Privacy on FHIR Overview What we are working on…. 42CFRPart2 Organization MyHealtheVet (VA) Military Health Systems (MHS) Tricare Health Information Exchange.

Privacy on FHIR Overview

What we are working on….

42CFRPart2 Organization

MyHealtheVet (VA)

Military Health Systems (MHS)

Tricare

Health Information Exchange (ONC)

The Resource Server Stack

OpenID Connect Server(Oauth2 + UMA)

Consent DirectiveManagement Services

Access Control Services

Providers

ConsentPHRHeart RateDiabetesFitness

Patie

nt T

ools

PhoneGap, Cordova, Vaadin Touchkit

PhoneGap, Cordova, Vaadin Touchkit

Privacy on FHIR Overview

What version…

DSTU2

Currently Refactoring Privacy Protective Services (PPS) and Security Labeling Services (SLS) --- Broken

Utilizing HAPI FHIR Java Libraries(SNAPSHOTS) for DSTU2

Privacy on FHIR Overview

What version…

In DSTU2 security labels now in ResourceMetadataMap…

Privacy on FHIR Overview

Rules are same…

rule "Clinical Rule Abnormal mammogram, unspecified"dialect "mvel"when

$cd : FHIRClinicalFact(codeSystem == "http://snomed.info/sct", code == "168750009")then

ruleExecutionContainer.addExecutionResponse(new FHIRConfidentialityRuleExecutionResponse("168750009", "http://snomed.info/sct", "Abnormal mammogram, unspecified", "PRS", "R", "Restricted"))end

Privacy on FHIR Overview

What version…http://jamesagnew.github.io/hapi-fhir/download.html

Privacy on FHIR Overview

Server Platform

HAPI FHIR Implementation

Both DSTU1 & 2

SMART on FHIR API DSTU2?

USING DATA FROM SMART(Clinically Relevant)

Privacy on FHIR Overview

Oauth2 and UMA

Clients, Scopes, and Claims

Utilizing Existing Libraries(interceptors)

Anxiously awaiting UMA

Privacy on FHIR Overview

Stop Leakage

Need more that just authorization to Resource!

Final mile is on PPS and SLS

Patient Consent Directive Organizational Policy

Obligations

PPS lives on both sides of the fence

Obligations+