Bulk Retrieval of Public Health Data
2.0.0-ballot - Informative 2 Ballot United States of America flag

Bulk Retrieval of Public Health Data, published by HL7 International / Public Health. This guide is not an authorized publication; it is the continuous build for version 2.0.0-ballot built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/us-helios-bulk/ and changes regularly. See the Directory of published versions

Policy Considerations

Page standards status: Informative

Most general policy considerations for immunization data exchange also apply to Bulk FHIR queries, such as a focus on interoperability standards, adherence to FHIR standards and profiles, and the use of standard terminology. However, using Bulk FHIR queries for immunization data introduces distinct policy considerations due to the scale, data aggregation, and potential for broader use cases. Key factors to consider include:

  • Informed Consent: Bulk queries may include data from multiple individuals, necessitating clear policies on whether individual consent is required or if aggregate use is permitted under public health exceptions.
  • Scope of Data Access: Bulk FHIR queries access data for multiple patients, which is broader than the data typically shared in individual immunization messages. Policies must clarify whether access is restricted to specific use cases, such as public health reporting or quality improvement.

Patient Identification

  • Patient Matching: The development of policies on how patients will be uniquely identified in bulk queries to ensure the correct matching of immunization records to the right individuals must be developed.
  • Query Approach:: The implications of using demographic query by parameter approaches versus unique identifiers must be considered along with the necessity of existing consent for identification.

Data Privacy and Security

  • Volume of Data: Bulk FHIR queries retrieve large datasets, increasing the risk of exposure in case of data breaches compared to individual immunization messages.
  • Access Control: Organizations must ensure that only authorized entities access bulk data. This may involve role-based access control or additional permissions.
  • Need for De-identification: For bulk queries, especially for research or population health, policies may require data de-identification or anonymization, unlike individual messaging, which typically uses identifiable data.
  • Compliance Standards: Bulk queries must meet stringent compliance standards specific to the entity sending the query, ensuring adherence to regulations such as HIPAA (Health Insurance Portability and Accountability Act), FERPA (Family Educational Rights and Privacy Act) in the U.S., or GDPR (General Data Protection Regulation) in the EU, particularly regarding patient consent and data sharing.
  • Public Health Statutes and Reporting: Policies may permit or restrict bulk data access for public health purposes, requiring clear boundaries between permissible and impermissible uses. Variations in laws can complicate compliance, especially when dealing with data across jurisdictions with differing data exchange regulations.
  • Data Retention: Data retention policies may differ for regular immunization messaging and bulk queries.

Technical Infrastructure and Interoperability

  • Performance Impacts: Bulk queries may demand significant resources from FHIR servers. Policies might need to address rate limiting or scheduling to prevent disruption of other production services. Draft guidelines for handling large data sets effectively, including limits on the size and frequency of bulk queries to avoid system overload or performance issues. Consider policies for prioritization of queries based on urgency or public health needs.
  • Data Quality: Bulk queries might highlight discrepancies or gaps in data (e.g., missing immunization records), or might inadvertently propagate problematic data, requiring processes for reconciling such issues.

Data Usage and Secondary Analysis

  • Purpose Limitation: Bulk FHIR data might be repurposed for analytics or research. Policies must ensure alignment with the original purpose of data collection and impose restrictions on secondary uses.
  • Equity in Data Use: Bulk data could disproportionately benefit well-resourced organizations, policies should address equitable access to aggregated immunization data for public health benefit.

Governance and Oversight

  • Auditing: Policies for Bulk FHIR queries may require enhanced auditing to track who accessed data, when, and for what purpose (purpose in particular may be challenging to ascertain through bulk queries).
  • Partner Engagement: Public trust is critical; governance frameworks might need to include a broad set of community stakeholders when creating policies for bulk data use.

Integration and Harmonization of Data Sets

  • Consistent Interoperability Challenges: Bulk FHIR queries could change the cadence of immunization exchange across partners within the health ecosystem (IIS, EHRs, HIEs, etc.), necessitating policies for harmonizing these datasets and avoiding data gaps or duplication.
  • Updates and Synchronization: Policies should address how frequently bulk data can be queried and how updates to immunization records are synchronized.

In summary, while there are no absolute barriers to considering Bulk FHIR query use cases, this alternative method of data exchange requires comprehensive policies that account for increased data volume, broader access implications, and the potential for secondary uses beyond individual immunization messaging.