The alert generator consists of the following modular components
- A data sharing project which configures the subscribers, publisher organisations, a data set, a profile query definition, a schedule and alert recipients
- The information model manager containing the profile query definition which when run would identifies the patients who raise the alert.
- A notification system to send a secure message to the alert recipients containing an encrypted and temporary link to the patient's record
- A 2 factor authentication based alert viewer web application which on receipt of the encrypted link, displays the content of the patient record, limited to the data set.
- An ABAC permissions system indicating whether the alert recipient (as a user) has rights to identify the patient.
Data sharing project
The alert generator functionality is primarily configured as a data sharing project as part of a data sharing agreement with the consent in place to enable the data flow.
The following standard DSP components are configured
- Publisher organisations, those organisations whose records will be used as source for the alert
- Subscriber organisations; those organisations that have permission to access the data for the purposes of this project
- A data set definition, consisting of the entities and fields and filter criteria that when applied to the patient's record would be viewed by the subscriber
- Whether or not personal identifiers would be available. N.B this does NOT mean that identifiers would be routinely used as Role and attribute based access control would be used to determine in addition. Note that if the DSP indicates that identifiers CANNOT be used in the data set then ABAC or RBAC cannot override this.
- The schedule on which the alert query is run
The following extensions are also configured
- Reference to the alerting profile query in the information manager i.e. the query which when run would identify the patients from the source publisher records and the resulting alert message.
- List of recipients and their emails who will receive the alert
The alert definition consists of a patient profile query operating on a cohort of patients.
The profile definition would include the criteria for record entries examined and the alerting function (e.g. summation of scores or ranks or complex scores)
The alert profile definition can be viewed via the link to the information manager.
Notification of alert and review
The overall process can be illustrated as follows:
- The scheduler checks to see if the data sharing project is still active
- The query is run on the record store
- For those patients that have a profile that raises an alert collect the data set
- Store the data set separately to the record store as a secure encrypted file
- Create the notification email and send to recipients
- An interested responder clicks the link in the email and logs on to the application
- The alerting application directs the user to the data set for the patient. Note that no other patient or data set can be selected. It is a single purpose application
- The user may elect to view patient identifiable data
- If they have permission to view then they can view
A responder wishing to view the data must have an account and be authenticated with 2FA.
The responder, as a user in role has a set of roles
If the role enables then to access the data the application proceeds
if the attributes of the user are consistent with accessing patient information then the application can provide patient identifiable information