The intent of the Health Relationship Trust (HEART) Working Group is to develop, primarily through profiling, a set of privacy and security specifications that enable an individual to control the authorization of access to RESTful health-related data sharing APIs, and to facilitate the development of interoperable implementations of these specifications by others.
Individuals want the ability to gather, control and share their health data. Increasingly, this data is sourced digitally, such as from smart devices and mobile apps, and may be stored in electronic health records. The more complex a person’s health conditions, the more likely the sources of data will grow. Many people want to be able to give permission to anyone who has access to that data, and they want to be able to change their minds over time.
Clinicians, insurers, researchers and others want or need health data to diagnose, plan care, pay for care and additional reasons. In some cases, they have achieved success in exchanging electronic health data by basing this exchange on standards. However, patients’ desires to control data-sharing have taken a back seat. HEART puts the individual back at the center of the health data-sharing conversation. The group has developed five specifications, based on the existing standards Fast Healthcare Interoperability Resources (FHIR), OAuth, OpenID Connect and User-Managed Access (UMA).
The current list of specifications can be found in the group’s BitBucket repository. A vote is taking place on the group’s five Implementer’s Draft specifications, as linked below, on July 19-26, 2017.
- HEART profile for OAuth 2.0.
- HEART profile for OpenID Connect.
- HEART profile for User-Managed Access (UMA).
- HEART profile for Fast Healthcare Interoperability Resources (FHIR) OAuth 2.0 scopes.
- HEART profile for FHIR UMA resource set types, scopes, and claims-gathering flows (referencing the previous specifications as appropriate).
This presentation from June 2017 describes the work of the group.
Additional helpful information can be found on our Resources page.
The easiest way to monitor progress on the HEART Specification is to join the mailing list at http://lists.openid.net/mailman/listinfo/openid-specs-heart.
Please note that while anyone can join the mailing list as a read-only recipient and listen to the calls, posting to the mailing list or actively contributing to development of the specification itself (all spoken comments are considered contributions) requires the submission of an IPR Agreement. More information is available at http://openid.net/intellectual-property. Make sure to specify the working group as “OpenID HEART”.
- Monthly Monday Meetings
- When: 1 PM PST/4 PM EST
- Where: Gotomeeting – https://global.gotomeeting.com/join/785234357
- When: 1 PM PST/4 PM EST
- GoToMeeting software is available on Mac, PC, iPhone, and Android Phone.
- Using VoIP option of GoToMeeting is preferred. If you have to absolutely use plain old telephone some reason, here is the US phone number: +1 (619) 550-0003. Access Code 785-234-357
- Please Note: Number of the participation to the call is limited to 20 most active members at the discretion of the chair due to the number of lines available.