[Openid-specs-heart] Draft HEART Meeting Notes 2015-07-20

Sarah Squire sarah at engageidentity.com
Mon Jul 20 22:06:28 UTC 2015

As always, please add anything I missed.


Debbie Bucci

Danny van Leeuwen

Glen Marshall

Sarah Squire

Barbara L. Filkins

Eve Maler

William Kinsley

Chad Evans

Gajen Sunthara

Thompson Boyd

Jeff Shultz

Adrian Gropper

Corey Spears

Edmund Jay

Josh Mandel

Anwar Reddick

Jin Wen

Brandon Smith

>From now on, the call will start promptly at 4:00 EDT and end at 4:55 EDT

Gajen Sunthara presented his FHIR-based PHR application, myHealth. He is
hoping to make it open source and compatible with many different data
formats. It handles business to business and business to consumer health
information exchange. He is using a HAPI server with some blue button
capabilities. He demonstrated creation of a patient record via API POST. He
demonstrated patient record download in FHIR JSON and FHIR XML formats.

In Gajen’s application, patients can login via social login for LOA 2, he
may support LOA 3 and 4 in the future. His patient dashboard features
allergies, immunizations, medications, labs, health wearables, and
genomics, as well as graphs and charts from the wearables, photos of the
patient’s care team, vital signs, and a calendar.

Patients may have multiple health systems talking to their myHealth API. He
uses a RESTful FHIR API format to take that information in. Endpoints for
different data sources can be added, updated, or deleted. Likewise,
outbound API-consuming applications can be added, updated, and deleted.

Patients will be able to drag and drop FHIR JSON or XML, C-CDA, CDA or
Genomics SAM/BAM files. These can be uploaded to the profile and integrated
into the health record. Any files that are uploaded can also be downloaded
by the patient at any time. They can also anonymize the data and upload it
to github for easy access by researchers. A patient could also
theoretically sell or donate their anonymized data directly to a

Different instances of PHRs can be correlated so that data can be shared
with family and other care providers.

Patients can connect, refresh, and disconnect wearables. Wearables might
include Fitbit, Apple Health, blood pressure monitors, or insulin monitors.

Patients can select any of their incoming API endpoints and check the
demographic information that system has on file for them.

Right now the endpoints they are using are open, but they plan to use
closed endpoints with OAuth 2.0 in the future.

You can see the source code at https://github.com/gajen0981/FHIR-Server

The PHR does not seem to handle authorizations or permissions. It’s also
unclear how often it refreshes the information from the various endpoints
and what triggers that. It’s unclear how UMA and/or OAuth might be
integrated into this PHR.

Will HEART allow for patients to push information to their provider? Yes,
that is in our use cases.

HEART will have to allow Alice to authorize information transfer between
third parties without seeing it herself due to HIPAA laws about patient
information delay.

Sarah Squire
Engage Identity
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20150720/6de5b12b/attachment.html>

More information about the Openid-specs-heart mailing list