Reminder: Do not include any PHI or PII in Confluence. If you require 508 accessibility assistance, please send an email to onc-jira-questions@healthit.gov
SME Session 2: Scalable Security Solutions
The FAST Security Tiger Team focused on proposed solutions to address barriers related to security for FHIR-based solutions at scale.
The group of SMEs invited to participate in this session will be asked to evaluate the team's proposed solutions: UDAP Trusted Dynamic Client Registration, UDAP Tiered OAuth, UDAP JWT-Based Client Authentication, UDAP JWT-Based Authorization Assertions and provide their expert insight and opinion on these solutions.
The solutions aim to answer the following questions:
- How do we know the service consumer has permission to ask or see?
- What do scalable authentication and authorization models for FHIR based information exchange look like?
- Will a scalable solution support millions of patients/payers/providers?
- How do we leverage existing security guidelines and best practices?
- How do we know the FHIR consumer has permission to ask or see?
These solutions are focused on determining how to manage permissions and security of millions of transaction between patients, payers and providers
Participants
| Name | Organization | Participation Role |
|---|---|---|
| Patrick Murta | Humana | Meeting Facilitator, ONC FAST Chief Architect |
| Paul Oates | Cigna | Meeting Facilitator, ONC FAST Chief Architect |
| Stephen Konya | HHS | ONC | Meeting Facilitator, ONC FAST Lead |
| Brett Stringham | Optum | Meeting Facilitator, ONC FAST Tiger Team Lead |
| Luis Maas | EMR Direct | Meeting Facilitator, ONC FAST Tiger Team Lead |
| Rose-Marie Nsahlai | HHS | ONC | Meeting Facilitator, ONC FAST Tiger Team Lead |
| Kevin Stine* | National Institute of Standards and Technology | Subject Matter Expert |
| Matt Randall | Cerner | Subject Matter Expert |
| Joshua Mandel | Microsoft Healthcare | Subject Matter Expert |
| Jason Vogt | Commonwell | Subject Matter Expert |
| Catherine Schulten | AllClear ID | Subject Matter Expert |
| Avinash Shanbhag | HHS | ONC | Subject Matter Expert |
| Mark Scrimshire | NewWave | Subject Matter Expert |
| Calvin E Beebe | Mayo Clinic | Subject Matter Expert |
| Aman Raheja | Humana | Subject Matter Expert |
| Mike Donnelly | Epic | Subject Matter Expert |
| Aaron Lewter* | Availity | Subject Matter Expert |
| Scott Stuewe | DirectTrust | Subject Matter Expert |
*All SME participants with an asterisk by their name are invited, pending confirmation.
FAST_SME_Session_Security_Session_2_FINAL.pptx
Relevant Pre-meeting Reading Material
- The FAST Technical Barriers to the Scalability of FHIR Based Solutions document
- The FAST Security Proposed solutions document:
SME Session Details
The nominated SME's will be asked to participate in two meetings in their area of expertise.
Meeting #1 - SMEs Prep-session (1 hour) (closed session, by invite only)
- Date/time: May 22, 2020 / 3:00 - 4:00 pm EST
- Scope and goals: This session is intended to orient SMEs to the work of FAST, the barriers this team is addressing and the proposed solution the team has developed. The goal is to provide SMEs with the foundational knowledge required to conduct an evaluation of the proposed solution prior to the SME Session.
- Agenda
- Introductions
- Healthcare Industry 101
- FAST 101
- SME Role and Expectations
- Barriers & Proposed Solution
- Setting the Stage for SME Session
- Meeting materials
Meeting #2 - SMEs Panel Discussion Session - An industry discussion around the FAST proposed solution for security (3 hours) (closed session, by invite only)
- Date/time: June 3, 2020 / 3:00 - 6:00 pm EST
- Scope and goals: The goal of this session is to elicit SMEs expert insight into proposed solution(s), specifically:
- Feasibility and effectiveness
- Potential gaps
- Unintended consequences
- Alternate approaches to consider
- Industry path forward (standard, regulation or policy)
- Agenda
- Welcome
- Session Goals
- Solution Review and Discussion
- Implications of Solution
- Industry Path Forward
- Action Items
- Meeting materials
Learn More About FAST
FAST’s goal is to analyze and identify HL7® Fast Healthcare Interoperability Resources (FHIR®) scalability gaps and offer possible solutions that will address current barriers and will accelerate FHIR adoption at scale.
To learn more, you can review the FAST 101 deck in Confluence or watch the FAST 101 webinar recording or read the 2019 End-of-Year Report for a snapshot of the progress made by FAST so far.
Other FAST resources that may be of interest
- The FAST Ecosystem Use Cases
- The preliminary considerations included in version one of the proposed solutions was shared for industry feedback during The FAST Security Technical Learning Community (TLC) HL7 Webinar Session
Next Steps immediately following SME Sessions
- FAST Report-Out to summarize session discussion, decisions, and next steps
- FAST Action Plan to define proposed solution path (standard, regulation and/or process)
Contact Us
If you have any further questions, comments or would like more information please contact the ONC FAST Leads: Stephen.Konya@hhs.gov and Diana.Ciricean@hhs.gov.