SlideShare a Scribd company logo
1 of 11
Download to read offline
Health Relationship Trust
(HEART) Working Group
Eve Maler, WG co-chair
eve.maler@forgerock.com | @xmlgrrl
22 June 2017
http://openid.net/wg/heart/
Why?
• Individuals want to gather, control, and share
their health data
– People want to be able to give permission for access
– …and to change their minds
• More and more, this data is sourced digitally
– Such as from mobile apps and smart devices
– This is especially so for complex health conditions
• …and is stored in electronic records
• Clinicians, insurers, and researchers want or need
data access to diagnose, plan care, and pay for
care
• HEART puts the individual back at the center of
the health data-sharing conversation
WG goals and scope
• RESTful health data sharing
• Patient-centric, privacy-sensitive
• Internationally applicable
• Primarily profiling existing specs
– OAuth, OpenID Connect, UMA, HL7’s FHIR API
• Foster interoperable implementations
• Not specifying a patient discovery mechanism
• Not specifying trust frameworks
Who takes part?
• Health/health IT subject matter experts
– E.g., SAMHSA, VA, HL7, doctors…
• Technology experts
– Implementers
– Spec authors and editors
• Leadership team:
– Co-chair Debbie Bucci (HHS ONC)
– Co-chair Eve Maler (ForgeRock)
– Spec editor Justin Richer (Bespoke Engineering)
Use cases collected
• Multiple portals
• Virtual patient registration
• Post-myocardial infarction implant and rehab
• VA secure RESTful use case
• Patient data for clinical and research purposes
• Primary care physician first appointment
• Alice selectively shares health-related data
with physicians and others
Deliverables:
All are in Implementer’s Draft status
HEART Profile for UMA
HEART Profile for OAuth 2.0
HEART Profile for OpenID Connect
HEART Profile
for UMA and
FHIR
HEART Profile
for OAuth 2.0
and FHIR
SECURITY
PROFILES
SEMANTIC
PROFILES
UMA-
RELATED
OIDC-
RELATED
OAUTH-
RELATED
Confidentiality, sensitivity, and
break-the-glass requirements
For confidentiality and sensitivity requirements,
we specified a scope mechanism
• For example, scope sens/ETH = “substance
abuse”
– Available to both OAuth and UMA
• If a resource server is capable of filtering out
substance abuse info with this scope:
– It MUST advertise this fact
– If a client brings it an access token WITHOUT this
scope, if it’s at all possible for it to do so, it
SHOULD redact the substance abuse info out of
the delivered resource
For break-the-glass, we similarly
specified a scope mechanism
• The scope is called btg
– Available to both OAuth and UMA
• Scope issuance is out of scope (sorry)
– UX options are of particular relevance in the UMA
case
• The resource server MUST log btg access in an
auditable format available to the resource
owner
The Move Health Data Forward
challenges
• Starting mid-2016, HHS ONC challenged
industry to create API solutions to help
individuals authorize the movement of their
health data
• Three phases later, several winners
have won awards, including for
some solutions
based on the
HEART
profiles
Questions?
Join us!
Thanks!
Eve Maler, WG co-chair
eve.maler@forgerock.com | @xmlgrrl
22 June 2017
http://openid.net/wg/heart/

More Related Content

What's hot

Why Do Federally Qualified Health Centers Need A Referral Management Software...
Why Do Federally Qualified Health Centers Need A Referral Management Software...Why Do Federally Qualified Health Centers Need A Referral Management Software...
Why Do Federally Qualified Health Centers Need A Referral Management Software...GaryRichards30
 
Privacy of patient data versus patient safety. HIMSS Europe, Nov 6, 2014
Privacy of patient data versus patient safety. HIMSS Europe, Nov 6, 2014Privacy of patient data versus patient safety. HIMSS Europe, Nov 6, 2014
Privacy of patient data versus patient safety. HIMSS Europe, Nov 6, 2014Arjen Noordzij
 
Electronic Medical Records: the now and the future of healthcare service
Electronic Medical Records: the now and the future of healthcare serviceElectronic Medical Records: the now and the future of healthcare service
Electronic Medical Records: the now and the future of healthcare servicedoc_magno
 
Lt a srs ehr presentation
Lt a   srs ehr presentationLt a   srs ehr presentation
Lt a srs ehr presentationshortrnd
 
Securing_Medical_Devices_v3
Securing_Medical_Devices_v3Securing_Medical_Devices_v3
Securing_Medical_Devices_v3Steve Markey
 
Aziz Boxwala, MD, Ph.D. SMART-on-FHIR specification & Sapphire demo.
Aziz Boxwala, MD, Ph.D. SMART-on-FHIR specification & Sapphire demo.Aziz Boxwala, MD, Ph.D. SMART-on-FHIR specification & Sapphire demo.
Aziz Boxwala, MD, Ph.D. SMART-on-FHIR specification & Sapphire demo.HealthDev
 
Platform Description
Platform DescriptionPlatform Description
Platform DescriptionPlarent Ymeri
 
iUZ.Talk - Cross-border Interoperability
iUZ.Talk - Cross-border InteroperabilityiUZ.Talk - Cross-border Interoperability
iUZ.Talk - Cross-border InteroperabilityiUZ_Technologies
 

What's hot (9)

Why Do Federally Qualified Health Centers Need A Referral Management Software...
Why Do Federally Qualified Health Centers Need A Referral Management Software...Why Do Federally Qualified Health Centers Need A Referral Management Software...
Why Do Federally Qualified Health Centers Need A Referral Management Software...
 
Privacy of patient data versus patient safety. HIMSS Europe, Nov 6, 2014
Privacy of patient data versus patient safety. HIMSS Europe, Nov 6, 2014Privacy of patient data versus patient safety. HIMSS Europe, Nov 6, 2014
Privacy of patient data versus patient safety. HIMSS Europe, Nov 6, 2014
 
Portal Web Demo Customer
Portal Web Demo CustomerPortal Web Demo Customer
Portal Web Demo Customer
 
Electronic Medical Records: the now and the future of healthcare service
Electronic Medical Records: the now and the future of healthcare serviceElectronic Medical Records: the now and the future of healthcare service
Electronic Medical Records: the now and the future of healthcare service
 
Lt a srs ehr presentation
Lt a   srs ehr presentationLt a   srs ehr presentation
Lt a srs ehr presentation
 
Securing_Medical_Devices_v3
Securing_Medical_Devices_v3Securing_Medical_Devices_v3
Securing_Medical_Devices_v3
 
Aziz Boxwala, MD, Ph.D. SMART-on-FHIR specification & Sapphire demo.
Aziz Boxwala, MD, Ph.D. SMART-on-FHIR specification & Sapphire demo.Aziz Boxwala, MD, Ph.D. SMART-on-FHIR specification & Sapphire demo.
Aziz Boxwala, MD, Ph.D. SMART-on-FHIR specification & Sapphire demo.
 
Platform Description
Platform DescriptionPlatform Description
Platform Description
 
iUZ.Talk - Cross-border Interoperability
iUZ.Talk - Cross-border InteroperabilityiUZ.Talk - Cross-border Interoperability
iUZ.Talk - Cross-border Interoperability
 

Similar to Health Relationship Trust (HEART) Working Group 22 June 2017

Clinical Data Standards and Data Portability
Clinical Data Standards and Data Portability Clinical Data Standards and Data Portability
Clinical Data Standards and Data Portability Nrip Nihalani
 
Secure Sharing of Personal Health Records in Cloud Computing using Encryption
Secure Sharing of Personal Health Records in Cloud Computing using EncryptionSecure Sharing of Personal Health Records in Cloud Computing using Encryption
Secure Sharing of Personal Health Records in Cloud Computing using EncryptionEditor IJCATR
 
Kantara uma webinar july 2020
Kantara uma webinar   july 2020Kantara uma webinar   july 2020
Kantara uma webinar july 2020kantarainitiative
 
Healthcare over Internet Protocol, Web 2.0, Health 2.0 and the Personal Healt...
Healthcare over Internet Protocol, Web 2.0, Health 2.0 and the Personal Healt...Healthcare over Internet Protocol, Web 2.0, Health 2.0 and the Personal Healt...
Healthcare over Internet Protocol, Web 2.0, Health 2.0 and the Personal Healt...Rowan Purdy
 
Cloud Computing: Scalable and Secure Sharing of Personal Health Records Using...
Cloud Computing: Scalable and Secure Sharing of Personal Health Records Using...Cloud Computing: Scalable and Secure Sharing of Personal Health Records Using...
Cloud Computing: Scalable and Secure Sharing of Personal Health Records Using...dbpublications
 
The need for interoperability in blockchain-based initiatives to facilitate c...
The need for interoperability in blockchain-based initiatives to facilitate c...The need for interoperability in blockchain-based initiatives to facilitate c...
The need for interoperability in blockchain-based initiatives to facilitate c...Massimiliano Masi
 
Psdot 4 scalable and secure sharing of personal health records in cloud compu...
Psdot 4 scalable and secure sharing of personal health records in cloud compu...Psdot 4 scalable and secure sharing of personal health records in cloud compu...
Psdot 4 scalable and secure sharing of personal health records in cloud compu...ZTech Proje
 
Scalable and secure sharing of personal health records in cloud computing usi...
Scalable and secure sharing of personal health records in cloud computing usi...Scalable and secure sharing of personal health records in cloud computing usi...
Scalable and secure sharing of personal health records in cloud computing usi...JPINFOTECH JAYAPRAKASH
 
Security & Privacy - Lecture E
Security & Privacy - Lecture ESecurity & Privacy - Lecture E
Security & Privacy - Lecture ECMDLearning
 
Secondary Use of Electronic Health Information – the Way to Guard Patient Sec...
Secondary Use of Electronic Health Information – the Way to Guard Patient Sec...Secondary Use of Electronic Health Information – the Way to Guard Patient Sec...
Secondary Use of Electronic Health Information – the Way to Guard Patient Sec...Plan de Calidad para el SNS
 
Scalable and secure sharing of personal health records in cloud computing us...
Scalable and secure sharing of personal health
records in cloud computing us...Scalable and secure sharing of personal health
records in cloud computing us...
Scalable and secure sharing of personal health records in cloud computing us...Duraiyarasan S
 
Cloud Computing: Scalable and Secure Sharing of Personal Health Records Using...
Cloud Computing: Scalable and Secure Sharing of Personal Health Records Using...Cloud Computing: Scalable and Secure Sharing of Personal Health Records Using...
Cloud Computing: Scalable and Secure Sharing of Personal Health Records Using...dbpublications
 
Scalable and secure sharing of personal health
Scalable and secure sharing of personal healthScalable and secure sharing of personal health
Scalable and secure sharing of personal healthIMPULSE_TECHNOLOGY
 
8.2 Demonstration Health - IT benifits - Bagmishika Puhan ( Session 8)
8.2   Demonstration Health - IT benifits - Bagmishika Puhan ( Session 8)8.2   Demonstration Health - IT benifits - Bagmishika Puhan ( Session 8)
8.2 Demonstration Health - IT benifits - Bagmishika Puhan ( Session 8)Apollo Hospitals Group and ATNF
 
Efficient sharing of personal health records using encryption in cloud computing
Efficient sharing of personal health records using encryption in cloud computingEfficient sharing of personal health records using encryption in cloud computing
Efficient sharing of personal health records using encryption in cloud computingNaveena N
 
Progression towards Community Health
Progression towards Community HealthProgression towards Community Health
Progression towards Community HealthKC Digital Drive
 

Similar to Health Relationship Trust (HEART) Working Group 22 June 2017 (20)

Hipaa and social media using new
Hipaa and social media using newHipaa and social media using new
Hipaa and social media using new
 
Clinical Data Standards and Data Portability
Clinical Data Standards and Data Portability Clinical Data Standards and Data Portability
Clinical Data Standards and Data Portability
 
Secure Sharing of Personal Health Records in Cloud Computing using Encryption
Secure Sharing of Personal Health Records in Cloud Computing using EncryptionSecure Sharing of Personal Health Records in Cloud Computing using Encryption
Secure Sharing of Personal Health Records in Cloud Computing using Encryption
 
Kantara uma webinar july 2020
Kantara uma webinar   july 2020Kantara uma webinar   july 2020
Kantara uma webinar july 2020
 
Healthcare over Internet Protocol, Web 2.0, Health 2.0 and the Personal Healt...
Healthcare over Internet Protocol, Web 2.0, Health 2.0 and the Personal Healt...Healthcare over Internet Protocol, Web 2.0, Health 2.0 and the Personal Healt...
Healthcare over Internet Protocol, Web 2.0, Health 2.0 and the Personal Healt...
 
Cloud Computing: Scalable and Secure Sharing of Personal Health Records Using...
Cloud Computing: Scalable and Secure Sharing of Personal Health Records Using...Cloud Computing: Scalable and Secure Sharing of Personal Health Records Using...
Cloud Computing: Scalable and Secure Sharing of Personal Health Records Using...
 
The need for interoperability in blockchain-based initiatives to facilitate c...
The need for interoperability in blockchain-based initiatives to facilitate c...The need for interoperability in blockchain-based initiatives to facilitate c...
The need for interoperability in blockchain-based initiatives to facilitate c...
 
Psdot 4 scalable and secure sharing of personal health records in cloud compu...
Psdot 4 scalable and secure sharing of personal health records in cloud compu...Psdot 4 scalable and secure sharing of personal health records in cloud compu...
Psdot 4 scalable and secure sharing of personal health records in cloud compu...
 
Scalable and secure sharing of personal health records in cloud computing usi...
Scalable and secure sharing of personal health records in cloud computing usi...Scalable and secure sharing of personal health records in cloud computing usi...
Scalable and secure sharing of personal health records in cloud computing usi...
 
Security & Privacy - Lecture E
Security & Privacy - Lecture ESecurity & Privacy - Lecture E
Security & Privacy - Lecture E
 
Set paper winter sem 15 16 (final)
Set paper winter sem 15 16 (final)Set paper winter sem 15 16 (final)
Set paper winter sem 15 16 (final)
 
Secondary Use of Electronic Health Information – the Way to Guard Patient Sec...
Secondary Use of Electronic Health Information – the Way to Guard Patient Sec...Secondary Use of Electronic Health Information – the Way to Guard Patient Sec...
Secondary Use of Electronic Health Information – the Way to Guard Patient Sec...
 
Scalable and secure sharing of personal health records in cloud computing us...
Scalable and secure sharing of personal health
records in cloud computing us...Scalable and secure sharing of personal health
records in cloud computing us...
Scalable and secure sharing of personal health records in cloud computing us...
 
Cloud Computing: Scalable and Secure Sharing of Personal Health Records Using...
Cloud Computing: Scalable and Secure Sharing of Personal Health Records Using...Cloud Computing: Scalable and Secure Sharing of Personal Health Records Using...
Cloud Computing: Scalable and Secure Sharing of Personal Health Records Using...
 
Scalable and secure sharing of personal health
Scalable and secure sharing of personal healthScalable and secure sharing of personal health
Scalable and secure sharing of personal health
 
8.2 Demonstration Health - IT benifits - Bagmishika Puhan ( Session 8)
8.2   Demonstration Health - IT benifits - Bagmishika Puhan ( Session 8)8.2   Demonstration Health - IT benifits - Bagmishika Puhan ( Session 8)
8.2 Demonstration Health - IT benifits - Bagmishika Puhan ( Session 8)
 
Healthcare Data Ecosystem 101
Healthcare Data Ecosystem 101Healthcare Data Ecosystem 101
Healthcare Data Ecosystem 101
 
Federated architecture
Federated architectureFederated architecture
Federated architecture
 
Efficient sharing of personal health records using encryption in cloud computing
Efficient sharing of personal health records using encryption in cloud computingEfficient sharing of personal health records using encryption in cloud computing
Efficient sharing of personal health records using encryption in cloud computing
 
Progression towards Community Health
Progression towards Community HealthProgression towards Community Health
Progression towards Community Health
 

Recently uploaded

Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
UiPath Studio Web workshop series - Day 5
UiPath Studio Web workshop series - Day 5UiPath Studio Web workshop series - Day 5
UiPath Studio Web workshop series - Day 5DianaGray10
 
100+ ChatGPT Prompts for SEO Optimization
100+ ChatGPT Prompts for SEO Optimization100+ ChatGPT Prompts for SEO Optimization
100+ ChatGPT Prompts for SEO Optimizationarrow10202532yuvraj
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Valere | Digital Solutions & AI Transformation Portfolio | 2024
Valere | Digital Solutions & AI Transformation Portfolio | 2024Valere | Digital Solutions & AI Transformation Portfolio | 2024
Valere | Digital Solutions & AI Transformation Portfolio | 2024Alexander Turgeon
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
IEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK GuideIEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK GuideHironori Washizaki
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 

Recently uploaded (20)

Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
UiPath Studio Web workshop series - Day 5
UiPath Studio Web workshop series - Day 5UiPath Studio Web workshop series - Day 5
UiPath Studio Web workshop series - Day 5
 
100+ ChatGPT Prompts for SEO Optimization
100+ ChatGPT Prompts for SEO Optimization100+ ChatGPT Prompts for SEO Optimization
100+ ChatGPT Prompts for SEO Optimization
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Valere | Digital Solutions & AI Transformation Portfolio | 2024
Valere | Digital Solutions & AI Transformation Portfolio | 2024Valere | Digital Solutions & AI Transformation Portfolio | 2024
Valere | Digital Solutions & AI Transformation Portfolio | 2024
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
IEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK GuideIEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 

Health Relationship Trust (HEART) Working Group 22 June 2017

  • 1. Health Relationship Trust (HEART) Working Group Eve Maler, WG co-chair eve.maler@forgerock.com | @xmlgrrl 22 June 2017 http://openid.net/wg/heart/
  • 2. Why? • Individuals want to gather, control, and share their health data – People want to be able to give permission for access – …and to change their minds • More and more, this data is sourced digitally – Such as from mobile apps and smart devices – This is especially so for complex health conditions • …and is stored in electronic records • Clinicians, insurers, and researchers want or need data access to diagnose, plan care, and pay for care • HEART puts the individual back at the center of the health data-sharing conversation
  • 3. WG goals and scope • RESTful health data sharing • Patient-centric, privacy-sensitive • Internationally applicable • Primarily profiling existing specs – OAuth, OpenID Connect, UMA, HL7’s FHIR API • Foster interoperable implementations • Not specifying a patient discovery mechanism • Not specifying trust frameworks
  • 4. Who takes part? • Health/health IT subject matter experts – E.g., SAMHSA, VA, HL7, doctors… • Technology experts – Implementers – Spec authors and editors • Leadership team: – Co-chair Debbie Bucci (HHS ONC) – Co-chair Eve Maler (ForgeRock) – Spec editor Justin Richer (Bespoke Engineering)
  • 5. Use cases collected • Multiple portals • Virtual patient registration • Post-myocardial infarction implant and rehab • VA secure RESTful use case • Patient data for clinical and research purposes • Primary care physician first appointment • Alice selectively shares health-related data with physicians and others
  • 6. Deliverables: All are in Implementer’s Draft status HEART Profile for UMA HEART Profile for OAuth 2.0 HEART Profile for OpenID Connect HEART Profile for UMA and FHIR HEART Profile for OAuth 2.0 and FHIR SECURITY PROFILES SEMANTIC PROFILES UMA- RELATED OIDC- RELATED OAUTH- RELATED
  • 8. For confidentiality and sensitivity requirements, we specified a scope mechanism • For example, scope sens/ETH = “substance abuse” – Available to both OAuth and UMA • If a resource server is capable of filtering out substance abuse info with this scope: – It MUST advertise this fact – If a client brings it an access token WITHOUT this scope, if it’s at all possible for it to do so, it SHOULD redact the substance abuse info out of the delivered resource
  • 9. For break-the-glass, we similarly specified a scope mechanism • The scope is called btg – Available to both OAuth and UMA • Scope issuance is out of scope (sorry) – UX options are of particular relevance in the UMA case • The resource server MUST log btg access in an auditable format available to the resource owner
  • 10. The Move Health Data Forward challenges • Starting mid-2016, HHS ONC challenged industry to create API solutions to help individuals authorize the movement of their health data • Three phases later, several winners have won awards, including for some solutions based on the HEART profiles
  • 11. Questions? Join us! Thanks! Eve Maler, WG co-chair eve.maler@forgerock.com | @xmlgrrl 22 June 2017 http://openid.net/wg/heart/

Editor's Notes

  1. Till July 18