A consumer health application is an electronic solution that enables the consumer to collect, retrieve, manage, use and share personal information and other health-related data. A consumer health application could include solutions commonly described as personal health records (PHR), patient portals, telehealth and telehomecare (Remote Patient Monitoring), and could be used in mental health, chronic disease management, long-term care, etc.
If connected to a consumer health platform, the consumer health application provides access to the services provided by the platform and the personal information stored on the platform.
The Infoway pre-implementation certification evaluates and assesses consumer health applications offered as a hosted service and/or as a product deployed at client sites.
There are two categories of consumer health applications:
Category 1: Dependent Consumer Health Application A Consumer Health Application that is strictly dependent on an Infoway-certified Consumer Health Platform or Infoway-certified Clinical Information System to provide an operational environment with privacy and security controls.
Category 2: Independent Consumer Health Application A free-standing or independent Consumer Health Application that includes integral privacy, security and user identification functionality.
The 2017 Edition certification requirements are focused on four areas:
Privacy requirements (mandatory) are based on Infoway's Privacy and Security Conceptual Architecture, Government of Canada’s Personal Information protection and Electronic Documents Act; the Canadian Standards Association model code for the protection of personal information (CAN-CSA-Q830-03) as well as ISO 29100:2011 – Information technology – Security techniques – Privacy Framework.
Security requirements (mandatory) are based on Infoway's Privacy and Security Conceptual Architecture as well as the International Organization for Standardization's (ISO) codes of practice for health information system security management (ISO 27799, ISO 17799, ISO 27001, ISO 27002, ISO 27005, ISO 27018, ISO 27789).
Management Control requirements (mandatory for hosted services) are based on the Canadian Standards Association’s Risk management: Guideline for Decision Makers – CAN-CSA-Q850-97, the Information Systems Audit and Control Association’s Control Objectives for Information and Related technology (COBIT) as well as the Information Technology Infrastructure Library (ITIL).
Interoperability requirements (optional), which apply to a consumer health application and are driven by the ability of the application to conduct transactions with other information solutions.