SME Session 2: Scalable Security Solutions 

The FAST Security Tiger Team focused on proposed solutions to address barriers related to security for FHIR-based solutions at scale. 

The group of SMEs invited to participate in this session will be asked to evaluate the team's proposed solutions: UDAP Trusted Dynamic Client Registration, UDAP Tiered OAuth, UDAP JWT-Based Client Authentication, UDAP JWT-Based Authorization Assertions and provide their expert insight and opinion on these solutions.

The solutions aim to answer the following questions:

1. How do we know the service consumer has permission to ask or see?
2. What do scalable authentication and authorization models for FHIR based information exchange look like?
3. Will a scalable solution support millions of patients/payers/providers?
4. How do we leverage existing security guidelines and best practices?
5. How do we know the FHIR consumer has permission to ask or see?

These solutions are focused on determining how to manage permissions and security of millions of transaction between patients, payers and providers

Participants

*All SME participants with an asterisk by their name are invited, pending confirmation. 

Relevant Pre-meeting Reading Material 

• The FAST Technical Barriers to the Scalability of FHIR Based Solutions document
• The FAST Security Proposed solutions document:

SME Session Details

The nominated SME's will be asked to participate in two meetings in their area of expertise. 

Meeting #1 - SMEs Prep-session  (1 hour) (closed session, by invite only)

• Date/time:  May 22, 2020 / 3:00 - 4:00 pm EST
• Scope and goals: This session is intended to orient SMEs to the work of FAST, the barriers this team is addressing and the proposed solution the team has developed. The goal is to provide SMEs with the foundational knowledge required to conduct an evaluation of the proposed solution prior to the SME Session.
• Agenda
  • Introductions
  • Healthcare Industry 101
  • FAST 101
  • SME Role and Expectations
  • Barriers & Proposed Solution
  • Setting the Stage for SME Session
• Meeting materials

Meeting #2 -  SMEs Panel Discussion Session - An industry discussion around the FAST proposed solution for security  (3 hours) (closed session, by invite only)

• Date/time:  June 3, 2020 / 3:00 - 6:00 pm EST
• Scope and goals: The goal of this session is to elicit SMEs expert insight into proposed solution(s), specifically:
  • Feasibility and effectiveness
  • Potential gaps
  • Unintended consequences
  • Alternate approaches to consider
  • Industry path forward (standard, regulation or policy)
• Agenda
  • Welcome
  • Session Goals
  • Solution Review and Discussion
  • Implications of Solution
  • Industry Path Forward
  • Action Items
• Meeting materials

Learn More About FAST

FAST’s goal is to analyze and identify HL7® Fast Healthcare Interoperability Resources (FHIR®) scalability gaps and offer possible solutions that will address current barriers and will accelerate FHIR adoption at scale. 

To learn more, you can review the FAST 101 deck in Confluence or watch the FAST 101 webinar recording or read the 2019 End-of-Year Report for a snapshot of the progress made by FAST so far.

Other FAST resources that may be of interest

• The FAST Ecosystem Use Cases
• The preliminary considerations included in version one of the proposed solutions was shared for industry feedback during The FAST Security Technical Learning Community (TLC) HL7 Webinar Session

Next Steps immediately following SME Sessions

• FAST Report-Out to summarize session discussion, decisions, and next steps
• FAST Action Plan to define proposed solution path (standard, regulation and/or process)

Contact Us

If you have any further questions, comments or would like more information please contact the ONC FAST Leads: Stephen.Konya@hhs.gov and Diana.Ciricean@hhs.gov.