search

department-of-veterans-affairs / va.gov-team

Public resources for building on and in support of VA.gov. Visit complete Knowledge Hub:
https://depo-platform-documentation.scrollhelp.site/index.html
283 stars 204 forks source link

EPIC | Profile | Appointment Reminder PII/PHI permission for MHV to VA.gov #58797

Open mtcA6 opened 1 year ago

mtcA6 commented 1 year ago

Status

Waiting on VA Profile to build the BE Tables to support this permission

Background

MHV users have an opt in/out process that allows them to decide if they would like to see PII/PHI in their appointment reminders. There's a process flow on the intake side (through Vet Text) that allows them to opt in / grant permission for MHV to send PII/PHI in email appointment reminders

The goal of this ticket is to track all things related to this initiative as we modify the notification settings > "your healthcare" > "appointment reminders" selection in the profile.

Currently users see: image

We'd need to allow them some means to see if they permit the inclusion of PII/PHI in their appointment reminders and to opt in or out of that.

This would be for text and email. A user could opt in to the permission to allow PHI/PII in Text OR Email, BOTH, or Neither.

Important Artifacts

VA Profile Intake Call 6/8/2023

This is exclusive to appointment reminder and is NOT a global option. VA notify is assuming the risk from MHV to send the unencrypted information (text and email are not able to be encrypted) Since these are risky the Veteran has to opt in image VA notify is NOT assuming the risk for RX shipping.

MHV doesn't have the PHI/PII permission tracked VetText does have this tracked for text VA Profile will be the place where we merge the information from MHV and info from VetText Known information will be seeded into VA Profile

Tasks

### Initial discovery
- [x] follow up w VA Profile, VA Notify and MHV? to determine when the fields will be available: [ANS= Sep-Nov 2023](https://dsva.slack.com/archives/C010R6AUPHT/p1686579554677809)
- [x] [slack thread](https://dsva.slack.com/archives/C01K37HRUAH/p1718224154276019) where I submitted the request to CAIA for copy feedback
- [ ] https://github.com/department-of-veterans-affairs/va.gov-team/issues/90594
- [ ] https://github.com/department-of-veterans-affairs/va.gov-team/issues/90595
- [ ] https://github.com/department-of-veterans-affairs/va.gov-team/issues/85845
- [ ] https://github.com/department-of-veterans-affairs/va.gov-team/issues/58378
- [ ] https://github.com/department-of-veterans-affairs/va.gov-team/issues/86208
### Collab Cycle
- [ ] https://github.com/department-of-veterans-affairs/va.gov-team/issues/91788
- [ ] https://github.com/department-of-veterans-affairs/va.gov-team/issues/92020
- [ ] https://github.com/department-of-veterans-affairs/va.gov-team/issues/92376
### build appointment reminder PHI/PII nested checkbox as an experimental design
- [ ] https://github.com/department-of-veterans-affairs/va.gov-team/issues/92656
- [ ] https://github.com/department-of-veterans-affairs/va.gov-team/issues/91755
- [ ] https://github.com/department-of-veterans-affairs/va.gov-team/issues/92642
- [ ] https://github.com/department-of-veterans-affairs/va.gov-team/issues/92643
- [ ] https://github.com/department-of-veterans-affairs/va.gov-team/issues/92644
andaleliz commented 1 year ago

Thanks for writing this up! A few questions

What does "intake" side mean? I'd be curious to see any visuals for how this is currently handled

Totally fine if there aren't answers to these things now, just want to make sure I include this discovery in the estimate if I need to do that.

mtcA6 commented 1 year ago

@andaleliz I'll ask around to see if there are details for the "intake" side. They briefly ran through it.

Right now this ticket is ONLY for the appointments. On the MHV/VA profile call from last week a broader permission was brought up and it's not something from a risk standpoint the various teams were okay with so it should be exclusive to the appointment. But I agree we should consider what it might look like if multiple notification types needed a similar capability (May be using the wrong term here)

See this slack thread for the notification from a Beverly that I believe is from the MHV team advising us they submitted a request to VA notify for this indicator.

andaleliz commented 1 year ago

Estimating at an 8 to account for all the unknowns

mtcA6 commented 1 year ago

@andaleliz brief update on this, more details to come shortly.

you had asked:

Has the MHV team already started working w/ VA profile on adding this to the API?

Ans: They have an intake call w/VA Profile on June 8th

We asked on the call yesterday if it would be for Email, Email and Text and they said each channel would need to have this option/permission added to it

andaleliz commented 1 year ago

Updating assignees since this is an epic ticket

mtcA6 commented 4 months ago

technical recommendations were to implement the permission per channel similar to what's shown below

Image

andaleliz commented 4 months ago

I know I won't be working on this, but fwiw, I think it will be most clear to people if the PII/PHI option is a secondary step or something layered on top of the overall permission. E.g. first they indicate they want to be notified and then we ask if they want to have PII included.

mtcA6 commented 4 months ago

@andaleliz are you thinking in some sort of process/form flow? or how it's designed on the page?

mtcA6 commented 4 months ago

We'll need design help on this and will have to take this to privacy team once content folks weigh in

Health care

Health appointment reminders :black_square_button: Notify me by email

:black_square_button: Include personal health information in unsecure email message

:black_square_button: Notify me by text

:black_square_button: Include personal health information in unsecure text message

content slack thread to discuss this

ACParker89 commented 2 weeks ago

@a6marinos for refinement 10/16