[Openid-specs-heart] Draft HEART Meeting Notes 2015-07-20
sarah at engageidentity.com
Mon Jul 20 22:06:28 UTC 2015
As always, please add anything I missed.
Danny van Leeuwen
Barbara L. Filkins
>From now on, the call will start promptly at 4:00 EDT and end at 4:55 EDT
Gajen Sunthara presented his FHIR-based PHR application, myHealth. He is
hoping to make it open source and compatible with many different data
formats. It handles business to business and business to consumer health
information exchange. He is using a HAPI server with some blue button
capabilities. He demonstrated creation of a patient record via API POST. He
demonstrated patient record download in FHIR JSON and FHIR XML formats.
In Gajen’s application, patients can login via social login for LOA 2, he
may support LOA 3 and 4 in the future. His patient dashboard features
allergies, immunizations, medications, labs, health wearables, and
genomics, as well as graphs and charts from the wearables, photos of the
patient’s care team, vital signs, and a calendar.
Patients may have multiple health systems talking to their myHealth API. He
uses a RESTful FHIR API format to take that information in. Endpoints for
different data sources can be added, updated, or deleted. Likewise,
outbound API-consuming applications can be added, updated, and deleted.
Patients will be able to drag and drop FHIR JSON or XML, C-CDA, CDA or
Genomics SAM/BAM files. These can be uploaded to the profile and integrated
into the health record. Any files that are uploaded can also be downloaded
by the patient at any time. They can also anonymize the data and upload it
to github for easy access by researchers. A patient could also
theoretically sell or donate their anonymized data directly to a
Different instances of PHRs can be correlated so that data can be shared
with family and other care providers.
Patients can connect, refresh, and disconnect wearables. Wearables might
include Fitbit, Apple Health, blood pressure monitors, or insulin monitors.
Patients can select any of their incoming API endpoints and check the
demographic information that system has on file for them.
Right now the endpoints they are using are open, but they plan to use
closed endpoints with OAuth 2.0 in the future.
You can see the source code at https://github.com/gajen0981/FHIR-Server
The PHR does not seem to handle authorizations or permissions. It’s also
unclear how often it refreshes the information from the various endpoints
and what triggers that. It’s unclear how UMA and/or OAuth might be
integrated into this PHR.
Will HEART allow for patients to push information to their provider? Yes,
that is in our use cases.
HEART will have to allow Alice to authorize information transfer between
third parties without seeing it herself due to HIPAA laws about patient
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-heart