Part 7 – Appendices and References
Chapter 25: References and Reading List
Chapter 25: References and Reading List
Foundational Resources
This chapter provides curated references for standards, regulations, architecture, and best practices to support continued learning.
Standards & Specifications
HL7 & FHIR
Core Specifications:
- HL7 FHIR R4: https://hl7.org/fhir/R4 (current stable version)
- FHIR R5: https://hl7.org/fhir/R5 (latest, preview)
- US Core Implementation Guide: https://www.hl7.org/fhir/us/core (ONC baseline)
- SMART App Launch: http://hl7.org/fhir/smart-app-launch (OAuth for EHR apps)
- Bulk Data Access: http://hl7.org/fhir/uv/bulkdata ($export operation, NDJSON)
- HL7 v2.5.1: https://www.hl7.org/implement/standards/product_brief.cfm?product_id=144 (legacy messaging)
- C-CDA (Consolidated CDA): http://www.hl7.org/implement/standards/product_brief.cfm?product_id=492 (document exchange)
Implementation Guides (IGs):
- CARIN Blue Button: https://build.fhir.org/ig/HL7/carin-bb (payer EOB/claims)
- Da Vinci Project: https://www.hl7.org/about/davinci (payer-provider workflows: prior auth, coverage, quality)
- HL7 Genomics Reporting IG: http://hl7.org/fhir/uv/genomics-reporting
Imaging & Pharmacy
- DICOM Standard: https://www.dicomstandard.org (medical imaging)
- DICOMweb: https://www.dicomstandard.org/using/dicomweb (DICOM over HTTP)
- NCPDP SCRIPT: https://www.ncpdp.org/NCPDP/media/pdf/SCRIPT.pdf (ePrescribing)
Administrative Transactions
- X12 EDI Standards: https://x12.org (270/271=eligibility, 837=claims, 835=remittance, 278=prior auth)
- 270/271 Implementation Guide: Eligibility inquiry/response
- 837 Implementation Guide: Healthcare claims (institutional, professional, dental)
- 835 Implementation Guide: Healthcare claim payment/remittance advice
Terminology
- SNOMED CT: https://www.snomed.org (clinical terminology, 400K+ concepts)
- LOINC: https://loinc.org (lab/clinical observations, 90K+ codes)
- RxNorm: https://www.nlm.nih.gov/research/umls/rxnorm (medications, NLM)
- ICD-10-CM/PCS: https://www.cms.gov/Medicare/Coding/ICD10 (diagnoses/procedures)
- CPT: https://www.ama-assn.org/practice-management/cpt (procedures, AMA)
Regulatory & Guidance
U.S. Federal
HIPAA/HITECH:
- HHS HIPAA Portal: https://www.hhs.gov/hipaa (Privacy, Security, Breach rules)
- OCR Guidance: https://www.hhs.gov/ocr/privacy (enforcement, audit protocols)
- Security Risk Assessment: https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool (SRA Tool)
21st Century Cures Act:
- ONC Cures Act Final Rule: https://www.healthit.gov/curesrule (patient access, information blocking)
- USCDI (U.S. Core Data for Interoperability): https://www.healthit.gov/isa/united-states-core-data-interoperability-uscdi (data classes)
- Information Blocking Exceptions: https://www.healthit.gov/topic/information-blocking
CMS Interoperability:
- CMS Interoperability Final Rule: https://www.cms.gov/Regulations-and-Guidance/Guidance/Interoperability
- Patient Access API (FHIR): https://www.cms.gov/files/document/patient-access-api-certification.pdf
TEFCA:
- TEFCA Overview: https://www.healthit.gov/topic/interoperability/policy/trusted-exchange-framework-and-common-agreement-tefca
- QHIN Designation: https://rce.sequoiaproject.org/tefca
FDA (Medical Devices):
- SaMD Guidance: https://www.fda.gov/medical-devices/digital-health-center-excellence/software-medical-device-samd
- 21 CFR Part 11: https://www.fda.gov/regulatory-information/search-fda-guidance-documents/part-11-electronic-records-electronic-signatures-scope-and-application
- 21 CFR Part 820: https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=820 (Quality System Regulation)
- Cybersecurity Premarket Guidance: https://www.fda.gov/regulatory-information/search-fda-guidance-documents/cybersecurity-medical-devices-quality-system-considerations-and-content-premarket-submissions
Canadian
- PIPEDA (Personal Information Protection and Electronic Documents Act): https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda
- PHIPA (Ontario): https://www.ontario.ca/laws/statute/04p03
- HIA (Alberta Health Information Act): https://www.alberta.ca/health-information-act.aspx
- Health Canada - Digital Health: https://www.canada.ca/en/health-canada/services/drugs-health-products/medical-devices/activities/digital-health.html
- Pan-Canadian Interoperability Roadmap: https://www.infoway-inforoute.ca
Architecture & Best Practices
Security Frameworks
- NIST Cybersecurity Framework: https://www.nist.gov/cyberframework (identify, protect, detect, respond, recover)
- NIST 800-53 (Security Controls): https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
- HITRUST CSF: https://hitrustalliance.net/hitrust-csf (healthcare security framework)
- ISO 27001 (ISMS): https://www.iso.org/isoiec-27001-information-security.html
- ISO 27701 (Privacy): https://www.iso.org/standard/71670.html (GDPR alignment)
Cloud Architecture
- AWS Well-Architected Framework (Healthcare Lens): https://docs.aws.amazon.com/wellarchitected/latest/healthcare-industry-lens
- Azure Cloud Adoption Framework for Healthcare: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/industry/healthcare
- Google Cloud Healthcare Architecture: https://cloud.google.com/architecture/healthcare-life-sciences
Data Governance
- DAMA-DMBOK (Data Management Body of Knowledge): Data governance frameworks
- FAIR Data Principles: https://www.go-fair.org/fair-principles (Findable, Accessible, Interoperable, Reusable)
- Apache Atlas: https://atlas.apache.org (data lineage, catalog)
Books & Research
Healthcare Informatics
- "Health Informatics: Practical Guide" by William Hersh (foundational textbook)
- "Healthcare Information Technology Exam Guide for CAHIMS and CPHIMS Certifications" by Brian Gugerty
- "Interoperability in Healthcare" by John D. Halamka (FHIR, HIE strategies)
Population Health & Outcomes
- "Population Health: Creating a Culture of Wellness" by David Nash
- "Measuring Health Care" by Lisa Iezzoni (outcomes measurement)
AI/ML in Healthcare
- "Deep Medicine" by Eric Topol (AI applications, ethics)
- "The AI Revolution in Medicine" by Peter Lee, Carey Goldberg, Isaac Kohane (GPT-3 in clinical care)
- "Fairness and Machine Learning" by Solon Barocas, Moritz Hardt, Arvind Narayanan (bias, fairness in ML)
Industry Reports
- HIMSS Analytics Reports: https://www.himss.org/resources/himss-analytics (EHR adoption, trends)
- KLAS Research: https://klasresearch.com (vendor performance, customer satisfaction)
- Gartner Healthcare Provider IT: https://www.gartner.com/en/industries/healthcare-providers
Professional Organizations & Conferences
- HIMSS (Healthcare Information and Management Systems Society): https://www.himss.org (annual conference, chapters)
- CHIME (College of Healthcare Information Management Executives): https://chimecentral.org (CIO peer network)
- AMIA (American Medical Informatics Association): https://www.amia.org (clinical informatics)
- HL7 International: https://www.hl7.org (standards development, working groups)
Tips for Use
Always Verify Current Versions
- Standards: FHIR R4 → R5 transition, HL7 v2 versions (2.3, 2.5.1, 2.7)
- Regulations: ONC, CMS rules updated annually (track via Federal Register)
- Regional Variants: Canadian provincial laws vary (Ontario PHIPA ≠ Alberta HIA)
Align References with Compliance Scope
- U.S. Projects: HIPAA, 21st Century Cures, USCDI
- Canadian Projects: PIPEDA, provincial laws, Infoway standards
- Multi-National: GDPR (if EU data), ISO 27001/27701 for global alignment
Stay Current
- Subscribe: ONC/CMS email lists, HL7 ballots, HIMSS newsletters
- Community: HL7 FHIR Zulip chat, Sequoia Project (TEFCA), CHIME forums
- Conferences: HIMSS (annual), HL7 Working Group Meetings (quarterly)
Conclusion
This reading list provides foundational and advanced resources for healthcare IT. Prioritize standards (FHIR, HL7 v2), regulations (HIPAA, 21st Century Cures), and architecture frameworks (NIST, HITRUST) based on project scope.
Key Resources:
- Standards: HL7 FHIR R4, US Core IG, SMART App Launch, DICOM, X12 EDI
- Regulations: HIPAA (HHS), 21st Century Cures (ONC), CMS Interoperability, TEFCA
- Security: NIST CSF, HITRUST CSF, ISO 27001/27701
- Cloud: AWS/Azure/GCP healthcare architecture frameworks
- Community: HIMSS, CHIME, HL7 International, AMIA
Stay current, verify versions, and align references with your compliance scope and customer requirements.
End of Book.