Slides from my presentation at HxRefactored 2015 in Boston. This is an overview of the work I am doing as HHS Entrepreneur-in-Residence to Improve Beneficiaries' access to their health information at CMS (MyMedicare.gov). How we plan to use the HL7 FHIR protocol to build a data service that enables beneficiaries to connect their CMS health information to the applications and services that they trust.
1. @ekivemark
BlueButton on FHIR
BlueButton Data-as-a-Service is a prototype design that will add functionality
to the current MyMedicare.gov BlueButton Service.
Mark Scrimshire (HHS Entrepreneur-in-Residence)
Gajen Sunthara (Presidential Innovation Fellow)
Centers for Medicare and Medicaid Services
Office of Enterprise Data Analytics (OEDA)
April, 2015
OEDA
1
2. @ekivemark
Disclaimer
The views expressed in this presentation are my
own personal views and should not be construed
as an official position of the US Department of
Health and Human Services or the Centers for
Medicare and Medicaid Services.
2
4. @ekivemark
Improving beneficiaries’ access to their data
• BlueButton has enabled 1M+ Medicare Beneficiaries to
download their health data.
• BlueButton on FHIR aims to create a robust data API service
enabling Beneficiaries to connect their health data with the
applications and services they trust.
For beneficiaries this means:
• More easily using their health data for better health
For CMS this means:
• Directly supporting the Presidential Precision Medicine Initiative:
… that ensures consumers have access to their own health data – and to the applications
and services that can safely and accurately analyze it …
4
6. @ekivemark
“THERE IS NO SUBSTITUTE
FOR HARD WORK” … Until someone builds an App for that.
6
- Thomas Edison
Putting our health data to use is still too hard
8. @ekivemark
Our Health data
should be
a valuable tool
we put to good use
http://commons.wikimedia.org/wiki/File:Toolbox_(6788494881).jpg
8
9. @ekivemark
OAuth-enabled data APIs
brings operational
and security benefits
• More robust
web applications
(Screen
Scraping
anti-‐pattern)
• Visibility to real
utilization metrics
(Who
is
using
the
data)
• Avoiding users sharing
passwords
(the
password
anti-‐pattern)
10. @ekivemark
Which style of API?
Direct-based Push
• Beneficiary Direct-Email
Address and Preference
Management
• Backend Data Update
Triggers
• SMTP+S/MIME email
platform
• Identify Direct-compliant
HISP
• Implement Accredited Trust
Bundles from DirectTrust/
NATE
FHIR-‐based
Pull
• Registered Application
Directory
• API and Developer
Access Managed via
api.data.gov
• Use Existing
Beneficiary
Authentication
• Web Services triggered
on NGD updates
• Build Beneficiary
Application Access
Management
10
11. @ekivemark
<XML>BlueButton
CCDA</XML>
FHIR. “Resources” are:
• Granular clinical concepts
• Managed in isolation, or
aggregated into complex
documents
• Designed for the web
• Based on simple XML or JSON
structures
• HTTP-based RESTful protocol
with predictable URLs
• Using open internet standards
for data representation
• Uses OAuth for authorization
BLUEBUTTON
ON FHIR
11
OAuth 2.0:
• Defeats the password
anti-pattern
• Creates a consistent,
flexible identity and policy
architecture
• Suited to web
applications, web
services, devices and
desktop clients
communicating with
Cloud APIs.
BBonFHIR:
One
PlaXorm
–
Two
Services
{“json”:”format”}
<xml>format</xml>
12. @ekivemark
On the Internet “Simple” Wins
• FHIR
– Fast Healthcare Interoperability Resources
– Project Argonaut
• Open source
• 25 Industry Heavyweights
• Public/Private partnerships
• REST API
– Lightweight architecture for web services
• Eg.
https://bb.cms.gov/api/1.0/beneficiary/…..
– Read and write options (GET / POST)
• OAuth
– Improving security through traceability
– A popular Authorization
protocol
– Familiar to users of top web sites
– Provides layers of Authorization control
• BlueButton Structured Data Formats
– JSON
– XML
12
13. @ekivemark
Clarifying the Scope of BlueButton on FHIR
• No new data is being released
• Beneficiaries will still be in control of who they release their
BlueButton data to and can revoke access at any time
• Currently released BlueButton data will be reformatted to make it
easier for applications to ingest and process
• BBonFHIR will simplify the process of enabling beneficiaries to
connect their data to the applications and services they trust
• BBonFHIR and OAuth will provide a framework for fine grained
control over who is accessing Beneficiary information
13