[Openid-specs-heart] Draft HEART Meeting Notes 2015-10-13

Wed Oct 14 15:12:27 UTC 2015

Unlike the OpenID Foundation, Integrating the Healthcare Enterprise (IHE)
is structured to profile the practices of a particular segment of a
particular vertical industry: the healthcare _Enterprise_. Authorization of
machine-to-machine transactions secured by OAuth2-based protocols can be
broader than any single vertical. Authorization can be as broad as
authentication.

A broad perspective on authorization (and authentication) will provide
healthcare enterprises the opportunity to integrate systems around _people_
that include wearables, home things, smartphones, and Internet patient
communities.

HEART can make the assumption that HL7-FHIR adopted OAuth2 and is
developing the FHIR standard so as to enable a broad and inclusive
perspective on interoperability. In the ideal situation, our work in HEART
will inform HL7 as to how to achieve people-centered integration compatible
with healthcare-specific practices.

This leaves open the issue of whether enterprise software security
practices are any different in healthcare than any other vertical. Much of
that work is being done in IDESG. IHE can participate in IDESG to ensure
that the Connectathon is represented as we develop the IDESG framework.

Adrian

On Wed, Oct 14, 2015 at 10:43 AM, Justin Richer <jricher at mit.edu> wrote:

> I absolutely agree that we need to interact with other groups, even
> participate in their discussions and events. The connectathons are
> interesting opportunities and I think that HEART could have a good fit
> there.
>
> But that doesn’t mean that our documents won’t stand on their own in OIDF.
> I think it’s not a logical conclusion to say that interacting with other
> groups leads to publishing elsewhere, and that’s the point I was trying to
> make.
>
>  — Justin
>
> On Oct 14, 2015, at 10:01 AM, Glen Marshall [SRS] <gfm at securityrs.com>
> wrote:
>
> Justin,
>
> One of the reasons I mentioned IHE yesterday is that there are annual
> events, called the Connectathons, in which people who have implemented IHE
> profiles test for interoperability.  The North American Connectathon
> happens in January.  Afterwards, Connectathon participants exhibit their
> working solutions in the HIMSS Interoperability Showcase.  There is a
> similar Connectathon in Europe.  The number of vendors in the Connectathons
> is impressive, and security is an essential infrastructure element for
> them.  This would help satisfy the pilot implementation need for HEART.
>
> The provenance and IP stewardship of the underlying standards for IHE is
> very flexible.  IHE adds healthcare use case profiling and testing.  There
> is also a lot of cross-membership between IHE, HL7, DICOM, and other
> healthcare SDOs and consortia.  It is a good portal for introducing and
> coordinating health IT standardization.
>
> There is some early discussion among some IHE participants regarding an
> update to the Internet User Authorization (IUA) profile.
> <http://wiki.ihe.net/index.php?title=Internet_User_Authorization>  The
> current profile uses RFC 6749 and 6750 as the underlying standards.  This
> is all related to HL7 FHIR and SMART on FHIR.  Argonaut is working on
> security in parallel, as is the HL7 Security Workgroup.  This is all quite
> relevant to HEART.
>
> Your thoughts?
>
> Disclosure: I am one of the security test monitors at the annual North
> American Connectathon and, in the past, was very active in IHE and HL7 as
> well as other standardization work.
>
> Best,
> Glen
>
>
> *Glen F. Marshall*
> Consultant
> Security Risk Solutions, Inc.
> 698 Fishermans Bend
> Mount Pleasant, SC 29464
> Tel: (610) 644-2452
> Mobile: (610) 613-3084
> gfm at securityrs.com
> www.SecurityRiskSolutions.com <http://www.securityrisksolutions.com/>
>
>
>
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>
>

-- 

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20151014/b3e14e16/attachment.html>