Introduction to IHE

I was asked for recommendation for a set of resources that would give a good introduction to IHE: One always wishes they could create new material, but realistically there exists plenty of resources already published that can be leveraged: Is it general intro to what is IHE? IHE-USA intro – YouTube – https://www.youtube.com/watch?v=BaN1DuVY3go General overview

[ Read More ]

HL7 Tutorial – FHIR Privacy and Security

I am giving a tutorial at the HL7 workgroup meeting in Atlanta. There are still openings, so please look to register for my class. My tutorial is Thursday morning, covering two quarters, about 3 hours.  My tutorial is “FHIR Security and Privacy (TH15)” Not Hacking Unfortunately I did not provide a description for my tutorial, so

[ Read More ]

The Patient Innovator Track at DevDays – Privacy

I assume anyone reading my blog has already seen this announcement on FireLy, Grahame, HL7, Hay on FHIR, etc. Go read those for the specific details, no good reason for me to duplicate them. What I will do is focus on the opportunity for Patient to drive for Innovations in Privacy. Most of the other

[ Read More ]

Tipping point in Health Interoperability Maturity

In the past two weeks I have been in large audience discussions where there is a very different kind of topic being discussed around Health Information Technology. The topic is about a vision of how things could/should be at the point of care because of successful interoperability. It is not explicitly said that way. These

[ Read More ]

FHIR Scaling to a Nation

Most discussions about FHIR are simple interaction diagrams like this: Many Sources (n != 1) The Real story needs to consider that the “Source” above is a single box representing 10,000 potential source systems that hold data about the patient: (map is a static view of CareQuality network) More important is that the above map

[ Read More ]

Treatment based interop is best using Documents

I want to drive discussion on this, so will take a position that many may disagree with. This position is that for Treatment and Payment the best format for clinical data is Document based. The consumption side is a different topic, and today a big frustrating point. Although publication should be Document based, these documents

[ Read More ]

IHE Profiles on FHIR R4 now have conformance resources available

This week the ITI and PCC face-to-face meeting approved new/updated FHIR conformance resources (ImplementationGuide, StructureDefintion, CapabilityStatement, ValueSet, CodeSystem, and OperationDefinition) for publication. These have been aligned with FHIR R4. * PIXm — supplement soon to be released to Public Comment* NPFS — supplement soon to be released to Public Comment* (mACM) — supplement soon to

[ Read More ]

ACME is not appropriate for Heathcare use

There is a new standard from IETF –  ACME — https://datatracker.ietf.org/doc/rfc8555/ Abstract Public Key Infrastructure using X.509 (PKIX) certificates are used for a number of purposes, the most significant of which is the authentication of domain names. Thus, certification authorities (CAs) in the Web PKI are trusted to verify that an applicant for a certificate legitimately

[ Read More ]

XDS sha-1 is still okay

I get the following question about every other month. Here is the version I just responded to: In this project I encountered a requirement to use SHA-256. Apparently this was in reaction to the SHA-1 collision vulnerability (https://shattered.io/) from late 2017. IHE XDS requires the hash to be SHA-1. Have you heard of any requests

[ Read More ]

Patient Engagement – Access Log

The HIPAA Accounting of Disclosures is obsolete and dangerous. Patients are expected to become more engaged with their healthcare and do this using applications. Applications are sometimes software that runs on the Patient’s phone, but sometimes software running at a third party cloud. Patients should not be expected to have done a software code review

[ Read More ]