Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and EHR for FREE!

OpenUMA: New Privacy Tools for Health Care Data

Posted on August 10, 2015 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://radar.oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The health care field, becoming more computer-savvy, is starting to take advantage of conveniences and flexibilities that were developed over the past decade for the Web and mobile platforms. A couple weeks ago, a new open source project was announced to increase options for offering data over the Internet with proper controls–options with particular relevance for patient control over health data.

The User-Managed Access (UMA) standard supports privacy through a combination of encryption and network protocols that have a thirty-year history. UMA reached a stable release, 1.0 in April of this year. A number of implementations are being developed, some of them open source.

Before I try to navigate the complexities of privacy protocols and standards, let’s look at a few use cases (currently still hypothetical) for UMA:

  • A parent wants to show the child’s school records from the doctor’s office just long enough for the school nurse to verify that the child has received the necessary vaccinations.

  • A traveler taking a temporary job in a foreign city wants to grant a local clinic access to the health records stored by her primary care physician for the six months during which the job lasts.

The open source implementation I’ll highlight in this article is OpenUMA from a company named ForgeRock. ForgeRock specializes in identity management online and creates a number of open source projects that can be found on their web page. They are also a leading participant in the non-profit Kantara Initiative, where they helped develop UMA as part of the UMA Developer Resources Work Group.

The advantage of open source libraries and tools for UMA is that the standard involves many different pieces of software run by different parts of the system: anyone with data to share, and anyone who wants access to it. The technology is not aimed at any one field, but health IT experts are among its greatest enthusiasts.

The fundamental technology behind UMA is OAuth, a well-tested means of authorizing people on web sites. When you want to leave a comment on a news article and see a button that says, “Log in using Facebook” or some other popular site, OAuth is in use.

OAuth is an enabling technology, by which I mean that it opens up huge possibilities for more complex and feature-rich tools to be built on top. It provides hooks for such tools through its notion of profiles–new standards that anyone can create to work with it. UMA is one such profile.

What UMA contributes over and above OAuth was described to me by Eve Maler, a leading member of the UMA working group who wrote their work up in the specification I cited earlier, and who currently works for ForgeRock. OAuth lets you manage different services for yourself. When you run an app that posts to Twitter on your behalf, or log in to a new site through your Facebook account, OAuth lets your account on one service do something for your account on another service.

UMA, in contrast, lets you grant access to other people. It’s not your account at a doctor’s office that is accessing data, but the doctor himself.

UMA can take on some nitty-gritty real-life situations that are hard to handle with OAuth alone. OAuth provides a single yes/no decision: is a person authorized or not? It’s UMA that can handle the wide variety of conditions that affect whether you want information released. These vary from field to field, but the conditions of time and credentials mentioned earlier are important examples in health care. I covered one project using UMA in an earlier article.

With OAuth, you can grant access to an account and then revoke it later (with some technical dexterity). But UMA allows you to build a time limit into the original access. Of course, the recipient does not lose the data to which you granted access, but when the time expires he cannot return to get new data.

UMA also allows you to define resource sets to segment data. You could put vaccinations in a resource set that you share with others, withholding other kinds of data.

OpenUMA contains two crucial elements of a UMA implementation:

The authorization server

This server accepts a list of restrictions from the site holding the data and the credentials submitted by the person requesting access to the data. The server is a very generic function: any UMA request can use any authorization server, and the server can run anywhere. Theoretically, you could run your own. But it would be more practical for a site that hosts data–Microsoft HealthVault, for instance, or some general cloud provider–to run an authorization server. In any case, the site publicizes a URL where it can be contacted by people with data or people requesting data.

The resource server

These submit requests to the authorization server from applications and servers that hold people’s data. The resource server handles the complex interactions with the authorization server so that application developers can focus on their core business.

Instead of the OpenUMA resource server, apps can link in libraries that provide the same functions. These libraries are being developed by the Kantara Initiative.

So before we can safely share and withhold data, what’s missing?

The UMA standard doesn’t offer any way to specify a condition, such as “Release my data only this week.” This gap is filled by policy languages, which standards groups will have to develop and code up in a compatible manner. A few exist already.

Maler points out that developers could also benefit from tools for editing and testing code, along with other supporting software that projects build up over time. The UMA resource working group is still at the beginning of their efforts, but we can look forward to a time when fine-grained patient control over access to data becomes as simple as using any of the other RESTful APIs that have filled the programmer’s toolbox.

Hoarding and Sharing Data in Health Care — #HITsm Chat Highlights

Posted on April 27, 2013 I Written By

Katie Clark is originally from Colorado and currently lives in Utah with her husband and son. She writes primarily for Smart Phone Health Care, but contributes to several Health Care Scene blogs, including EMR Thoughts, EMR and EHR, and EMR and HIPAA. She enjoys learning about Health IT and mHealth, and finding ways to improve her own health along the way.

Topic One: Looking in the rearview mirror, what has been the history and rationale for “hoarding” data in health care?

Topic Two: “Open” has varying meanings. What elements/aspects do you think are the most important for healthcare?


Topic Three: How can social media contribute to the transformation from hoarding to sharing? How should patients fit?

Topic Four: What providers/companies use open/collaborative technologies, pt care workflow, strategies, biz models, etc. Who are the stars?

Topic Five: What lessons can #healthcare learn about openness from other industries? What’s most likely to work in healthcare?

Opportunities For mHealth In The Future: #HITsm Chat Highlights

Posted on January 19, 2013 I Written By

Katie Clark is originally from Colorado and currently lives in Utah with her husband and son. She writes primarily for Smart Phone Health Care, but contributes to several Health Care Scene blogs, including EMR Thoughts, EMR and EHR, and EMR and HIPAA. She enjoys learning about Health IT and mHealth, and finding ways to improve her own health along the way.

Topic One: Where areas hold the biggest opportunities for #mHealth apps? Consumer health? Apps for providers? Apps for insurers?

Topic Two: How can we deliver #mHealth apps with the quality healthcare consumers expect? Is it best to focus on non-regulated areas?

Topic Three: When do you see #mHealth really hitting the mainstream? What needs to happen/change first?

Topic Four: Other than #eHealth accelerators, how can we bolster innovation in the #mHealth space?

ACA Implications, Hurricane Sandy, and Interoperability — #HITsm Chat Highlights

Posted on November 10, 2012 I Written By

Katie Clark is originally from Colorado and currently lives in Utah with her husband and son. She writes primarily for Smart Phone Health Care, but contributes to several Health Care Scene blogs, including EMR Thoughts, EMR and EHR, and EMR and HIPAA. She enjoys learning about Health IT and mHealth, and finding ways to improve her own health along the way.

Topic One: Obama’s re-election secures the future of the #ACA, but what changes/concessions are we likely to see during its rollout?

Topic Two: What #healthIT strengths and weaknesses did Hurricane Sandy expose?

Topic Three: What business continuity/disaster recovery strides do health providers still need to make?

 

Topic Four: A national #HIE would have come in handy during #Sandy, so why does the industry still fail to embrace interoperability?

 

 

Meaningful Use and Big Data, Payment Reform, and Evidence-Generated Medicine – #HITsm Highlights

Posted on October 27, 2012 I Written By

Katie Clark is originally from Colorado and currently lives in Utah with her husband and son. She writes primarily for Smart Phone Health Care, but contributes to several Health Care Scene blogs, including EMR Thoughts, EMR and EHR, and EMR and HIPAA. She enjoys learning about Health IT and mHealth, and finding ways to improve her own health along the way.

Topic One: Is Meaningful Use enabling big data in health care? Why or Why Not? #bigdata

Topic Two: Will payment reform make data sharing a strategic imperative? Why or Why Not?

T3: What are the most underutilized sources of data in health care? #bigdata

Topic Four: What data might be used for evidence-generated medicine?

EHR Incentives, Smart Bed Technology, and Remotoscope — #HITsm Chat Highlights

Posted on October 13, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This weeks #HITsm chat was hosted by John, which was exciting to observe. If you’ve been keeping up with the different sites from Health Care Scene, some of these topics might seem similar. Be sure to tune in every Friday at noon EST, and join the conversation with #HITsm.

Topic One: A few in congress called for a halt on EHR incentives. Is this politics or something more? Are their observations founded? 

Topic Two: Allscripts is the 2nd EHR vendor to discontinue their small practice EHR (MyWay), is this a trend and what’s the impact of it? 

 Topic Three: Is the hospital bed the ultimate medical device monitor? What other med device monitors do you see on the horizon? 

Topic Four: What do you think of the remotoscope which allows you to diagnose ear infections at home using your iPhone? 

Upcoding, Presidential Debates, and MU Incentives– #HITsm Chat Highlights

Posted on September 29, 2012 I Written By

Katie Clark is originally from Colorado and currently lives in Utah with her husband and son. She writes primarily for Smart Phone Health Care, but contributes to several Health Care Scene blogs, including EMR Thoughts, EMR and EHR, and EMR and HIPAA. She enjoys learning about Health IT and mHealth, and finding ways to improve her own health along the way.

Every week, HL7 Standards, hosts a #HITsm Tweet Chat and poses four questions “on current topics that are influencing healthcare technology, health IT, and the use of social media in healthcare.” It’s always a great discussion and also a great chance to meet a wide variety of people that are passionate about healthcare IT.

In case you missed it, or are curious about what went on this week, we’ve put together the list of topics with some of the best responses for each topic. There were some interesting topics this week, as well as some great responses. If you have any opinions on any of these topics, feel free to continue the discussion in the comments. This chats take place every Friday at 11AM CST. You’ll find members of Healthcare Scene regularly participating in the chat under some of the following Twitter accounts: @techguy@ehrandhit@hospitalEHR, and @smyrnagirl.

Topic One: Big debate now about EHRs sparking upcoding if not fraud. What’s your take? Will inverse be true with digitized health system?

 

 

 

Topics Two: 59% of IT execs say staff shortages harm earning of MU incentives. What is long-term impact if feds HIT education lag demand?

 

 

 

 

Topic Three: What would you ask Obama or Romney about HealthIT, reform law, or healthcare in general during the Oct. 3 debate? 

 

 

 

 

Topic Four: Health IT projects: Which ones are you postponing until after the election? 

 

Health IT Galore Wrapping Up #NHITWeek — #HITsm Chat Highlights

Posted on September 15, 2012 I Written By

Katie Clark is originally from Colorado and currently lives in Utah with her husband and son. She writes primarily for Smart Phone Health Care, but contributes to several Health Care Scene blogs, including EMR Thoughts, EMR and EHR, and EMR and HIPAA. She enjoys learning about Health IT and mHealth, and finding ways to improve her own health along the way.

Every week, HL7 Standards, hosts a #HITsm Tweet Chat and poses four questions “on current topics that are influencing healthcare technology, health IT, and the use of social media in healthcare.” It’s always a great discussion and also a great chance to meet a wide variety of people that are passionate about healthcare IT.

In case you missed it, or are curious about what went on this week, we’ve put together the list of topics with some of the best responses for each topic. There were some interesting topics this week, as well as some great responses. If you have any opinions on any of these topics, feel free to continue the discussion in the comments. This chats take place every Friday at 11AM CST. You’ll find members of Healthcare Scene regularly participating in the chat under some of the following Twitter accounts: @techguy@ehrandhit@hospitalEHR, and @smyrnagirl.

Topic One: Fill in the blank: Health IT is _____. 

 

 

 

 

 

Topic Two: What is the most important message consumers need to know about health IT?

 

 

 

 

Topic Three: Who is the most important driver of educating patients about the use of technology in healthcare?

 

 

 

 

Topic Four: What can be done to improve National Health IT Week for both professionals and the general public? 

 

 

Meaningful Use Stage 2, Reduced Patient Engagement, #HITsm Role in Creating Communities – #HITsm Chat Highlights

Posted on September 1, 2012 I Written By

Katie Clark is originally from Colorado and currently lives in Utah with her husband and son. She writes primarily for Smart Phone Health Care, but contributes to several Health Care Scene blogs, including EMR Thoughts, EMR and EHR, and EMR and HIPAA. She enjoys learning about Health IT and mHealth, and finding ways to improve her own health along the way.

Every week, HL7 Standards, hosts a #HITsm Tweet Chat and poses four questions “on current topics that are influencing healthcare technology, health IT, and the use of social media in healthcare.” It’s always a great discussion and also a great chance to meet a wide variety of people that are passionate about healthcare IT.

In case you missed it, or are curious about what went on this week, we’ve put together the list of topics with some of the best responses for each topic. There were some interesting topics this week, as well as some great responses. If you have any opinions on any of these topics, feel free to continue the discussion in the comments. This chats take place every Friday at 11AM CST. You’ll find members of Healthcare Scene regularly participating in the chat under some of the following Twitter accounts: @techguy@ehrandhit@hospitalEHR, and @smyrnagirl.

Topic One: What are your general thoughts on the final rules for Meaningful Use Stage 2? Positives? Negatives? 

 

 

 

Topic Two: Is the 5% reduced patient engagement threshold more a reflection of what is achievable or a cave to outside pressure?

 

 

 

Topic Three: What has prevented widespread adoption of coordinated care? Are the barriers technology, process, or people? 

 

 

 

Topic Four: What role does #HITsm play in creating communities to create skills that improve health before illness occurs? a la, #Salutogenesis

 

Price Transparency, ROI of Health IT, Technology Training, and Social Media Acceptance – #HITsm Chat Highlights

Posted on August 18, 2012 I Written By

Katie Clark is originally from Colorado and currently lives in Utah with her husband and son. She writes primarily for Smart Phone Health Care, but contributes to several Health Care Scene blogs, including EMR Thoughts, EMR and EHR, and EMR and HIPAA. She enjoys learning about Health IT and mHealth, and finding ways to improve her own health along the way.

Every week, HL7 Standards, hosts a #HITsm Tweet Chat and poses four questions “on current topics that are influencing healthcare technology, health IT, and the use of social media in healthcare.” It’s always a great discussion and also a great chance to meet a wide variety of people that are passionate about healthcare IT.

In case you missed it, or are curious about what went on this week, we’ve put together the list of topics with some of the best responses for each topic. There were some interesting topics this week, as well as some great responses. If you have any opinions on any of these topics, feel free to continue the discussion in the comments. This chats take place every Friday at 11AM CST. You’ll find members of Healthcare Scene regularly participating in the chat under some of the following Twitter accounts: @techguy@ehrandhit@hospitalEHR, and @smyrnagirl.

Topic One: Considering costs with mobile technology: How can mobile technology apps and crowdsourcing approaches be used to enable price transparency?

 

 

 

 

Topic Two: ROI of health IT: How will moving away from a fee-for-service model in healthcare affect the substantial price tag of health IT?

 

 

 

Topic Three: How can technology be used to train future caregivers to consider costs before ordering tests and treatments?

 

 

 

 

Topic Four: Can social media acceptance and use among younger caregivers lead to lower patient costs?

 

Grab Bag of Tweets: