Data Extract means the process of querying and retrieving data from a database. Data extracts usually contain numerous records, which are then stored in a separate database and used to perform analysis.
Directory Access Methods mean the HIN-developed methods of accessing the Health Provider Directory (HPD): a) a web-based user interface or b) Application Programming Interfaces (API’s).
Directory Advanced Query refers to any query submitted to the Directory through one of the approved Advanced Query Access Methods. Access to the Advanced Query tools, including web-based UI and/or API’s, allow access to more data elements than are permitted through the standard, Basic Query access to the Directory.
Directory Advanced Query Access Methods refer to the Advanced Access Methods (both web-based user interface and API’s) that HIN has specifically developed for those Participating Organizations and/or their participants whose needs for health professional data exceed those offered with the Basic Query Access Methods. Both Advanced Query Access Methods enable extensive query, data retrieval and storage of Directory data for the purpose of analysis by the Participating Organization(s).
Electronic Addressmeans a string that identifies the transport protocol and end point address for communicating electronically with a recipient. A recipient may be a person, organization or other entity that has designated the electronic address as the point at which it will receive electronic messages. Examples of an electronic address are an email address (Direct via SMTP) or URL (SOAP / XDR). Communication with an electronic address may require a digital certificate.
Electronic Service Information (ESI) means all information reasonably necessary to define an electronic destination’s ability to receive and consume a specific type of information (e.g. discharge summary, patient summary, laboratory report, query for patient/provider/healthcare data). The information should include the type of information (e.g. patient summary or query) the destination’s Electronic Address (see definition above), the Messaging Framework supported (e.g. SMTP, HTTP/SOAP), Security information supported or required (e.g. digital certificate) and specific payload definitions (e.g. CCD C32 V2.5). In addition, this information may include labels that help identify the type of recipient (e.g. medical records department).
Health Information Network (HIN) means Michigan Health Information Network (MiHIN) Shared Services.
Health Professional means any person holding a clinical or non-clinical position within or associated with an organization that provides healthcare or healthcare related services. People who contribute to the gathering, recording, processing, analysis or communication of health information. Examples include but are not limited to Physicians, Physician Assistants, Nurse Practitioners, Nurses, Medical Assistants, Home Health Professionals, Administrative Assistants, Receptionists, Clerks, etc.
Health Provider Directory (HPD)(“the Directory”) means the state-wide shared service established by HIN that contains contact information on Health Professionals, Healthcare Organizations, Electronic Addresses and Electronic Service Information, as a resource for authorized users to obtain efficient, accurate and reliable contact information and securely exchange health information.
Information Source means any Participating Organization that provides information that is added to the Directory.
Network Downtime means a Party is unable to transmit and receive data from the Internet for any reason, including but not limited to the failure of network equipment or software, scheduled or unscheduled maintenance, general Internet outages, and events of force majeure.
Organization Record means any record in the Directory that primarily relates to a company or other organization (i.e., not a person).
Participating Organization means an organization that has entered into at least one of: (a) the Qualified Data Sharing Organization Agreement, or (b) the Virtual Qualified Data Sharing Organization Agreement, or (c) the Participant Agreement and which has also entered into this Use Case Agreement with HIN.
Person Record means any record in the Directory that primarily relates to an individual person.
Qualified Data Sharing Organizations (QO) as defined in the Qualified Data Sharing Organization Agreement.
Virtual Qualified Data Sharing Organization (VQO) as defined in the Virtual Qualified Data Sharing Organization Agreement.
Primary Use.HIN will offer tools, including web based UI and API’s, that provide Advanced Query and Data Extract access to the Directory for Participating Organizations who request and are approved for this type of data access, data storage and data use. The Directory Advanced Query access provides a means for those Participating Organizations who wish to a) have access to additional data elements that go beyond those available through the basic Directory portal or API methods and b) have a need to extract, store and analyze Directory data.
Additional Terms. The Participating Organization’s may use the Directory consistent with the terms herein and as otherwise permitted by the Agreement, provided, however, that in no case shall Participating Organization use or share data in a manner inconsistent with this Use Case, as applicable. To the extent there is an express conflict between the terms herein and the Agreement, the Agreement, as applicable, shall prevail.
There will be no fees associated with the Directory Advanced Query Service for the purpose of this Use Case Agreement. Potential fees between HIN and the Participating Organization and associated payment terms may be defined in each Participating Organization’s Statement of Work for this effort.
approved Directory Advanced Query and Data Extract access methods.
HIN will provide the following methods for Participating Organization(s) to perform Advanced Query access to the Directory:
A Web Based User Interface containing predefined search capabilities and associated functionality to query and retrieve Directory data.
Application Programming Interfaces (APIs) which may be used by Participating Organization(s) within their own software applications or their instance of a commercial product to query and retrieve Directory data.
process for requesting Directory advanced query access
Participating Organizations may request Advanced Query access by completing a request form, as provided in Exhibit A.
The specifics of what data elements requesting Participating Organizations are permitted to access will be reviewed on an individual request basis.
Requests will be reviewed and approved (or rejected) by HIN within 30 days.
Upon approval, HIN will create associated logins and/or provide access to the Advanced Query API’s within 15 days, and provide them to the Participating Organization.
Data Use Policies.
Permitted Uses and Limitations on Use
The data provided as a result of querying the Directory is provided to Participating Organization(s) for informational purposes only.
Participating Organization’s and/or their participants who are approved by HIN for Advanced Query access are permitted to retrieve and store data from the Directory for their own internal purposes.
Participating Organization(s) may not sell, share, transfer or assign the data, in full or in part, to outside parties.
Any reliance upon, interpretation of and/or use of the data by Participating Organization(s) is solely and exclusively at the discretion of the Participating Organization.
Participating Organization(s) shall not represent the data in any way other than as expressed in this Use Case Agreement.
The Parties desire that the Directory Advanced Query and Data Extract Services meet the service levels as set forth below:
Availability The Parties desire that the Directory be available and accessible on-demand 24x7x365, excluding regular scheduled maintenance windows or other unforeseeable events, either thru the web-based UI or thru the Advanced Query API’s pursuant to “Attachment D - Service Levels of HIN HIE Platform” in the Agreements.
Response Time The data response times from Advanced Query Access Methods will vary, depending upon several factors, including but not limited to the complexity of the query, amount of data being requested, format and efficiency of query (such as whether indexed columns are being utilized) and other factors associated with random queries and resulting data retrieval.
System or Network Downtime Notwithstanding Section 10.1, if the Parties experience a System or Network Downtime event, query processing may error or time-out. If the error(s) occur during submission of a query, HIN will return an error message indicating the type of error. HIN will not store or resolve query requests that occur during system or network outages. Participating Organization(s) may resubmit the query when the issue(s) have been resolved.
Abilities to Audit.
The Parties shall monitor and audit all access to and use of its system related to this Use Case for system administration, security, and other legitimate purposes consistent with each Party’s standard operating procedures, as per the Agreement.
Audit Logs for Directory Advanced Query via Web User Interface
HIN will gather audit data for access to the Directory via the Advanced Query Web User Interface. HIN shall, at a minimum, log the following information: (i) identity (e.g. unique identifier) of individual logged into the system; (ii) date and time of query submission; (iii) content of query submission; and (iv) any Notices, failures, or network events.
Audit Logs for Directory Advanced Query via API’s
Participating Organization(s) shall, at a minimum, log the following information: (i) identity (e.g. unique identifier) of individual logged into the system; (ii) date and time of query submission; (iii) any Notices, failures, or network events that occurred during the query formulation or submission process, and (iv) any other audit data required to ensure successful query development, submission or error tracking.
Except as provided in the foregoing, HIN shall not be obligated to maintain and shall not be responsible for either maintaining records of the content of any query submission between the Parties or inspecting the content of the query results.
Production of Audit Logs Upon a good faith written request by a Party, the non-requesting Party shall produce the requested audit logs within five (5) business days from the date of the request to the requesting Party or a detailed written explanation of why the requested logs cannot be produced.
Retention of Audit Logs The Parties shall retain audit logs in accordance with any and all requirements set forth in Applicable Laws and Standards1, including but not limited to the requirements under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and regulations at 45 CFR Part 160, Part 162, and Part 164, the Michigan Public Health Code, MCL 333.1101 et seq., the Data Sharing Agreement, and as otherwise necessary to comply with this Use Case.
Responsibilities of the Parties.
Participating Organization Responsibilities.
Participating Organization(s) shall use the HIN Approved Access Methods of accessing the Directory as described in Section 7.
Participating Organization(s) are responsible for verifying the accuracy of Directory data prior to using it for treatment, payment or operational needs, in particular those where Protected Health Information (PHI) is being communicated.
Participating Organization(s) are responsible for the security and protection of Directory data.
Participating Organizations are responsible for providing contact information to HIN prior to using the Directory. The contact information will be used by HIN to communicate information pertaining to maintenance schedules, downtime event notifications, and other communication necessary for administrative, operational and maintenance activities.
Participating Organizations are responsible for the use of the Directory API’s and any issues resulting from using them within their own software applications or within their instance of commercial software.
If Participating Organization(s) experience difficulties accessing or otherwise using the Directory Advanced Query web user interface or API’s, they will notify HIN immediately so that the issue may be resolved as soon as possible.
Participating Organization(s) shall not intentionally send queries requiring significant amounts of network or system resources, and, if they discover that such a request has been submitted, shall halt the request and notify HIN of the occurrence. Participating Organization will work with HIN to identify the issue. Participating Organization will also communicate to HIN whether the issue requires code changes to the Participating Organization software and, if so, provide a schedule for correcting the issue. If the issue is with the web-based UI, HIN will provide a schedule for correcting the issue.
HIN shall be responsible for protecting the Directory data.
HIN shall receive and process Participating Organization supplied updates to the Directory on an ongoing, scheduled basis, so as to keep the data as current as possible, given the supplied updates.
HIN will notify Participating Organization of scheduled maintenance windows, including dates and start and end times associated with expected downtime.
HIN will notify Participating Organization(s) if there is an unscheduled interruption to the Directory service, and keep them informed of the estimated amount of time it will take to bring the service back on-line. HIN will notify the Participating Organization(s) when the service has been restored.
HIN may terminate any query, regardless of access method, if it causes degradation or interruption of the Directory service. HIN will notify Participating Organization(s) if a query submitted by them or their participants has caused system degradation or interruption to the Directory services.
Data Format, Validation and Transmission Specifications.
The specifications for the query access shall be set forth on the HIN website.
The specifications for the HIN approved secure transport methods shall be set forth on the HIN website.
Limitations of Data HIN will use reasonable care to collect and load Directory data as it becomes available from Participating Organization(s). HIN, however, does not warrant the accuracy of the data for any given purpose. Participating Organization(s) shall consider the data informational, and shall verify the accuracy of the data prior to using it for any purpose, including the use of the data associated with the transfer, communication or documentation of health information, including but not limited to Protected Health Information (PHI).
Information for Trial Implementation and Pilots
All additional terms and limitations pertaining to Pilots undertaken for this Use Case shall be specified as Exhibits, which amend this Use Case between the Parties upon mutual written agreement to the Pilot terms in any such Exhibit(s).
[Signature Page Follows]
IN WITNESS WHEREOF, the undersigned have caused this Use Case to be accepted by their duly authorized representatives effective on the date written below, whichever is later.
MICHIGAN HEALTH INFORMATION NETWORK SHARED SERVICES
The purpose of this form is for Participating Organization’s to request Advanced Query and Data Extract access to the Health Provider Directory, which go beyond the Basic Query Access (basic query capabilities). Participating Organization’s should complete this form if they require the ability to access additional data types, make queries that return multiple records, and/or store and maintain the query results for the purposes of performing internal analysis or other internal use of the Directory data.
Phone: ____________________________________ Note: It is the responsibility of the Requestor to inform HIN when this advanced query access is no longer required. This includes notifying HIN immediately if any of the users on this request form have a change in employment status (change positions within the organization and no longer need the access, leave the organization, etc.), so that HIN can disable the login in conjunction with the employment status change.
User(s) Requesting HPD Advanced Query and Data Extract Access
(Identify each user who needs HPD Advanced Query logins)
____________________________________________________________________________ Please select the type of Access Method(s) you are requesting: ☐ Web-based User Interface for Advanced Queries
☐ Application Programming Interfaces (API’s) for Advanced Queries
If API’s are used, what system(s) will they be used in? _____________________________
Please check the Health Provider Directory Data Types you are requesting access to: ☐ Organization Records Basic Demographics
☐ Organization Records Advanced Demographics
☐ Person Records Basic Demographics
☐ Person Records Advanced Demographics
☐ Other Information Source’s proprietary identifiers
☐ Affiliations (Persons to Organizations)
1 “Applicable Laws and Standards” is a defined term in the QDSOA, VQDSOA, CQDSOA, SSOA and SSSOA.