Welcome to the HEART Work Group wiki
As described in the HEART WG Charter, the goal of the Working Group is to harmonize and develop a set of privacy and security specifications that enable an individual to control the authorization of access to health related data via RESTful APIs, and to facilitate the development of interoperable implementations of these specifications by others.
At this time, HEART consists of the following specifications:
2016-05-10: ONC announces the Move Health Data Forward Challenge
The Move Health Data Forward Challenge encourages participants to create an application programming interface (API) solution that uses the implementation specifications approved by the HEART Work Group to allow people to securely authorize the movement of their health data to destinations they choose.
2016-02-15: HEART Implementer's Draft Approved
The HEART Work Group conducted a vote to approve three specifications as part of the HEART Implementer's Draft. An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification.
- Health Relationship Trust Profile for OAuth 2.0
- Health Relationship Trust Profile for OpenID Connect 1.0
- Health Relationship Trust Profile for User Managed Access 1.0
The following use cases exemplify ways the HEART specification can facilitate sharing of health-related data.
- Alice Registers with PCP and Sets Up Two-Way Exchange of Personal Data Between EHR and PHR - OAuth Only
- Alice Shares with Physicians and Others (UMA, FHIR)
- Data for Clinical and Research Purposes
- Elderly Mom with Family Caregiver
- Multiple Portals
- PCP First Appointment
- Post-MI Implant and Rehab
- VA Secure RESTful Use case
- Virtual Patient Registration
HEART Profile Work
The HEART WG is mainly about profiling three technologies: OAuth, OpenID Connect, and UMA. OAuth is a “base” technology. OpenID Connect is built on top of OAuth. UMA is also built on top of OAuth, and optionally leverages OpenID Connect as well. In fact, each lower level is usable independently of any higher levels. The document provides a high level view of this modularity.
MITREid Connect is an open source reference implementation of OpenID Connect and OAuth 2.0 from the MITRE Corporation and MIT Internet Trust Consortium (ITC).
The Health Authorization Server is a demonstration OpenID Connect implementation