Health Relationship Trust (HEART) Working Group 22 June 2017

•Download as PPTX, PDF•

3 likes•1,378 views

Introducing the Health Relationship Trust (HEART) Working Group of the OpenID Foundation at the Cloud Identity Summit in Chicago in June 2017

Technology

Health Relationship Trust
(HEART) Working Group
Eve Maler, WG co-chair
eve.maler@forgerock.com | @xmlgrrl
22 June 2017
http://openid.net/wg/heart/

Why?
• Individuals want to gather, control, and share
their health data
– People want to be able to give permission for access
– …and to change their minds
• More and more, this data is sourced digitally
– Such as from mobile apps and smart devices
– This is especially so for complex health conditions
• …and is stored in electronic records
• Clinicians, insurers, and researchers want or need
data access to diagnose, plan care, and pay for
care
• HEART puts the individual back at the center of
the health data-sharing conversation

WG goals and scope
• RESTful health data sharing
• Patient-centric, privacy-sensitive
• Internationally applicable
• Primarily profiling existing specs
– OAuth, OpenID Connect, UMA, HL7’s FHIR API
• Foster interoperable implementations
• Not specifying a patient discovery mechanism
• Not specifying trust frameworks

Who takes part?
• Health/health IT subject matter experts
– E.g., SAMHSA, VA, HL7, doctors…
• Technology experts
– Implementers
– Spec authors and editors
• Leadership team:
– Co-chair Debbie Bucci (HHS ONC)
– Co-chair Eve Maler (ForgeRock)
– Spec editor Justin Richer (Bespoke Engineering)

Use cases collected
• Multiple portals
• Virtual patient registration
• Post-myocardial infarction implant and rehab
• VA secure RESTful use case
• Patient data for clinical and research purposes
• Primary care physician first appointment
• Alice selectively shares health-related data
with physicians and others

Confidentiality, sensitivity, and
break-the-glass requirements

For confidentiality and sensitivity requirements,
we specified a scope mechanism
• For example, scope sens/ETH = “substance
abuse”
– Available to both OAuth and UMA
• If a resource server is capable of filtering out
substance abuse info with this scope:
– It MUST advertise this fact
– If a client brings it an access token WITHOUT this
scope, if it’s at all possible for it to do so, it
SHOULD redact the substance abuse info out of
the delivered resource

For break-the-glass, we similarly
specified a scope mechanism
• The scope is called btg
– Available to both OAuth and UMA
• Scope issuance is out of scope (sorry)
– UX options are of particular relevance in the UMA
case
• The resource server MUST log btg access in an
auditable format available to the resource
owner

The Move Health Data Forward
challenges
• Starting mid-2016, HHS ONC challenged
industry to create API solutions to help
individuals authorize the movement of their
health data
• Three phases later, several winners
have won awards, including for
some solutions
based on the
HEART
profiles

Questions?
Join us!
Thanks!
Eve Maler, WG co-chair
eve.maler@forgerock.com | @xmlgrrl
22 June 2017
http://openid.net/wg/heart/

Agenda • Discuss how to handle patient communications • Explain the issues involved with using Social Media • Discuss how Social Media can work under HIPAA • Identify guidance from HHS on patient communications • Show what’s needed in a Social Media Policy • Show the process that must be used in the event of breach • Preparing for enforcement and auditing • Learn how to approach compliance

Clinical Data Standards and Data Portability

Nrip Nihalani

Secure Sharing of Personal Health Records in Cloud Computing using Encryption

Editor IJCATR

The PHR is a tool that you can use to collect, track and share past and current information about your health or the health of someone in your care. Personal health record (PHR) is considered as an emerging patient-centric model of health information exchange, where people can share their health information to other people. Since there are wide privacy concerns about the health records and due to high operational cost, users stored at a third party server called as Cloud Server. The issues such as risks of privacy exposure, scalability in key management, access problem, user revocation, have remained the most important challenges towards achieving fine-grained, cryptographically enforced data access control. In order to get rid off from this ,in this paper we introduce attribute-based encryption (ABE) techniques to encrypt each patient's PHR file so that an unauthorised people won’t be able to view our PHR file.

Kantara uma webinar july 2020

kantarainitiative

Healthcare over Internet Protocol, Web 2.0, Health 2.0 and the Personal Healt...

Rowan Purdy

Cloud Computing: Scalable and Secure Sharing of Personal Health Records Using...

dbpublications

Personal health record (PHR) is an emerging patient-centric model of health information exchange, which is often outsourced to be stored at a third party, such as cloud providers. However, there have been wide privacy concerns as personal health information could be exposed to those third party servers and to unauthorized parties. To assure the patients’ control over access to their own PHRs, it is a promising method to encrypt the PHRs before outsourcing. Yet, issues such as risks of privacy exposure, scalability in key management, flexible access, and efficient user revocation, have remained the most important challenges toward achieving fine-grained, cryptographically enforced data access control. In this paper, we propose a novel patient-centric framework and a suite of mechanisms for data access control to PHRs stored in semi trusted servers. To achieve fine-grained and scalable data access control for PHRs, we leverage attribute-based encryption (ABE) techniques to encrypt each patient’s PHR file. Different fr previous works in secure data outsourcing, we focus on the multiple data owner scenario, and divide the users in the PHR system into multiple security domains that greatly reduces the key management complexity for owners and users. A high degree of patient privacy is guaranteed simultaneously by exploiting multi authority ABE. Our scheme also enables dynamic modification of access policies or file attributes, supports efficient on-demand user/attribute revocation and break-glass access under emergency scenarios. Extensive analytical and experimental results are presented which show the security, scalability, and efficiency of our proposed scheme.

The need for interoperability in blockchain-based initiatives to facilitate c...

Massimiliano Masi

Psdot 4 scalable and secure sharing of personal health records in cloud compu...

ZTech Proje

Scalable and secure sharing of personal health records in cloud computing usi...

JPINFOTECH JAYAPRAKASH

Security & Privacy - Lecture E

CMDLearning

Set paper winter sem 15 16 (final)

Vellore Institute of Technology

Dispelling HIPAA Myths: Texting, Emailing, and BYOD Best Practices

Conference Panel

This 90-minute webinar will detail your practice (or business) information technology and how it relates to the HIPAA/HITECH Security Rule and securing PHI in transmission – what is required and what is myth… I will review multiple examples and specific scenarios and offer simple, common-sense solutions. I will also discuss the do's and don'ts relating to encryption and updated bulletins provided by the Office for Civil Rights. Areas covered will be texting, email, encryption, medical messaging, voice data, personal devices, and risk factors. I will uncover myths versus reality as they relate to this enigmatic law based on over 1000 risk assessments performed and years of experience in dealing directly with the Office for Civil Rights HIPAA auditors. I will speak on specific experiences from over 18 years of experience working as an outsourced compliance auditor and expert witness on multiple HIPAA cases in state law and thoroughly explain how patients can now get cash remedies for wrongful disclosures of private health information. More importantly, I will show you how to limit those risks by taking proactive steps and utilizing best practices. Don't always believe what you read online about HIPAA, especially regarding encryption and IT; many groups sell more than necessary. Register Now, https://conferencepanel.com/conference/2024-hipaa-texting-and-emailing-dos-and-donts

Secondary Use of Electronic Health Information – the Way to Guard Patient Sec...

Plan de Calidad para el SNS

What's hot

Why Do Federally Qualified Health Centers Need A Referral Management Software...

GaryRichards30

Privacy of patient data versus patient safety. HIMSS Europe, Nov 6, 2014

Arjen Noordzij

Portal Web Demo CustomerPyramid Home Health Services

Electronic Medical Records: the now and the future of healthcare service

doc_magno

Lt a srs ehr presentationshortrnd

Securing_Medical_Devices_v3Steve Markey

Aziz Boxwala, MD, Ph.D. SMART-on-FHIR specification & Sapphire demo.

HealthDev

Platform DescriptionPlarent Ymeri

iUZ.Talk - Cross-border Interoperability

iUZ_Technologies

What's hot (9)

Why Do Federally Qualified Health Centers Need A Referral Management Software...

Privacy of patient data versus patient safety. HIMSS Europe, Nov 6, 2014

Portal Web Demo Customer

Electronic Medical Records: the now and the future of healthcare service

Lt a srs ehr presentation

Securing_Medical_Devices_v3

Aziz Boxwala, MD, Ph.D. SMART-on-FHIR specification & Sapphire demo.

Platform Description

iUZ.Talk - Cross-border Interoperability

Similar to Health Relationship Trust (HEART) Working Group 22 June 2017

Hipaa and social media using new

OnlineAudio Training

Clinical Data Standards and Data Portability

Nrip Nihalani

Secure Sharing of Personal Health Records in Cloud Computing using Encryption

Editor IJCATR

Kantara uma webinar july 2020

kantarainitiative

Healthcare over Internet Protocol, Web 2.0, Health 2.0 and the Personal Healt...

Rowan Purdy

Cloud Computing: Scalable and Secure Sharing of Personal Health Records Using...

dbpublications

The need for interoperability in blockchain-based initiatives to facilitate c...

Massimiliano Masi

Psdot 4 scalable and secure sharing of personal health records in cloud compu...

ZTech Proje

Scalable and secure sharing of personal health records in cloud computing usi...

JPINFOTECH JAYAPRAKASH

Security & Privacy - Lecture E

CMDLearning

Set paper winter sem 15 16 (final)

Vellore Institute of Technology

Dispelling HIPAA Myths: Texting, Emailing, and BYOD Best Practices

Conference Panel

Secondary Use of Electronic Health Information – the Way to Guard Patient Sec...

Plan de Calidad para el SNS

Scalable and secure sharing of personal health records in cloud computing us...Duraiyarasan S

Cloud Computing: Scalable and Secure Sharing of Personal Health Records Using...

dbpublications

Scalable and secure sharing of personal health

IMPULSE_TECHNOLOGY

8.2 Demonstration Health - IT benifits - Bagmishika Puhan ( Session 8)

Apollo Hospitals Group and ATNF

Healthcare Data Ecosystem 101

Lynne Frederickson

Lecture 6_Data acquisition.pptx power points

Josephmwanika

Federated architecture

ACCESS Health Digital

Similar to Health Relationship Trust (HEART) Working Group 22 June 2017 (20)

Hipaa and social media using new

Clinical Data Standards and Data Portability

Secure Sharing of Personal Health Records in Cloud Computing using Encryption

Kantara uma webinar july 2020

Healthcare over Internet Protocol, Web 2.0, Health 2.0 and the Personal Healt...

Cloud Computing: Scalable and Secure Sharing of Personal Health Records Using...

The need for interoperability in blockchain-based initiatives to facilitate c...

Psdot 4 scalable and secure sharing of personal health records in cloud compu...

Scalable and secure sharing of personal health records in cloud computing usi...

Security & Privacy - Lecture E

Set paper winter sem 15 16 (final)

Dispelling HIPAA Myths: Texting, Emailing, and BYOD Best Practices

Secondary Use of Electronic Health Information – the Way to Guard Patient Sec...

Scalable and secure sharing of personal health records in cloud computing us...

Cloud Computing: Scalable and Secure Sharing of Personal Health Records Using...

Scalable and secure sharing of personal health

8.2 Demonstration Health - IT benifits - Bagmishika Puhan ( Session 8)

Healthcare Data Ecosystem 101

Lecture 6_Data acquisition.pptx power points

Federated architecture

Recently uploaded

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

nkrafacyberclub

Artificial Intelligence for XMLDevelopment

Octavian Nadolu

In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject. We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup. Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved. The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring. The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise. By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.

GridMate - End to end testing is a critical piece to ensure quality and avoid...

ThomasParaiso2

Removing Uninteresting Bytes in Software Fuzzing

Aftab Hussain

Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process. In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds. - These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.

Mind map of terminologies used in context of Generative AI

Kumud Singh

UiPath Test Automation using UiPath Test Suite series, part 6

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI. UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities. Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes. What will you get from this session? 1. Insights into integrating generative AI. 2. Understanding how this integration enhances test automation within the UiPath platform 3. Practical demonstrations 4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath Topics covered: What is generative AI Test Automation with generative AI and Open AI. UiPath integration with generative AI Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

Climate Impact of Software Testing at Nordic Testing Days

Kari Kakkonen

My slides at Nordic Testing Days 6.6.2024 Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

UiPath Test Automation using UiPath Test Suite series, part 5

DianaGray10

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

Alex Pruden

This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second). Paper: https://eprint.iacr.org/2023/1886

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

20240609 QFM020 Irresponsible AI Reading List May 2024

Matthew Sinclair

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Aggregage

Microsoft - Power Platform_G.Aspiotis.pdf

Uni Systems S.M.S.A.

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Nexer Digital

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

SOFTTECHHUB

The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing. One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI

Vladimir Iglovikov, Ph.D.

Presented by Vladimir Iglovikov: - https://www.linkedin.com/in/iglovikov/ - https://x.com/viglovikov - https://www.instagram.com/ternaus/ This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation. Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners. This case study covers various aspects, including: People: The contributors and community that have supported Albumentations. Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions. Challenges: The hurdles in monetizing open-source projects and measuring user engagement. Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration. Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community. Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations. Mental Health: Maintaining balance and not feeling pressured by user demands. Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth. Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects. Explore more about Albumentations and join the community at: GitHub: https://github.com/albumentations-team/albumentations Website: https://albumentations.ai/ LinkedIn: https://www.linkedin.com/company/100504475 Twitter: https://x.com/albumentations

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Neo4j

Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.

Essentials of Automations: The Art of Triggers and Actions in FME

Safe Software

In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation. We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios. Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!

Recently uploaded (20)

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

Artificial Intelligence for XMLDevelopment

GridMate - End to end testing is a critical piece to ensure quality and avoid...

Removing Uninteresting Bytes in Software Fuzzing

Mind map of terminologies used in context of Generative AI

UiPath Test Automation using UiPath Test Suite series, part 6

Climate Impact of Software Testing at Nordic Testing Days

Introduction to CHERI technology - Cybersecurity

UiPath Test Automation using UiPath Test Suite series, part 5

The Art of the Pitch: WordPress Relationships and Sales

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

Epistemic Interaction - tuning interfaces to provide information for AI support

20240609 QFM020 Irresponsible AI Reading List May 2024

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Microsoft - Power Platform_G.Aspiotis.pdf

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Essentials of Automations: The Art of Triggers and Actions in FME

Health Relationship Trust (HEART) Working Group 22 June 2017

1. Health Relationship Trust (HEART) Working Group Eve Maler, WG co-chair eve.maler@forgerock.com | @xmlgrrl 22 June 2017 http://openid.net/wg/heart/

2. Why? • Individuals want to gather, control, and share their health data – People want to be able to give permission for access – …and to change their minds • More and more, this data is sourced digitally – Such as from mobile apps and smart devices – This is especially so for complex health conditions • …and is stored in electronic records • Clinicians, insurers, and researchers want or need data access to diagnose, plan care, and pay for care • HEART puts the individual back at the center of the health data-sharing conversation

3. WG goals and scope • RESTful health data sharing • Patient-centric, privacy-sensitive • Internationally applicable • Primarily profiling existing specs – OAuth, OpenID Connect, UMA, HL7’s FHIR API • Foster interoperable implementations • Not specifying a patient discovery mechanism • Not specifying trust frameworks

4. Who takes part? • Health/health IT subject matter experts – E.g., SAMHSA, VA, HL7, doctors… • Technology experts – Implementers – Spec authors and editors • Leadership team: – Co-chair Debbie Bucci (HHS ONC) – Co-chair Eve Maler (ForgeRock) – Spec editor Justin Richer (Bespoke Engineering)

5. Use cases collected • Multiple portals • Virtual patient registration • Post-myocardial infarction implant and rehab • VA secure RESTful use case • Patient data for clinical and research purposes • Primary care physician first appointment • Alice selectively shares health-related data with physicians and others

6. Deliverables: All are in Implementer’s Draft status HEART Profile for UMA HEART Profile for OAuth 2.0 HEART Profile for OpenID Connect HEART Profile for UMA and FHIR HEART Profile for OAuth 2.0 and FHIR SECURITY PROFILES SEMANTIC PROFILES UMA- RELATED OIDC- RELATED OAUTH- RELATED

7. Confidentiality, sensitivity, and break-the-glass requirements

8. For confidentiality and sensitivity requirements, we specified a scope mechanism • For example, scope sens/ETH = “substance abuse” – Available to both OAuth and UMA • If a resource server is capable of filtering out substance abuse info with this scope: – It MUST advertise this fact – If a client brings it an access token WITHOUT this scope, if it’s at all possible for it to do so, it SHOULD redact the substance abuse info out of the delivered resource

9. For break-the-glass, we similarly specified a scope mechanism • The scope is called btg – Available to both OAuth and UMA • Scope issuance is out of scope (sorry) – UX options are of particular relevance in the UMA case • The resource server MUST log btg access in an auditable format available to the resource owner

10. The Move Health Data Forward challenges • Starting mid-2016, HHS ONC challenged industry to create API solutions to help individuals authorize the movement of their health data • Three phases later, several winners have won awards, including for some solutions based on the HEART profiles

11. Questions? Join us! Thanks! Eve Maler, WG co-chair eve.maler@forgerock.com | @xmlgrrl 22 June 2017 http://openid.net/wg/heart/

Editor's Notes

Till July 18

Health Relationship Trust (HEART) Working Group 22 June 2017

Recommended

Recommended

More Related Content

What's hot

What's hot (9)

Similar to Health Relationship Trust (HEART) Working Group 22 June 2017

Similar to Health Relationship Trust (HEART) Working Group 22 June 2017 (20)

Recently uploaded

Recently uploaded (20)

Health Relationship Trust (HEART) Working Group 22 June 2017

Editor's Notes