clair054

I gave this verbal testimony to the ONC API Task Force on Privacy and Security today... On World Privacy Day. I want to thank the Task Force ” for inviting me to speak on behalf of GE Healthcare. I am also a co-chair of the HL7 Security workgroup, a member of the FHIR Management Group (FMG), the lead in IHE-Mobile Health Documents (MHD) , and active member and advocate of HEART . I am pleased at the fantastic testimony this committee is receiving. GE Healthcare is and has been a strong supporter of standards-based Interoperability, as it enables us to be a global healthcare solution provider. Any customization or specialization for any specific region or provider organization is effort that is counter to this standards-based approach. I am glad to hear others express this same solution for their own various reasons. GE Healthcare has had APIs as part of our systems for decades. Most of these are the bread-and-butter of any healthcare organization's network backbone, drawing on H...

As FHIR matures, the security topic becomes more and more important.  I participate in HEART, an effort hosted by the OpenID community including an impressive set of experts from the OpenID, OAuth, and UMA world. They do need more participation from healthcare, it is hard to give everyone that needs attention the full attention they need.  HEART has some foundational profiles ready to be used HEART profiles for review, comment, and approval .  So the next thing up for discussion is a set of OAuth 'scope' values. A 'scope' is a way for an App to ask for less rights than the user holds, and is a good way to limit the damage that an App can do. So the question really is in what ways would it be appropriate to cut away rights that a user might hold. The is something that has not yet been discussed in any useful detail inside of HEART. In fact the specification they have " FHIR OAuth 2 " is not open for review, yet. This specification is mostly derived from what ...