Upload
agropper
View
356
Download
0
Tags:
Embed Size (px)
Citation preview
Privacy On FHIR®
Enabling Patient Controlled Privacy Using Emerging Technology
DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.
Johnathan Coleman, ONC
Duane DeCouteau, VA
Adrian Gropper MD, PPR
We are on the cusp of a sea change in interoperability, population management, and clinical decision support. CCD led to CCDA which leads to FHIR® for content summary exchange. The Direct protocol will evolve to a RESTful interface using OAuth/OpenID for trust fabric creation.
However, we're not going to make the move to FHIR® and REST unless pilots (followed by agile development of implementation guides) are funded to enable incremental progress. FHIR® is too new and REST has too many industry skeptics. The pilots will create a tipping point which mitigates risk and enables progress. Dr. John Halamka
Privacy on FHIR® Vision
Introduction
The Office of the National Coordinator (ONC), in
collaboration with Department of Veterans Affairs (VA),
Health Level Seven® and other stakeholders, has initiated
the first pilot/demonstration project of HL7® and Health
Information Technology Standards Committee (HITSC)
recommended standards to support patient mediated
exchange and patient consent. The effort is called Privacy
on FHIR® (PoF) and is the underlying effort behind the
HIMSS demonstrations that you can see here today.
It was a Very Good Year… • In 2014, HL7® approved New, Core Security and Privacy Standards for:
– Privacy and Security Healthcare Classification System (HCS)
– Privacy and Security Services: Security Labeling Services
– Privacy and Security Ontology
– Data Segmentation for Privacy Implementation Guide
– Patient Friendly Consent Directive (Draft in progress for May 2015 ballot)
• Health Information Technology Standards Committee (HITSC) made Recommendations that:
– OpenID Foundation’s OpenID Connect,
– Internet Engineering Task Force’s OAuth 2.0, and
– HL7® ’s FHIR® comprised a reasonable and appropriate set of standards to use as building blocks for more complicated healthcare applications
• Kantara User Managed Access V1.0 approved as Kantara recommendation March 26, 2015
• ONC Nationwide Interoperability Roadmap
• ONC Meaningful Use Certification Criteria NPRM
• PCAST: “Realizing the Full Potential of Health Information Technology to Improve Healthcare for Americans: The Path Forward”
• AHRQ Jason Report: “ A Robust Health Data Infrastructure“
FHIR® Pilot Technical Drivers : Embrace FHIR®, JSON, REST, Oauth and Kantara UMA
ONC/VA Privacy on FHIR® Pilot: Summary
1. What is it? On-Demand bi-directional exchange of Health Information with your
selected Apps…What, When and How You Want it
2. Why do it? Test technical feasibility of using FHIR® and associated privacy and
security protocols to provide Patients with meaningful access, management and
use of their own information.
3. Deliverables? • ONC sponsored HIMSS 2015 Interoperability Booths,
• Post-Conference Open Source Reference Model for implementers.
4. Who will do it? Collaborative of stakeholders dedicated to demonstrating the
benefits of HIT cloud capabilities for consumers and providers including:
ONC, VA, HL7®, SAMHSA, Patient Privacy Rights, Jericho Systems Corp,
MITRE, MIT
ONC/VA Privacy on FHIR® Pilot [PoF]: What is HL7® FHIR® ?
Fast Healthcare Interoperability Resources
• FHIR® defines a set of "Resources" that
represent granular clinical concepts managed
in isolation, or aggregated into complex
documents.
• FHIR® is designed for the web:
― Simple XML or JSON structures,
― http-based RESTful protocol,
― Each resource has a predictable URL.
• FHIR® Security and Privacy follows HL7®
Security Labeling, Data Segmentation, and
Consent Directive standards
• FHIR® is under development and has not yet
reached full standard status
http://hl7.org/fhir/2015May/
Applying User Managed Access (UMA)-Oauth 2.0 Profile
Patient controls Who gets What
PoF Architecture leverages cloud Privacy and Security Services that Patients use
daily as Online Consumers
User Managed Access
(UMA)
OpenID Connect / OAuth 2.0
Privacy on FHIR® Share Health Information Among Your Providers, Organizations, Apps, and Individuals.
IOT IOT
Privacy…Share Only What You Want. Your Sensitive Healthcare Information Stays Secure. Simple one-stop management of your privacy
choices from one place for all your providers
and Apps. Get a report of all disclosures
• Privacy by Design
• Manage Your Apps
• Choose what to Share
MY Consent Directives on FHIR
IOT
1. Create Consent Directive
2. Submit Consent Directive
3. Create Application Authorization
Provisioning
Use your Information for
Healthy Living, Wellness
Management
and Talking to Your Doctor
Online:
MY Apps on FHIR® Share Health Information with Your Selected Apps…What, When and How You Want it…All 24/7
Smart Phone ----- Tablet ----- Personal Computer
IOT
• Fitness Apps
• Vitals Monitoring
• Your Personal Health Record
Apply Resource
Privacy Marks
invokes
Privacy & Security Protective Services
Apply Resource
Protections
invokes
Request Policy
Submit Policy
Policy Management
Policy Management
invokes
Policy Enforcement Point
Policy Enforcement Point
Enforce Resource
Obligations
My “Apps on FHIR® ” Policy
MY Apps on FHIR® Policy Enforcement
Restrictions enforced by Resource Server Privacy
Protective Service
Resource Server
(e.g.,Redact, Mask, Anonymize, Pseudononymize)
Patient creates their
own personal
sensitivities list (e.g.,
HIV, ETH, Other, …)
Privacy Protected
My Health Information Exchange on FHIR®
Share Health Information Among Your Providers.
IOT
• HL7 Fast Healthcare Interoperability Resources
Specification (FHIR™), Release 2 (Draft)
• HL7 Healthcare Privacy and Security
Classification System (HCS)
• HL7 Implementation Guide: Data Segmentation
for Privacy (DS4P), Release 1
• HL7® Patient Friendly Consent Directive
(Draft)
• HL7 Version 3 Standard: Privacy, Access and
Security Services; Security Labeling Service,
Release 1 (SLS)
• HL7 Version 3 Standard: Security and Privacy
Ontology, Release 1
• Kantara User Managed Access (UMA) V 1.0
• OpenID Foundation OpenID Connect
• IETF RFC 6749 The OAuth 2.0 Authorization
Framework
My Standards on FHIR®
Closing Remarks
• Perspective
– Solve the “Multiple Portals Problem” for Control of Personal Information
– Bridge the gap between HIPAA and non-HIPAA Apps and services
– Promote fair information practice: Data Minimization and Persistence Minimization
– Provide total transparency and accounting for disclosures-no hidden use of personal data
• “Privacy on FHIR” is an enormous step forward in enabling patient control over personal health information.
http://patientprivacyrights.org/
Questions?
UMA Protocol
• Phase 1 of the UMA core protocol involves the resource owner introducing the resource server and authorization server so they can work together.
• Phases 2 and 3 together involve the requesting party, using a client, making an access attempt, being tested for suitability by the authorization server to receive permission, and ultimately succeeding or failing in the attempt by presenting a token with permissions associated with it.
Verify Token
Label/Transform Data 9
Re
qu
es
tin
g O
rg.
Pro
vid
er
Org
.
HIE on FHIR® (detail)
Resource
Server
(Receiving)
FH
IR®
C
lient
Authorization client
CDMS
GUI
Approve
CD
1
Submit
CD
0 7
Set Resource Authz
Policy 3
Resource
Server
(Providing)
Protection
client
FH
IR®
AP
I
10 Provide Data
Out of Band:
UMA Protection Flow:
UMA Authz. Flow:
Data Access Flow:
2 Acquire Protection Access Token
(PAT)
a
Register Resources &
Scopes b
Acquire Authorization Access Token
(AAT) a
Request Requesting Party Token
(RPT) b
Issue and send
RPT
c
AC
S
PP
S/S
LS
Request for Data + Authz
Token 8
RPT
Check Overarching
Policies 5
Redirect to AS 6
Au
tho
riza
tio
n A
PI
Authorizatio
n Server
Pro
tectio
n
AP
I
GUI
Request for Data 4
Patient
AAT
a 7
AAT
b 7
RPT
c 7 PAT
b 2
PAT
a 2