relationship between change type and lifecycle state

Implementers (archive)
1

I think there is some ambiguity around the 'change type' in a
version's audit, and the lifecycle state of the version.

To recap, change type has the following terminology entries
creation
ammendment
modification
synthesis
deleted
attestation
unknown

And lifecycle state can be
complete
incomplete
deleted

Firstly, I think the 'synthesis' and 'unknown' change types aren't
well defined so until they are it might be better if they weren't in
the list of allowable 'change types'.

Secondly, I don't think 'change type' and 'lifecycle state' are
completely orthoganal, so we need to define which lifecycle
states are allowable with each change type.

So
a) can we 'create' a 'deleted' version
b) can a complete version have its 'change type' be deleted?
c) is attestation possible for an incomplete version?
d) is attestation possible for a deleted version? (is this
   attesting to the deletion?)
e) is a lifecycle deletion ever an 'ammendment'

Also, are there any state transitions that are disallowed
i.e. is it possible to go from created/complete to
modification/incomplete?

I don't think the answers to these will be particularly
contentious (e.g. most would think (a) is nonsensical) but I would like it
if we achieved some consensus here and then
documented it (maybe in the spec?)

Andrew

2

Hi Andrew

Good thinking (as usual). I think Synthesis is Merge and might be better called that - ie you have taken some content from one version and some from another, perhaps edited in different locations. I believe we need this.

More thoughts and in line…

Deleted is an interesting one - I think we need a new empty version that is deleted. This allows processing and queries to give the right answer following a path - it is known to be deleted.

I do not think we need attestation as attestations are external - someone technical should provide the answer to this.

Andrew Patterson wrote:

I think there is some ambiguity around the 'change type' in a
version's audit, and the lifecycle state of the version.

To recap, change type has the following terminology entries
creation
ammendment
modification
synthesis
deleted
attestation
unknown

And lifecycle state can be
complete
incomplete
deleted

Firstly, I think the 'synthesis' and 'unknown' change types aren't
well defined so until they are it might be better if they weren't in
the list of allowable 'change types'.

Secondly, I don't think 'change type' and 'lifecycle state' are
completely orthoganal, so we need to define which lifecycle
states are allowable with each change type.

So
a) can we 'create' a 'deleted' version

No in the sense of CHANGE TYPE - see above - when we create a deleted version then the change type is deleted.

b) can a complete version have its 'change type' be deleted?

A version Yes - a versioned_composition No

c) is attestation possible for an incomplete version?

It is - you can attest what you like.

d) is attestation possible for a deleted version? (is this
   attesting to the deletion?)

Yes, yes

e) is a lifecycle deletion ever an 'ammendment'

No

Also, are there any state transitions that are disallowed
i.e. is it possible to go from created/complete to
modification/incomplete?

Yes - it is always possible to leave something incomplete unless it is deleted.

Cheers, Sam

(attachments)

OceanInformaticsl.JPG

3

Andrew Patterson wrote:

I think there is some ambiguity around the 'change type' in a
version's audit, and the lifecycle state of the version.

To recap, change type has the following terminology entries
creation
ammendment
modification
synthesis
deleted
attestation
unknown

And lifecycle state can be
complete
incomplete
deleted

Firstly, I think the 'synthesis' and 'unknown' change types aren't
well defined so until they are it might be better if they weren't in
the list of allowable 'change types'.

Hi Andrew,

the explanation in the spec could be better for “synthesis”, I agree, but the meaning is that the data were created by automatic generation according to some algorithm. This happens when importing data that have little structuring, e.g. no sections, or missing items.

The “unknown” change type exists when none of the other terms will do - since a change type is needed in the audit object. I don’t know of any better solution to this. Putting nothing makes it look like the software might have a bug; putting “unknown” at least means that the change type was considered.

Secondly, I don't think 'change type' and 'lifecycle state' are
completely orthoganal, so we need to define which lifecycle
states are allowable with each change type.

So
a) can we 'create' a 'deleted' version

not sensibly;-)

b) can a complete version have its 'change type' be deleted?

yes - an item in ‘complete’ state, meaning no other info had to be added, can be later logically deleted (perhaps the whole thing was in error, or in the wrong EHR). The audit action needs to record the fact of deletion. The lifecycle state should also be set to ‘deleted’. So there are two things here: the content is logically ‘deleted’, and the action to achieve this was ‘deletion’ (and I notice that code 523 should be ‘deletion’ not ‘deleted’).

c) is attestation possible for an incomplete version?

yes - attestation is possible for anything - it just means that whatever is there (complete, incomplete (or deleted?)) is being attested, i..e signed off, by some user.

d) is attestation possible for a deleted version? (is this
   attesting to the deletion?)

good question - I would say it is possible - e.g. if an appropriate user were to sign off on the fact that material had to be deleted from patient A’s health record because it had been put there in error. IN fact, I would imagine some kind of attestation to deletion would be preferable to having none.

e) is a lifecycle deletion ever an 'ammendment'

I don’t think this could make sense.

Also, are there any state transitions that are disallowed
i.e. is it possible to go from created/complete to
modification/incomplete?

well, the audit change types are not states in a cycle - they merely indicate what kind of change was done in going from the previous version the information to the current version. But there is certainly a (albeit simple) state machine implied in the lifecycle state, which is currently:

(initial) → incomplete → complete
(initial) → complete
incomplete → deleted
complete → deleted

I don’t think this is documented anywhere as such, but it should be. Currently the following text is in the Common IM spec:

6.3 Versioning Semantics
6.3.1 Version Lifecycle
Content in Original versions has a lifecycle state associated with it, modelled using the
ORIGINAL_VERSION.lifecycle_state attribute, which is coded from the openEHR Terminology “version
lifecycle state” group. The possible values are “complete”, “incomplete” and “deleted”. Usually
content will be committed in the “complete” state. However, in some circumstances, e.g. because the
author has run out of time or due to an emergency, it may be committed as “incomplete” meaning that
it is either incomplete or at least unreviewed. In hospitals this is a common occurrence. Unfinished
Compositions cannot be saved locally on the client machine, since this represents a security risk (a
small client-side database would be much easier to hack into than a secure server). They must therefore
be persisted on the server, either in the actual EHR, or in a ‘holding bay’ which was recognised as
not being part of the EHR proper. Either way, the author would have to explicitly retrieve the Composition(
s) and after further work or review, ‘promote’ them into the EHR as ‘active’ Compositions; alternatively,
they might decide to throw them away.

Going from “incomplete” to “complete” almost always corresponds to a change in content, and corresponds
to a new VERSION regardless. This modelling approach allows such content to exist on the
EHR system, but to be flagged as incomplete when viewed by a user.
Systems are responsible for implementing checks to find ‘old’ Versions in “incomplete” state, and
bring them to the relevant user’s notice, or automatically deleting them or progressing them to “complete”
as appropriate.

6.3.2 Logical Deletion
Within the lifecycle described above, deletion of existing top-level content items (i.e. the entire data
contents of a Version) is somewhat of a special case in openEHR and in EHRs in general. Medicolegal
and traceability requirements mean that information cannot be literally removed, since it must
always be possible to revert back to a previous state of the record in which the deleted information is
intact. Accordingly, information can only ever be logically deleted. This is achieved by the following
procedure in the Version container in question:
• create a new Version in the normal way;
• delete its data (which will by default be a copy of the data of the previous Version);
• set the lifecycle_state value to the code for “deleted”
• commit in the normal way.
Logical deletion can be used for various reasons, including patient direction to remove material, and
in the situation where information about a different patient has been incorrectly committed to a
record, and has to be removed.

This could be improved perhaps; certainly something should be said about non-sensical combinations. As you say, we need some formal description of what combinations make sense and what doesn’t - a set of rules, or maybe a matrix of allowed combinations.

thoughts?

  • thomas
4

Andrew Patterson wrote:

I think there is some ambiguity around the 'change type' in a
version's audit, and the lifecycle state of the version.

To recap, change type has the following terminology entries
creation
ammendment
modification
synthesis
deleted
attestation
unknown

And lifecycle state can be
complete
incomplete
deleted

Firstly, I think the 'synthesis' and 'unknown' change types aren't
well defined so until they are it might be better if they weren't in
the list of allowable 'change types'.

Hi Andrew,

the explanation in the spec could be better for “synthesis”, I agree, but the meaning is that the data were created by automatic generation according to some algorithm. This happens when importing data that have little structuring, e.g. no sections, or missing items.

The “unknown” change type exists when none of the other terms will do - since a change type is needed in the audit object. I don’t know of any better solution to this. Putting nothing makes it look like the software might have a bug; putting “unknown” at least means that the change type was considered.

Secondly, I don't think 'change type' and 'lifecycle state' are
completely orthoganal, so we need to define which lifecycle
states are allowable with each change type.

So
a) can we 'create' a 'deleted' version

not sensibly;-)

b) can a complete version have its 'change type' be deleted?

yes - an item in ‘complete’ state, meaning no other info had to be added, can be later logically deleted (perhaps the whole thing was in error, or in the wrong EHR). The audit action needs to record the fact of deletion. The lifecycle state should also be set to ‘deleted’. So there are two things here: the content is logically ‘deleted’, and the action to achieve this was ‘deletion’ (and I notice that code 523 should be ‘deletion’ not ‘deleted’).

c) is attestation possible for an incomplete version?

yes - attestation is possible for anything - it just means that whatever is there (complete, incomplete (or deleted?)) is being attested, i..e signed off, by some user.

d) is attestation possible for a deleted version? (is this
   attesting to the deletion?)

good question - I would say it is possible - e.g. if an appropriate user were to sign off on the fact that material had to be deleted from patient A’s health record because it had been put there in error. IN fact, I would imagine some kind of attestation to deletion would be preferable to having none.

e) is a lifecycle deletion ever an 'ammendment'

I don’t think this could make sense.

Also, are there any state transitions that are disallowed
i.e. is it possible to go from created/complete to
modification/incomplete?

well, the audit change types are not states in a cycle - they merely indicate what kind of change was done in going from the previous version the information to the current version. But there is certainly a (albeit simple) state machine implied in the lifecycle state, which is currently:

(initial) → incomplete → complete
(initial) → complete
incomplete → deleted
complete → deleted

I don’t think this is documented anywhere as such, but it should be. Currently the following text is in the Common IM spec:

6.3 Versioning Semantics
6.3.1 Version Lifecycle
Content in Original versions has a lifecycle state associated with it, modelled using the
ORIGINAL_VERSION.lifecycle_state attribute, which is coded from the openEHR Terminology “version
lifecycle state” group. The possible values are “complete”, “incomplete” and “deleted”. Usually
content will be committed in the “complete” state. However, in some circumstances, e.g. because the
author has run out of time or due to an emergency, it may be committed as “incomplete” meaning that
it is either incomplete or at least unreviewed. In hospitals this is a common occurrence. Unfinished
Compositions cannot be saved locally on the client machine, since this represents a security risk (a
small client-side database would be much easier to hack into than a secure server). They must therefore
be persisted on the server, either in the actual EHR, or in a ‘holding bay’ which was recognised as
not being part of the EHR proper. Either way, the author would have to explicitly retrieve the Composition(
s) and after further work or review, ‘promote’ them into the EHR as ‘active’ Compositions; alternatively,
they might decide to throw them away.

Going from “incomplete” to “complete” almost always corresponds to a change in content, and corresponds
to a new VERSION regardless. This modelling approach allows such content to exist on the
EHR system, but to be flagged as incomplete when viewed by a user.
Systems are responsible for implementing checks to find ‘old’ Versions in “incomplete” state, and
bring them to the relevant user’s notice, or automatically deleting them or progressing them to “complete”
as appropriate.

6.3.2 Logical Deletion
Within the lifecycle described above, deletion of existing top-level content items (i.e. the entire data
contents of a Version) is somewhat of a special case in openEHR and in EHRs in general. Medicolegal
and traceability requirements mean that information cannot be literally removed, since it must
always be possible to revert back to a previous state of the record in which the deleted information is
intact. Accordingly, information can only ever be logically deleted. This is achieved by the following
procedure in the Version container in question:
• create a new Version in the normal way;
• delete its data (which will by default be a copy of the data of the previous Version);
• set the lifecycle_state value to the code for “deleted”
• commit in the normal way.
Logical deletion can be used for various reasons, including patient direction to remove material, and
in the situation where information about a different patient has been incorrectly committed to a
record, and has to be removed.

This could be improved perhaps; certainly something should be said about non-sensical combinations. As you say, we need some formal description of what combinations make sense and what doesn’t - a set of rules, or maybe a matrix of allowed combinations.

A matrix of allowed combinations will be great to have in the specs. I guess some of these rules will be reflected as part of the EHR Server interface for committing compositions.

/Rong

5

Thomas wrote:

The "unknown" change type exists when none of the other terms will do -
since a change type is needed in the audit object. I don't know of any
better solution to this. Putting nothing makes it look like the software
might have a bug; putting "unknown" at least means that the change type was
considered.

Its just that the others actually mean something to the engine, and
have defined behaviours i.e. when I get a 'modification', I need to check
that there is a previously 'created' version that it is modifying.

Without proper definitions, I don't know what receiving software
will do with a 'synthesis' or 'unknown' change type - can I just
reject them as unsupported (at the present time)?

Rong wrote:

A matrix of allowed combinations will be great to have in the specs. I guess
some of these rules will be reflected as part of the EHR Server interface
for committing compositions.

I agree - I don't think it needs much more than us agreeing on
a matrix. I'll make a wiki page with my attempt - and others
can correct it as they see fit. Then perhaps we can consider putting
it in the spec.

Andrew

6

Andrew Patterson wrote:

Thomas wrote:
  

The "unknown" change type exists when none of the other terms will do -
since a change type is needed in the audit object. I don't know of any
better solution to this. Putting nothing makes it look like the software
might have a bug; putting "unknown" at least means that the change type was
considered.
      
Its just that the others actually mean something to the engine, and
have defined behaviours i.e. when I get a 'modification', I need to check
that there is a previously 'created' version that it is modifying.

Without proper definitions, I don't know what receiving software
will do with a 'synthesis' or 'unknown' change type - can I just
reject them as unsupported (at the present time)?
  
well, let's say 'synthesis' is the same logic as 'creation' (just done
by software, not by a human being). I am inclined to agree that unkown
should be removed - it doesn't really make sense here. All change types
shoiuld be knowable and meaningful.

Rong wrote:
  

A matrix of allowed combinations will be great to have in the specs. I guess
some of these rules will be reflected as part of the EHR Server interface
for committing compositions.
    
I agree - I don't think it needs much more than us agreeing on
a matrix. I'll make a wiki page with my attempt - and others
can correct it as they see fit. Then perhaps we can consider putting
it in the spec.
  
please do - that would be a help.

- thomas

7

Don't know if you have managed to have a go at this Andrew - why don't
you at least create a CR in Release 1.1 (for now, it can always be
moved) with a brief summary of the problem from our discussion - I don't
want the issue to be forgotten!

- thomas

Thomas Beale wrote:

8

Thomas Beale-3 wrote:

...

well, the audit change types are not states in a cycle - they merely
indicate what kind of change was done in going from the previous
version the information to the current version. But there is certainly
a (albeit simple) state machine implied in the lifecycle state, which
is currently:

(initial) -> incomplete -> complete
(initial) -> complete
incomplete -> deleted
complete -> deleted

...

A matrix of allowed combinations between lifecycle state and change type
would be very useful. Also a deeper description of state machine for
lifecycle state in the specs would be great.
Indeed I have again some doubts about possible transitions:

Is it possible to have a the following transition:
... -> deleted -> complete
... -> deleted -> incomplete
in the case that we have deleted the compostion wrongly, and now we want to
"resume" it!

and can we have
(initial) -> incomplete -> complete -> incomplete

Thanks
leo