1. Privacy On FHIR®
Enabling Patient Controlled Privacy
Using Emerging Technology
DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.
Johnathan Coleman, ONC
Duane DeCouteau, VA
Adrian Gropper MD, PPR
2. We are on the cusp of a sea change in interoperability, population
management, and clinical decision support. CCD led to CCDA which
leads to FHIR® for content summary exchange. The Direct protocol
will evolve to a RESTful interface using OAuth/OpenID for trust fabric
creation.
However, we're not going to make the move to FHIR® and REST
unless pilots (followed by agile development of implementation guides)
are funded to enable incremental progress. FHIR® is too new and
REST has too many industry skeptics. The pilots will create a tipping
point which mitigates risk and enables progress. Dr. John Halamka
Privacy on FHIR® Vision
3. Introduction
The Office of the National Coordinator (ONC), in
collaboration with Department of Veterans Affairs (VA),
Health Level Seven® and other stakeholders, has initiated
the first pilot/demonstration project of HL7® and Health
Information Technology Standards Committee (HITSC)
recommended standards to support patient mediated
exchange and patient consent. The effort is called Privacy
on FHIR® (PoF) and is the underlying effort behind the
HIMSS demonstrations that you can see here today.
4. It was a Very Good Year…
• In 2014, HL7® approved New, Core Security and Privacy Standards for:
– Privacy and Security Healthcare Classification System (HCS)
– Privacy and Security Services: Security Labeling Services
– Privacy and Security Ontology
– Data Segmentation for Privacy Implementation Guide
– Patient Friendly Consent Directive (Draft in progress for May 2015 ballot)
• Health Information Technology Standards Committee (HITSC) made
Recommendations that:
– OpenID Foundation’s OpenID Connect,
– Internet Engineering Task Force’s OAuth 2.0, and
– HL7® ’s FHIR® comprised a reasonable and appropriate set of
standards to use as building blocks for more complicated
healthcare applications
• Kantara User Managed Access V1.0 approved as Kantara
recommendation March 26, 2015
5. • ONC Nationwide Interoperability Roadmap
• ONC Meaningful Use Certification Criteria NPRM
• PCAST: “Realizing the Full Potential of Health Information
Technology to Improve Healthcare for Americans: The Path
Forward”
• AHRQ Jason Report: “ A Robust Health Data Infrastructure“
FHIR® Pilot Technical Drivers :
Embrace FHIR®, JSON, REST, Oauth and
Kantara UMA
6. ONC/VA Privacy on FHIR® Pilot:
Summary
1. What is it? On-Demand bi-directional exchange of Health Information with your
selected Apps…What, When and How You Want it
2. Why do it? Test technical feasibility of using FHIR® and associated privacy and
security protocols to provide Patients with meaningful access, management and
use of their own information.
3. Deliverables?
• ONC sponsored HIMSS 2015 Interoperability Booths,
• Post-Conference Open Source Reference Model for implementers.
4. Who will do it? Collaborative of stakeholders dedicated to demonstrating the
benefits of HIT cloud capabilities for consumers and providers including:
ONC, VA, HL7®, SAMHSA, Patient Privacy Rights, Jericho Systems Corp,
MITRE, MIT
7. ONC/VA Privacy on FHIR® Pilot [PoF]:
What is HL7® FHIR® ?
Fast Healthcare Interoperability Resources
• FHIR® defines a set of "Resources" that
represent granular clinical concepts managed
in isolation, or aggregated into complex
documents.
• FHIR® is designed for the web:
― Simple XML or JSON structures,
― http-based RESTful protocol,
― Each resource has a predictable URL.
• FHIR® Security and Privacy follows HL7®
Security Labeling, Data Segmentation, and
Consent Directive standards
• FHIR® is under development and has not yet
reached full standard status
http://hl7.org/fhir/2015May/
8. Applying User Managed Access (UMA)-
Oauth 2.0 Profile
Patient controls Who gets What
PoF Architecture leverages cloud Privacy and Security Services that Patients use
daily as Online Consumers
User Managed Access
(UMA)
OpenID Connect / OAuth 2.0
9. Privacy on FHIR®
Share Health Information Among
Your Providers, Organizations, Apps,
and Individuals.
IOTIOT
10. Privacy…Share Only What You Want.
Your Sensitive Healthcare Information
Stays Secure.
Simple one-stop management of your privacy
choices from one place for all your providers
and Apps. Get a report of all disclosures
• Privacy by Design
• Manage Your Apps
• Choose what to Share
MY Consent Directives on FHIR
IOT
1. Create Consent Directive
2. Submit Consent Directive
3. Create Application Authorization
Provisioning
11. Use your Information for
Healthy Living, Wellness
Management
and Talking to Your Doctor
Online:
MY Apps on FHIR®
Share Health Information with Your
Selected Apps…What, When and How
You Want it…All 24/7
Smart Phone ----- Tablet ----- Personal Computer
IOT
• Fitness Apps
• Vitals Monitoring
• Your Personal Health Record
12. Apply
Resource
Privacy Marks
invokes
Privacy & Security Protective Services
Apply
Resource
Protections
invokes
Request
Policy
Submit
Policy
Policy
Management
Policy
Management
invokes
Policy
Enforcement Point
Policy
Enforcement Point
Enforce
Resource
Obligations
My “Apps on FHIR® ”
Policy
MY Apps on FHIR® Policy Enforcement
Restrictions enforced by
Resource Server Privacy
Protective Service
Resource Server
(e.g.,Redact, Mask, Anonymize, Pseudononymize)
Patient creates their
own personal
sensitivities list (e.g.,
HIV, ETH, Other, …)
Privacy Protected
13. My Health Information Exchange on FHIR®
Share Health Information Among
Your Providers.
IOT
14. • HL7 Fast Healthcare Interoperability Resources
Specification (FHIR™), Release 2 (Draft)
• HL7 Healthcare Privacy and Security
Classification System (HCS)
• HL7 Implementation Guide: Data Segmentation
for Privacy (DS4P), Release 1
• HL7® Patient Friendly Consent Directive
(Draft)
• HL7 Version 3 Standard: Privacy, Access and
Security Services; Security Labeling Service,
Release 1 (SLS)
• HL7 Version 3 Standard: Security and Privacy
Ontology, Release 1
• Kantara User Managed Access (UMA) V 1.0
• OpenID Foundation OpenID Connect
• IETF RFC 6749 The OAuth 2.0 Authorization
Framework
My Standards on FHIR®
15. Closing Remarks
• Perspective
– Solve the “Multiple Portals Problem” for Control of Personal
Information
– Bridge the gap between HIPAA and non-HIPAA Apps and
services
– Promote fair information practice: Data Minimization and
Persistence Minimization
– Provide total transparency and accounting for disclosures-no
hidden use of personal data
• “Privacy on FHIR” is an enormous step forward in
enabling patient control over personal health
information.
http://patientprivacyrights.org/
17. UMA Protocol
• Phase 1 of the UMA core protocol involves the
resource owner introducing the resource server and
authorization server so they can work together.
• Phases 2 and 3 together involve the requesting
party, using a client, making an access attempt,
being tested for suitability by the authorization
server to receive permission, and ultimately
succeeding or failing in the attempt by presenting a
token with permissions associated with it.
18. Verify Token
Label/Transform Data9
RequestingOrg.
ProviderOrg.
HIE on FHIR® (detail)
Resource
Server
(Receiving)
FHIR®Client
Authorization client
CDMS
GUI
Approve
CD
1
Submit
CD
07
Set Resource Authz
Policy
3
Resource
Server
(Providing)
Protection
client
FHIR®API
10 Provide Data
Out of Band:
UMA Protection Flow:
UMA Authz. Flow:
Data Access Flow:
2
Acquire Protection Access Token
(PAT)
a
Register Resources &
Scopes
b
Acquire Authorization Access Token
(AAT)
a
Request Requesting Party Token
(RPT)
b
Issue and send
RPT
c
ACS
PPS/SLSRequest for Data + Authz
Token
8
RPT
Check Overarching
Policies
5
Redirect to AS6
Authorizatio
nAPI
Authorizatio
n Server
Protection
API
GUI
Request for Data4
Patient
AAT
a7
AAT
b7
RPT
c7
PAT
b2
PAT
a2