Wiki
Clone wikiHEART / Home
Welcome to the HEART Work Group wiki
As described in the HEART WG Charter, the goal of the Working Group is to harmonize and develop a set of privacy and security specifications that enable an individual to control the authorization of access to health related data via RESTful APIs, and to facilitate the development of interoperable implementations of these specifications by others.
At this time, HEART consists of the following specifications:
News
2016-05-10: ONC announces the Move Health Data Forward Challenge
The Move Health Data Forward Challenge encourages participants to create an application programming interface (API) solution that uses the implementation specifications approved by the HEART Work Group to allow people to securely authorize the movement of their health data to destinations they choose.
2016-02-15: HEART Implementer's Draft Approved
The HEART Work Group conducted a vote to approve three specifications as part of the HEART Implementer's Draft. An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification.
- Health Relationship Trust Profile for OAuth 2.0
- Health Relationship Trust Profile for OpenID Connect 1.0
- Health Relationship Trust Profile for User Managed Access 1.0
Use Cases
The following use cases exemplify ways the HEART specification can facilitate sharing of health-related data.
- Alice Registers with PCP and Sets Up Two-Way Exchange of Personal Data Between EHR and PHR - OAuth Only
- Alice Shares with Physicians and Others (UMA, FHIR)
- Data for Clinical and Research Purposes
- Elderly Mom with Family Caregiver
- Multiple Portals
- PCP First Appointment
- Post-MI Implant and Rehab
- VA Secure RESTful Use case
- Virtual Patient Registration
HEART Profile Work
Technology Decision Tree
The HEART WG is mainly about profiling three technologies: OAuth, OpenID Connect, and UMA. OAuth is a “base” technology. OpenID Connect is built on top of OAuth. UMA is also built on top of OAuth, and optionally leverages OpenID Connect as well. In fact, each lower level is usable independently of any higher levels. The document provides a high level view of this modularity.
Reference Implementations
MITREid Connect
MITREid Connect is an open source reference implementation of OpenID Connect and OAuth 2.0 from the MITRE Corporation and MIT Internet Trust Consortium (ITC).
Health Authorization Server
The Health Authorization Server is a demonstration OpenID Connect implementation
Glossary
Minutes
2015-01-12 -- 2015-01-26 -- 2015-02-02
2015-02-09 -- 2015-02-23 -- 2015-03-02
2015-03-09 -- 2015-03-16 -- 2015-03-23
2015-03-30 -- 2015-04-15 -- 2015-04-27
2015-05-04 -- 2015-05-11 -- 2015-05-18
2015-06-01 -- 2015-06-15 -- 2015-06-22
2015-06-29 -- 2015-07-06 -- 2015-07-13
2015-07-20 -- 2015-07-27 -- 2015-08-03
2015-08-05 -- 2015-08-10 -- 2015-08-17
2015-08-24 -- 2015-08-30 -- 2015-09-07
2015-09-14 -- 2015-09-21 -- 2015-09-28
2015-10-05 -- 2015-10-13 -- 2015-10-19
2015-11-02 -- 2015-11-09 -- 2015-11-16
2015-11-23 -- 2015-11-30 -- 2015-12-07
2015-12-14 -- 2015-12-21 -- 2015-12-28
2016-01-25 -- 2016-02-01 -- 2016-02-08
2016-02-15 -- 2016-02-22 -- 2016-03-07
2016-03-14 -- 2016-03-21 -- 2016-03-28
2016-05-02 -- 2016-05-16 -- 2016-05-23
2016-06-13 -- 2016-06-20 -- 2016-06-27
2016-07-11 -- 2016-07-18 -- 2016-07-25
Updated