Meeting Etiquette Please announce your name each time prior to making comments or suggestions during the call Remember: If you are not speaking keep your.

Slides:



Advertisements
Similar presentations
Georgia Department of Community Health
Advertisements

EDOS Workgroup Update July 16, 2013 Laboratory Orders Interface Initiative.
EDOS Workgroup Update Laboratory Orders Interface Initiative.
EDOS Workgroup Pilots – Kickoff Teleconference October 2, 2012.
EDOS Workgroup Update Laboratory Orders Interface Initiative.
Longitudinal Coordination of Care (LCC) Workgroup (WG) HL7 Tiger Team Service Oriented Architecture (SOA) Care Coordination Services (CCS) May 8, 2013.
EDOS Workgroup Update June 18, 2013 Laboratory Orders Interface Initiative.
Yammer Technical Solutions Overview
Update on Vocabularies and Value Sets for Meaningful Use
Office of Science & Technology
Author of Record Digital Identity Management Sub-Workgroup December 5, 2012.
Meeting Etiquette Please announce your name each time prior to making comments or suggestions during the call Remember: If you are not speaking keep your.
360Exchange (360X) Project 10/25/12. Reminders / announcements Mission / scope review Workgroup updates Implementation sites 1 Agenda.
PDMP & HITI IG Development Workgroup Session August 14, 2014.
Electronic Submission of Medical Documentation (esMD) Author of Record Recap and Harmonization of UC 1&2 Workgroup Friday, November 2,
Meeting Etiquette Please announce your name each time prior to making comments or suggestions during the call Remember: If you are not speaking keep your.
S&I Framework Doug Fridsma, MD, PhD Director, Office of Standards and Interoperability, ONC Fall 2011 Face-to-Face.
Understanding and Leveraging MU2 Optional Transports Paul M. Tuten, PhD Senior Consultant, ONC Leader, Implementation Geographies Workgroup, Direct Project.
TATRC and MITRE to NwHIN Power Team 12 June 2013 RESTful Health Exchange (RHEx)
Query Health Business Working Group Kick-Off September 8, 2011.
RESTful Health Exchange (RHEx) Overview To NwHIN Power Team July 26, 2012 wiki.siframework.org/RHEx DRAFT—for discussion purposes only.
RESTful Health Exchange (RHEx) Overview To NwHIN Power Team July 26, 2012 wiki.siframework.org/RHEx Approved for Public Release: Distribution.
Automate Blue Button Initiative Push Workgroup Meeting January 7, 2013.
EsMD Structured Content Use Case 2 WG Meeting Wednesday, April 25 th, 2012.
Electronic Submission of Medical Documentation (esMD) Electronic Determination of Coverage (eDoC) Home Health User Story February 4, 2015.
Automate Blue Button Initiative Push Workgroup Meeting December 17, 2012.
Electronic Submission of Medical Documentation (esMD) Author of Record Workgroup Wednesday, July 18,
Electronic Submission of Medical Documentation (esMD) Electronic Determination of Coverage (eDoC) Home Health User Story January 28, 2015.
Electronic Submission of Medical Documentation (esMD) Complete Documentation Templates IG Ballot Reconciliation April 2, 2014.
Data Access Framework (DAF) All Community Meeting September 4th, 2013.
Data Access Framework All Hands Community Meeting 1 September 23, 2015.
Data Gathering HITPC Workplan HITPC Request for Comments HITSC Committee Recommendations gathered by ONC HITSC Workgroup Chairs ONC Meaningful Use Stage.
Electronic Submission of Medical Documentation (esMD) Author of Record Workgroup and Harmonization of UC 1&2 Workgroup Friday, September 21,
Planning the Future of CDC Secure Public Health Transactions and Public Health Information Network Messaging System (PHINMS) Jennifer McGehee, Tim Morris,
EHR-S Functional Requirements IG: Lab Results Interface Laboratory Initiative.
HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.
Data Segmentation for Privacy Agenda All-hands Workgroup Meeting May 9, 2012.
Automate Blue Button Initiative Pull Workgroup Meeting November 20, 2012.
Automate Blue Button Initiative Pull Workgroup Meeting September 25, 2012.
EDOS Workgroup Update May 21, 2013 Laboratory Orders Interface Initiative.
Data Provenance Community Meeting November 6, 2014.
Electronic Submission of Medical Documentation (esMD) Author of Record Workgroup Wednesday June 13,
Electronic Submission of Medical Documentation (esMD) AoR L2 Harmonization July 3, 2013.
IG Development Working Session September 4 th, 2013.
Meeting Etiquette Please announce your name each time prior to making comments or suggestions during the call Remember: If you are not speaking keep your.
Electronic Submission of Medical Documentation (esMD) Electronic Determination of Coverage (eDoC) Workgroup August 21, 2013.
Electronic Submission of Medical Documentation (esMD) eDoC Workgroup November 4, 2015.
Data Access Framework All Hands Community Meeting April 23, 2014.
EsMD Pilots Workgroup December 12 th, Meeting Etiquette Please announce your name each time prior to making comments or suggestions during the call.
Mariann Yeager, NHIN Policy and Governance Lead (Contractor) Office of the National Coordinator for Health IT David Riley, CONNECT Lead (Contractor) Federal.
Data Access Framework All Hands Community Meeting April 2, 2014.
Electronic Submission of Medical Documentation (esMD) Electronic Determination of Coverage PMD User Story & Harmonization August 7, 2013.
Electronic Submission of Medical Documentation (esMD) Author of Record Workgroup Friday, June 22,
Electronic Submission of Medical Documentation (esMD) Author of Record Workgroup Friday, July 13,
Creating an Interoperable Learning Health System for a Healthy Nation Jon White, M.D. Acting Deputy National Coordinator Office of the National Coordinator.
Electronic Submission of Medical Documentation (esMD) Author of Record Workgroup April 3, 2013.
Electronic Submission of Medical Documentation (esMD) eDoC Home Health April 9, 2014.
Electronic Submission of Medical Documentation (esMD) Electronic Determination of Coverage Harmonization August 14, 2013.
EU-US eHealth/Health IT Cooperation Initiative Interoperability of EHR Work Group August 21,
Data Access Framework All Hands Community Meeting April 9, 2014.
Electronic Submission of Medical Documentation (esMD) eDoC Harmonization December 16, 2015.
Data Access Framework All Hands Community Meeting April 16, 2014.
EDOS Workgroup Update Laboratory Orders Interface Initiative.
360Exchange (360X) Project 12/06/12. Reminders / announcements 360X Update CEHRT 2014 / MU2 Transition of Care Requirements 1 Agenda.
Meeting Etiquette Please announce your name each time prior to making comments or suggestions during the call Remember: If you are not speaking keep your.
Meeting Etiquette Please announce your name each time prior to making comments or suggestions during the call Remember: If you are not speaking keep your.
Automate Blue Button Initiative Pull Workgroup Meeting December 13, 2012.
The Patient Choice Technical Project Pilots Working Group May 20, 2016.
Electronic Submission of Medical Documentation (esMD) Author of Record L2 Harmonization March 26, 2014.
Presentation transcript:

Meeting Etiquette Please announce your name each time prior to making comments or suggestions during the call Remember: If you are not speaking keep your phone on mute Do not put your phone on hold – if you need to take a call, hang up and dial in again when finished with your other call –Hold = Elevator Music = very frustrated speakers and participants This meeting, like all of our meetings, is being recorded –Another reason to keep your phone on mute when not speaking! Feel free to use the Chat or Q&A feature for questions or comments NOTE: This meeting is being recorded and will be posted on the Wiki page after the meeting From S&I Framework to Participants: Hi everyone: remember to keep your phone on mute 0

© 2011 The MITRE Corporation. All rights Reserved. Overview WebEx June 28, 2012, 11 am – 12 pm EDT Powering Secure, Web-Based Health Data Exchange Approved for Public Release: Distribution Unlimited.© 2012 The MITRE Corporation. All Rights Reserved.

© 2012 The MITRE Corporation. All rights Reserved. Overview What is RHEx? Why pursue a RESTful exchange? Philosophy RHEx Implementation NwHIN Harmonization Ways to Participate 2

© 2012 The MITRE Corporation. All rights Reserved. What is ? An open source, exploratory project to apply proven web technologies to demonstrate a simple, secure, and standards-based health information exchange –Sponsored by the Federal Health Architecture (FHA) program –Called RESTful Health Exchange (RHEx) –Intended to inform a path forward on a RESTful health exchange A Fiscal Year 2012 project being demonstrated in 2 phases –Phase I: Security approach for a RESTful health information exchange (April-July 2012) –Phase II: Content approach for a RESTful health information exchange (July-September 2012) 3 Powering Secure, Web-Based Health Data Exchange wiki.siframework.org/RHEx

© 2012 The MITRE Corporation. All rights Reserved. The Project is Using… Existing standards Focusing on refining existing standards to fit into the Nationwide Health Information Network (NwHIN) portfolio Pulling standards from the health and web domains Aligns well with the Direct Project Pilots Working to reduce ambiguity or oversights in the standards being refined by the project Conformance testing Providing a test framework so an independent party can implement to RHEx profile for existing standards without using any project produced code 4

© 2012 The MITRE Corporation. All rights Reserved. Why pursue a RESTful health exchange? 5 Because REST is the dominant design paradigm used on the world wide web today and offers a proven and scalable approach To address an identified need –NwHIN Power Team recommended development of a specification for RESTful exchange of health data (28 Sept 2011) Power Team Comments ­REST is a style not a standard – not all RESTful implementations are the same ­REST can be secured with standards such as TLS and OAuth ­REST specification would assure implementations are predictable and secured RESTful approach could be another tool in NwHIN portfolio –ONC Notice for Proposed Rule Making (NPRM) mentions possible inclusion of additional transport standards such as applying REST in Meaningful Use certification criterion (March 2012) Etc.

© 2012 The MITRE Corporation. All rights Reserved. Philosophy 6 Use the world wide web as it is used today –The REST architectural style is used widely on the web today –Use proven, open standards for identity management as well as user and service authentication OpenID Connect for identifying and authenticating users OAuth for service to service authentication Apply constraints –Extend standards for the health IT domain –Where >1 implementation approach exists, select 1 Provide the framework for building services based on web technologies

© 2012 The MITRE Corporation. All rights Reserved. Philosophy (graphical depiction) 7 1. Build on the Web of today Additional Constraints OAuth OpenID Connect RESTful Architectural Style Health IT Pilot Use Case 2. Use open standards for identity and authentication 3. Apply constraints 5. Transparently share to allow innovation to occur 4. Pilot for risk mitigation

© 2012 The MITRE Corporation. All rights Reserved. Overview What is RHEx? Why pursue a RESTful exchange? Philosophy RHEx Implementation –Core Technical Principles –RHEx Pilot Use Case –RHEx Phases –RHEx Security and Privacy –RHEx Stack –RHEx Products NwHIN Harmonization Conclusion 8

© 2012 The MITRE Corporation. All rights Reserved. Core Technical Principles Internet Scale Access Management –Standards such as OAuth and OpenID have demonstrated strong, scalable security at low cost Granular and Addressable Data –Breaking healthcare information into small pieces accessible by a URL enables secure, efficient access Linking –When data is addressable, it can be linked on the web, allowing humans and software to browse the web of links to view clinical contexts Leverage HTTP –The protocol that drives the web offers a more robust, flexible and scalable solution 9

© 2012 The MITRE Corporation. All rights Reserved. Pilot Use Case: Consults/Referrals Validated need and selected prototype use case via discussions with selected federal partners –The Department of Veterans Affairs: Identified consults as possible use case –DoD Health Affairs: Confirmed value of use case and arranged for further technical discussions –Telemedicine & Advanced Technology Research Group (TATRC), U.S. Army Medical Research & Materiel Command (MRMC): Engaged in multiple discussions on consult/referral use case which led to pilot partnership Drafted use case based upon these collaborations and existing Military Health System (MHS) and Health IT Standards Profile (HITSP) artifacts –Aligning with Transitions of Care (ToC) user stories Partnering with TATRC on RHEx consult/referral pilot 10

© 2012 The MITRE Corporation. All rights Reserved. Simplified Consult/Referral Use Case 11 consult results PCP Consulting Physician consult request Allows Primary Care Physician (PCP) and Consulting Physician to access and retrieve current, relevant portions of each others records when they need them URL-1 = Consult Requests Details URL URL-2 = Consult Results Details URL URL-1 URL-2

© 2012 The MITRE Corporation. All rights Reserved. Phases Piloting RHEx approach in FY12 in two phases Phase 1: Security approach for a RESTful health information exchange (April – July 2012) –Focus on securing web interactions –Use web/mobile friendly methods of exchanging identity information and authorizing users via HTTPS –Seek community input on satisfactory and complete RESTful security Phase 2: Content approach for a RESTful health information exchange (July – September 2012) Expand pilot to show full benefit of a RESTful interaction and incorporate the content layer Seek community input on a structured approach to granular health data exchange 12

© 2012 The MITRE Corporation. All rights Reserved. RHEx Security & Privacy Safeguarding Access to Health Information Use same trust model as Direct but implemented with Web Technologies Communications secured with https Use proven, open standards –OpenID for distributed Identity management and user authentication –OAuth for service-to-service authentication Privacy is enforced at the provider location at the time the information is requested –Provides information needed for authorization determination E.g., Extends standard profile information to add clinical role for use in enforcing access control 13

© 2012 The MITRE Corporation. All rights Reserved. Stack 14 Content Security Transport Encryption in Transit Interface Layer Purpose Identity & Authentication Content Payload TLS/SSL HTTP Standards CCDA OpenIDOAuth HL7 V2 C32 HTMLDICOM …

© 2012 The MITRE Corporation. All rights Reserved. Products Testable, draft profiles for relevant, existing standards –OpenID Connect Profile Constraints to limit choices/optionality Extensions to convey healthcare specific identity information –OAuth 2 Profile Constraints to limit choices/optionality Extensions to enhance security –Content Profile Granular format for health data Reference Implementation –Open source code that can be used to implement a system that adheres to the RHEx standards profiles Independent test client –Open source software package that can validate conformance of a service to RHEx profile of existing specifications 15

© 2012 The MITRE Corporation. All rights Reserved. Overview What is RHEx? Why pursue a RESTful exchange? Philosophy RHEx Implementation NwHIN Harmonization –NwHIN – RHEx: A Complementary Approach –Exchanging data with RHEx and Direct –NwHIN Portfolio and RHEx Conclusion 16

© 2012 The MITRE Corporation. All rights Reserved. NwHIN & : A Complementary Approach A RHEx approach contributes NwHIN building blocks –Could help accelerate NwHIN participation Direct and a RHEx approaches can be used together –May use same user identity in both Direct and RHEx system –Direct messages may be used to securely send RHEx web links among trusted partners No need to pass all the data with the Avoids mail server limits on attachment size RHEx can be deployed along side Exchange / CONNECT supplementing service requests as needed 17

© 2012 The MITRE Corporation. All rights Reserved. Exchanging data with and Direct 1. Dr. Miller Sends Secure with Link to Patient Data Dr. Miller Direct HISP Direct HISP Web Endpoint Identity Provider Web Endpoint Identity Provider Health IT System HISP = Health Information Service Provider Dr. Lowell 3. Dr. Lowell Views Patient Data 2. Dr. Lowell Follows Link and Logs In with OpenID HP1- EHR Healthcare Provider #1 (HP1) HP1- EHR Web View Standard App Healthcare Provider #2 (HP2) Health IT System 18

Vocabulary & Code Sets NwHIN Building Blocks Content Structure Transport Security Services SNOMED-CT Consolidated CDA Care Summaries UDDI-Certificate & Service Discovery SOAP-Secure Web Services Certificate Authority X Digital Certificates SMTP-Direct Based Exchange DNS, LDAP- Certificate Discovery Provider Directories LOINC Quality Reporting ICD-10 Lab Results IG Lab Results Lab Results IG Lab Results RxNorm HL7 v Public Health Reporting 19 Diagram of NwHIN Portfolio 1.0 SAML INTEROPERABILITY STACK

© 2012 The MITRE Corporation. All rights Reserved. For Internal MITRE Use. 20 Vocabulary & Code Sets NwHIN Building Blocks Content Structure Transport Security Services SNOMED-CT Consolidated CDA Care Summaries UDDI-Certificate & Service Discovery SOAP-Secure Web Services Certificate Authority X Digital Certificates SMTP-Direct Based Exchange DNS, LDAP- Certificate Discovery Provider Directories LOINC Quality Reporting ICD-10 Lab Results IG Lab Results RxNorm 20 NwHIN Portfolio 1.0 and SAML INTEROPERABILITY STACK Consent\ Authorization HTTPS / REST OAuth & OpenID Building Blocks a RESTful Health Exchange would add Direct Exchange RHEx HL7 v Public Health Reporting

© 2012 The MITRE Corporation. All rights Reserved. For Internal MITRE Use. Conclusion 21 The RHEx project is investigating how proven web technologies may be used for simple, secure, and standards- based health information exchange –Will inform a path forward by identifying where: Strong community consensus exists Concerns or a lack of strong industry direction exists This FY12 project seeks community engagement: –Visit the RHEx wiki for more information: wiki.siframework.org/RHEx wiki.siframework.org/RHEx –Join the community discussion on Google GroupsGoogle Groups Also accessible through the wiki –Participate in bi-weekly WebEx meetings (see S&I calendar)calendar Thursdays, 11 am – 12 pm EDT (from June 28 – Sept 20) –Share your perspectives Please share use cases where a RESTful approach may apply Let us know if you would like additional information Powering Secure, Web-Based Health Data Exchange