Privacy on FHIR Overview
What we are working on….
42CFRPart2 Organization
MyHealtheVet (VA)
Military Health Systems (MHS)
Tricare
Health Information Exchange (ONC)
The Resource Server Stack
OpenID Connect Server(Oauth2 + UMA)
Consent DirectiveManagement Services
Access Control Services
Providers
ConsentPHRHeart RateDiabetesFitness
Patie
nt T
ools
PhoneGap, Cordova, Vaadin Touchkit
PhoneGap, Cordova, Vaadin Touchkit
Privacy on FHIR Overview
What version…
DSTU2
Currently Refactoring Privacy Protective Services (PPS) and Security Labeling Services (SLS) --- Broken
Utilizing HAPI FHIR Java Libraries(SNAPSHOTS) for DSTU2
Privacy on FHIR Overview
What version…
In DSTU2 security labels now in ResourceMetadataMap…
Privacy on FHIR Overview
Rules are same…
rule "Clinical Rule Abnormal mammogram, unspecified"dialect "mvel"when
$cd : FHIRClinicalFact(codeSystem == "http://snomed.info/sct", code == "168750009")then
ruleExecutionContainer.addExecutionResponse(new FHIRConfidentialityRuleExecutionResponse("168750009", "http://snomed.info/sct", "Abnormal mammogram, unspecified", "PRS", "R", "Restricted"))end
Privacy on FHIR Overview
What version…http://jamesagnew.github.io/hapi-fhir/download.html
Privacy on FHIR Overview
Server Platform
HAPI FHIR Implementation
Both DSTU1 & 2
SMART on FHIR API DSTU2?
USING DATA FROM SMART(Clinically Relevant)
Privacy on FHIR Overview
Oauth2 and UMA
Clients, Scopes, and Claims
Utilizing Existing Libraries(interceptors)
Anxiously awaiting UMA
Privacy on FHIR Overview
Stop Leakage
Need more that just authorization to Resource!
Final mile is on PPS and SLS
Patient Consent Directive Organizational Policy
Obligations
PPS lives on both sides of the fence
Obligations+