Central Cancer Registry Reporting Content IG, published by HL7 International / Public Health. This guide is not an authorized publication; it is the continuous build for version 2.0.0-ballot built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/fhir-central-cancer-registry-reporting-ig/ and changes regularly. See the Directory of published versions
Page standards status: Informative |
This section defines the specific requirements for systems wishing to conform to actors specified in this Central Cancer Registry Reporting Content IG. The specification focuses on using the eCR Now App (or a vendor developed solutaion) to report cancer data to central cancer registries.
Before reading this formal specification, implementers should first be familiar with these sections of the specification:
This implementation guide uses RFC-2119 terminology to flag statements that have relevance for the evaluation of conformance with the guide:
SHALL indicates requirements that must be met to be conformant with the specification.
SHOULD indicates behaviors that are strongly recommended (and which may result in interoperability issues or sub-optimal behavior if not adhered to), but which do not, for this version of the specification, affect the determination of specification conformance.
MAY describes optional behaviors that are free to consider but where there is no recommendation for or against adoption.
Actors and Systems asserting conformance to this implementation guide have to implement the requirements outlined in the corresponding capability statements. The following definition of MUST SUPPORT is to be used in the implementation of the requirements.
This specification makes significant use of FHIR profiles, search parameter definitions, and terminology artifacts to describe the content to be shared as part of Central Cancer Registry Reporting Content IG workflows. The implementation guide is based on FHIR R4 and profiles are listed for each interaction.
The full set of profiles defined in this implementation guide can be found by following the links on the FHIR Artifacts page.
This IG leverages the following US Core profiles defined by HL7 for sharing non-veterinary EMR individual health data in the U.S. Where US Core profiles exist, this IG either leverages them directly or uses them as a base for any additional constraints needed to support the research use cases.
This IG leverages the mCode FHIR IG for exchanging cancer specific information which includes the following profiles:
Implementers SHOULD use the mCode Disease characterization guidance and mCode Treatment guidance when using the above profiles.
This IG leverages the following profiles from the Cancer Pathology Data Sharing IG for the extraction of Cancer Pathology Reports from the EHR and include them in the Central Cancer Registry Content Bundle.
This IG leverages the ODH FHIR IG for exchanging occupational data for health which includes the following profile:
This IG leverages the Subscriptions Backport IG defined by HL7 Infrastructure WG for automating reporting workflows using subscriptions when desired in implementations.
When utilizing the eCR Now App approach for this use case - this IG leverages the SMART App Launch IG defined by HL7 Infrastructure WG for enabling authentication and authorization between various actors involved in the workflows. This IG leverages Substitutable Medical Applications, Reusable Technologies (SMART) on FHIR Backend Services Authorization requirements.
This section outlines how the SMART on FHIR Backend Services Authorization will be used by this IG.
The system actors namely Data Source, Data Submitter, and the Data Receiver are required to use the SMART on FHIR Backend Services Authorization mechanisms as outlined below for the following interactions:
System actors acting as servers (i.e, Data Source and Data Receiver) SHALL advertise conformance to SMART on FHIR Backend Services by hosting Well-Known Uniform Resource Identifiers (URIs) as defined in the SMART App Launch IG Backend Services specification.
System actors acting as servers (i.e, Data Source and Data Receiver) SHALL include token_endpoint, scopes_supported, token_endpoint_auth_methods_supported and token_endpoint_auth_signing_alg_values_supported as defined in the SMART App Launch IG Backend Services specification.
When System actors act as clients (i.e, Data Submitter), they SHALL share their JSON Web Key Set (JWKS) with the server System actors (i.e, Data Source and Data Receiver) using Uniform Resource Locators (URLs) as defined in the SMART App Launch IG Backend Services specification.
System actors acting as clients SHALL obtain the access token as defined in the SMART App Launch IG Backend Services specification.
For the Central Cancer Registry Reporting (CCRR) use case, Data Sources SHALL support the system/*.read scopes.
The Data Receiver SHALL support the system/.read and system/.write scopes.
The health care organization’s existing processes along with the Data Source’s authorization server SHALL verify any organizational policy requirements (for example, registration of the Data Submitter, authorizing requested scopes, testing and verification of Data Submitter implementation in sandbox environment prior to production) before allowing the Data Submitter to access the data to be included in the CCRR report.
The requirements in this sub-section are only applicable if when the Data Submitter is not packaged as part of the Data Source.
The Data Source SHALL support the creation of Subscriptions for the following named events described at US Public Health Profiles Library IG Trigger Events.
The Data Source SHALL support rest-hook
Subscription channel to notify the Data Submitter.
The Data Source SHALL support Notification Bundles with full resource payload
as outlined in the Backport Subscriptions IG.
For the CCRR IG, the Data Source SHALL include the Encounter resource which was started or closed as part of the Notification Bundle.
The Data Source SHALL support operations and APIs for Subscription, Notification Bundle, Subscription status resources as outlined in the Central Cancer Registry Reporting Data Source Capability Statement.
The requirements in this sub-section are only applicable if the Data Submitter is not packaged, as part of the Data Source.
The Data Submitter SHALL be capable of creating Subscriptions for the encounter-close and encounter-start trigger events.
The Data Submitter SHALL support rest-hook
Subscription channel to receive notifications from the Data Source.
The Data Submitter SHALL support a POST API /receive-notification with a payload of the Subscription Notification Bundle to receive the notifications from the Data Source.
The Data Submitter SHALL ensure no duplicate reports are submitted for the same patient and encounter occurring within a health care organization.
The Data Submitter SHALL be capable of interpreting Central Cancer Registry Reporting PlanDefinition to process the encounter-start and encounter-close trigger events and determine if a CCRR report needs to be generated and submitted.
The Data Submitter SHALL create a CCRR Report following the constraints identified in Central Cancer Registry Reporting Content Bundle.
The Data Submitter SHALL package the CCRR report following the constraints identified in Central Cancer Registry Reporting Bundle.
The Data Submitter SHALL submit the message containing the CCRR Report to the identified endpoint using either FHIR Messaging (/$process-message) endpoint or POST a Bundle using the /Bundle endpoint.
The Data Receiver SHALL support multiple methods to receive data from the Data Submitter as follows
The Data Receiver SHALL implement the $process-message operation on the ROOT URL of the FHIR Server to receive reports from the Data Submitter using the POST operation.
The Data Receiver SHALL implement the /Bundle endpoint to receive Central Cancer Registry Reporting Content Bundle from a Data Submitter.
Upon receipt of the message, the Data Receiver SHALL validate the data before accepting the data for downstream processing.
When there are validation failures, the Data Receiver SHALL return an Operation Outcome response with the details of the validations as part of the POST response.