Technology side has roughly two parts:
- interoperable format
- patient consent
As I read it (maybe looking too much into the social media drivers behind GDPR), its the patient who has to be able to move the data (not the organisation) between CareProviders and systems.
I’m hoping the interoperable format is a quick win, we are in some ways ‘green field’ organisation and can move directly to XML/JSON based solutions (That includes mix of structured data and pdf - we have basis for this in CareConnectAPI which covers majority of CareSectors).
Consent, maybe not but I’d suggest looking at how PHR and personnel health devices work with OAuth2 consents as a way forward. [Obvious candidate from FHIR perspective being SMART-on-FHIR]. As a Patient I’m not as precious over my health data (as a 40+ mamil my health data is shared daily) but I would like to be able to consent (electronically, NOT ON PAPER and not let a System or Organisation do it for me unless clinically necessary) and be able to view who has accessed my record.