Reminder: Do not include any PHI or PII in Confluence. If you require 508 accessibility assistance, please send an email to onc-jira-questions@healthit.gov

Every Saturday the ONC Issue Tracking System, including Confluence, will be unavailable for weekly maintenance between 10pm EST and the following morning at 3am EST. Please contact onc-jira-questions@healthit.gov with any questions.
Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

SME Session 2: Scalable Security Solutions 



The FAST Security Tiger Team focused on proposed solutions to address barriers related to security for FHIR-based solutions at scale. 

The group of SMEs invited to participate in this session will be asked to evaluate the team's proposed solutions: UDAP Trusted Dynamic Client Registration, UDAP Tiered OAuth, UDAP JWT-Based Client Authentication, UDAP JWT-Based Authorization Assertions and provide their expert insight and opinion on these solutions.

The solutions aim to answer the following questions:

  1. How do we know the service consumer has permission to ask or see?
  2. What do scalable authentication and authorization models for FHIR based information exchange look like?
  3. Will a scalable solution support millions of patients/payers/providers?
  4. How do we leverage existing security guidelines and best practices?
  5. How do we know the FHIR consumer has permission to ask or see?

These solutions are focused on determining how to manage permissions and security of millions of transaction between patients, payers and providers

Participants

NameOrganization Participation Role 
Patrick MurtaHumanaMeeting Facilitator, ONC FAST Chief Architect 
Paul OatesCignaMeeting Facilitator, ONC FAST Chief Architect 
Stephen Konya HHS | ONC Meeting Facilitator, ONC FAST Lead 
Brett StringhamOptumMeeting Facilitator, ONC FAST  Tiger Team Lead
Luis MaasEMR DirectMeeting Facilitator, ONC FAST  Tiger Team Lead
Rose-Marie NsahlaiHHS | ONCMeeting Facilitator, ONC FAST  Tiger Team Lead
Kevin Stine*National Institute of Standards and Technology Subject Matter Expert 
Matt RandallCerner Subject Matter Expert
Joshua MandelMicrosoft HealthcareSubject Matter Expert
Jason VogtCommonwellSubject Matter Expert
Catherine SchultenAllClear IDSubject Matter Expert
Avinash ShanbhagHHS | ONCSubject Matter Expert
Mark ScrimshireNewWaveSubject Matter Expert
 Calvin E BeebeMayo Clinic Subject Matter Expert
 Aman RahejaHumanaSubject Matter Expert
Mike DonnellyEpicSubject Matter Expert
Aaron Lewter*Availity Subject Matter Expert
Scott Stuewe DirectTrustSubject Matter Expert

*All SME participants with an asterisk by their name are invited, pending confirmation. 


FAST_SME_Session_Security_Session_2_FINAL.pptx

Relevant Pre-meeting Reading Material 

SME Session Details

The nominated SME's will be asked to participate in two meetings in their area of expertise. 

Meeting #1 - SMEs Prep-session  (1 hour) (closed session, by invite only)

  • Date/time:  May 22, 2020 / 3:00 - 4:00 pm EST
  • Scope and goals: This session is intended to orient SMEs to the work of FAST, the barriers this team is addressing and the proposed solution the team has developed. The goal is to provide SMEs with the foundational knowledge required to conduct an evaluation of the proposed solution prior to the SME Session.
  • Agenda
    • Introductions
    • Healthcare Industry 101
    • FAST 101
    • SME Role and Expectations
    • Barriers & Proposed Solution
    • Setting the Stage for SME Session
  • Meeting materials

Meeting #2 -  SMEs Panel Discussion Session - An industry discussion around the FAST proposed solution for security  (3 hours) (closed session, by invite only)

  • Date/time:  June 3, 2020 / 3:00 - 6:00 pm EST
  • Scope and goals: The goal of this session is to elicit SMEs expert insight into proposed solution(s), specifically:
    • Feasibility and effectiveness
    • Potential gaps
    • Unintended consequences
    • Alternate approaches to consider
    • Industry path forward (standard, regulation or policy)
  • Agenda
    • Welcome
    • Session Goals
    • Solution Review and Discussion
    • Implications of Solution
    • Industry Path Forward
    • Action Items
  • Meeting materials

Learn More About FAST

FAST’s goal is to analyze and identify HL7® Fast Healthcare Interoperability Resources (FHIR®) scalability gaps and offer possible solutions that will address current barriers and will accelerate FHIR adoption at scale. 

To learn more, you can review the FAST 101 deck in Confluence or watch the FAST 101 webinar recording or read the 2019 End-of-Year Report for a snapshot of the progress made by FAST so far.

Other FAST resources that may be of interest

Next Steps immediately following SME Sessions

    • FAST Report-Out to summarize session discussion, decisions, and next steps
    • FAST Action Plan to define proposed solution path (standard, regulation and/or process)

Contact Us

If you have any further questions, comments or would like more information please contact the ONC FAST Leads: Stephen.Konya@hhs.gov and Diana.Ciricean@hhs.gov.