General Resources
- What Is HEART?
- Emerging Identity Standards in Healthcare presentation by the HEART co-chairs from Identiverse, June 2018 (slides, video)
- Introduction to OAuth and OpenID Connect by Justin Richer
- Introduction to UMA (UMA V2, with some HEART context) by Eve Maler
- UMA Business Model background
- MITRE RHEx and Blue Button Plus profile efforts
- GTRI-Trustmark Presentation April 2015 (downloads a PowerPoint file about the GTRI “trustmark marketplace”)
Use Cases
Use cases from 2018 Work Group effort:
- Alice Shares Clinical Records With Her Spouse
- Alice Shares Health Data With Her Spouse
- Alice Electronically Shares Data From Her PHR
- Patient Shares Data From Her Health IoT Device to Her Clinician
Original use cases (obsolete):
- Use case template (GDoc)
- Alice Selectively Shares Health-Related Data with Physicians and Others [UMA, FHIR] (GDoc)
- Alice Registers with PCP and Sets Up Two-Way Exchange of Personal Data Between EHR and PHR [OAuth Only] (GDoc)
- Elderly Mom with Family Caregiver (GDoc)
- Multiple Portals (wiki)
- Post-MI Implant and Rehab (wiki)
- VA Secure RESTful Profiles use case (wiki)
- Patient Data for Clinical and Research Purposes (wiki)
- PCP First Appointment (wiki) – see also PHR to EHR swimlane
Terminology
- IdP = identity provider
- RP = relying party
- SSO = single sign-on
- user = human end-user
- RO = resource owner (typically a user) trying to achieve controlled sharing – could be same as SSO user
- AS = authorization server – could be the same as IdP
- RS = resource server – could be the same as AS
- C = client – an application
- RqP = requesting party (typically but not always a user) – could be same as RO