Related+Efforts

include component="page" wikiName="siframework" page="RHEx Header" flat =RHEx Drivers= The health information technology (IT) community has identified a need for a world wide web (WWW) based approach to health information exchange. Two of the key drivers for exploring how to apply the standards widely used on the WWW could be applied in the health domain are described in this section.

NwHIN Power Team
The Nationwide Health Information Network (NwHIN) Power Team was tasked to assist the ONC in “…evaluating the specifications developed for the Exchange and Direct pilots with respect to their usability and scalability to support nationwide health information exchange [and] recommending those specifications that could be integrated and deployed to support the secure transport and exchange of electronic health information at a national scale, and identifying where further work may be needed.[[|1]]”

In their recommendations to the Health Information Technology Standards Committee (HITSC), the NwHIN Power Team identified REST as a widely accepted complementary technology to several important health information exchange specifications, and stating:

"… Developing specification(s) for ‘secure RESTful transport for healthcare exchange’ would provide healthcare organizations assurance that RESTful implementations built in accordance with the specification(s) would be predicable and secured." [[|2]]" This recommendation provides the impetus for an exploration of RESTful standardization. While not answering the Power Team recommendations directly, the RESTful Health Exchange (RHEx) project is working closely with the Power Team to ensure that the outputs of the project inform a path forward for RESTful standardization.

Stage 2 Meaningful Use
In a recent Notice for Proposed Rule Making (NPRM) issued on March 7, 2012, ONC evaluated each of the 2011 certification criterion along with the recommendations from the HIT Standards Committee. In the context of existing accepted protocols of SOAP and SMTP, the NPRM states:

"While we would only permit EHR technology to be certified to these two transport standards [SOAP and SMTP], we intend to monitor innovation around transport and would consider including additional transport standards, such as a RESTful implementation, in this certification criterion. The inclusion of additional standards in this certification criterion would permit EHR technology to be certified to added transport standard(s) and could ultimately enable EPs, EHs, and CAHs to meet MU using EHR technology certified with the added transport standard(s)” [[|3]] For FY12, the RHEx project is not targeting Meaningful Use Stage 2. Rather, RHEx is laying the groundwork for a certified RESTful transport standard. =NwHIN Harmonization=  This section briefly describes the ONC NwHIN portfolio and how a RHEx approach could be aligned with the portfolio.

NwHIN Overview
The NwHIN is a set of standards, services, and policies that enable the secure exchange of health information over the Internet. The NwHIN is NOT a physical network, nor is it a large network that stores patient records. A commonly used depiction of the NwHIN is shown below.



NwHIN Portfolio
The NwHIN portfolio includes a series of components that are grouped into five categories and comprise a set of NwHIN building blocks.

The NwHIN Portfolio includes: The figure below is a diagram of the NwHIN portfolio [4].
 * [|The Direct Project]: A simple, secure, scalable, standards-based way for participants to send authenticated, encrypted health information directly to known, trusted recipients over the Internet.
 * [|NwHIN Exchange]: A confederation of trusted entities, bound by mission and governance to securely exchange health information.
 * [|CONNECT]: An open source gateway to the NwHIN that implements a specific set of SOAP Exchange services including service discovery, patient discovery, document query, and document exchange

NwHIN Portfolio and RHEx
RHEx offers the use of HTTPS in the transport layer and OpenID and OAuth in the security layer. The capabilities of RHEx complement the NwHIN portfolio as shown in the diagram below.



A RHEx approach aligns well with the current portfolio of Nationwide Health Information Network (NwHIN) capabilities.A RHEx approach can be used with Direct: A RHEx adapter could be developed to interface with an Exchange Gateway: = Related Strategies =
 * Direct messages may be used to securely send RHEx web links among trusted partners.
 * RHEx is like a RESTful sidecar on a Direct message motorcycle. Once delivered, the RESTful links may be used to securely access web content.
 * A RHEx approach can use the same user identity as Direct.
 * The adapter would translate RHEx requests/responses into Exchange requests/responses.
 * The detailed definition of this adapter is out of scope for the FY12 RHEx project.

Digital Government Strategy
The Digital Government Strategy: Building a 21st Century Digital Government is a presidential directive that calls for the Federal Government to develop ways to better incorporate mobile and web-based technologies to serve the public. This strategy offers an “information-centric” approach that, “moves us from managing ‘documents’ to managing discrete pieces of open data and contentwhich can be tagged, shared, secured, mashed up and presented in the way that is most useful for the consumer of that information.” [[|5]] The strategy further promotes providing open data through web APIs to, “architect for interoperability and openness.”

RHEx is informing a path forward on how the Federal Government can use web technologies and mobile friendly approaches to exchange health information. By leveraging Representational State Transfer (REST), RHEx delivers a scalable approach that fosters interoperability and openness. This approach uses existing data standards and provides a structured means by which the information can be discovered and accessed at various levels of granularity. RHEx secures this exchange using two web standards for authentication and authorization—OAuth 2.0 and OpenID Connect

National Strategy for Trusted Identities in Cyberspace (NSTIC)
The National Strategy for Trusted Identities in Cyberspace (NSTIC) is a White House initiative to work collaboratively with the private sector, advocacy groups, public sector agencies, and other organizations to improve the privacy, security, and convenience of sensitive online transactions. NSTIC establishes a trust framework ecosystem that allows for trust decisions to be made across large sets of systems. Integration with NSTIC becomes a favorable possibility in regards to working with patient-facing data and decisions. In that space, doctors could allow patients to bind NSTIC-compliant credentials to get to their own health records, all backed by the NSTIC trust framework ecosystem. RHEx could also be a platform to leverage the Trust Framework ideology into the healthcare world. =Related Projects and Profiles=

User Managed Access (UMA)
The User Managed Access (UMA) work group is chartered to “develop a set of draft specifications that enable an individual to control the authorization of data sharing and service access made between online services on the individual's behalf, and to facilitate the development of interoperable implementations of these specifications by others.” [|[6]] RHEx Project team members are active in the UMA Working Group, and have explicitly designed the RHEx architecture to accommodate UMA-style Authorization Manager decisions to be added at a future date.

RHEx will ensure it will not limit the possibility of using UMA in the future. Due to the project’s FY12 scope, RHEx will not explore informing consent. Since the beginning, RHEx’s architecture plan has included a separable connection to an Authorization Service. This is currently realized as a statically-configured connection, which was the simplest approach to serve as a placeholder for subsequent provisioning. Because of the considerable thought put into these architectural choices, UMA, or similar access management capabilities will be easy to incorporate at a later time, but are decoupled from current RHEx plans.

Federal Identity, Credential, Access Management Roadmap (FICAM)
The Federal Identity, Credential, Access Management Roadmap and Implementation Guide provides a common framework and implementation guidance needed to plan and execute Identity, Credential, and Access Management (ICAM) programs. FICAM provides a set of trusted profiles on identity mechanisms that work in the distributed environment of the internet. These profiles focus on end-user privacy, transaction security, and implementable technology.

In the future, RHEx could adopt the final FICAM profiles for some of its technological components to complement or augment its own profiles. RHEx’s OAuth2 and OpenID Connect profiles could also be used to seed the OAuth2 and OpenID Connect FICAM profiles. Regardless, these two profiles mutually benefit each other. RHEx and the FICAM Working Group have already begun to collaborate – a RHEx team member has been invited to brief the Working Group on RHEx’s OAuth 2.0 Profile. The discussion will focus on further developing federal standards for FICAM’s OAuth approach.

Integrating the Healthcare Enterprise (IHE) Information Technology Infrastructure (ITI) mHealth Profile
The mobile access to Health Documents (MHD) profile defines a simplified RESTful interface to an XDS-like environment. It defines transactions to a) submit a new document from the mobile device to a document receiver, b) get the metadata for an identified document, c) find document entries containing metadata based on query parameters, and d) retrieve a copy of a specific document [|[7]].

Phase I of the RHEx project addressed securing a RESTful health information exchange. The profiles developed in this phase (i.e., OAuth2 and OpenID Connect profiles) would complement the IHE ITI mHealth Profile. This could lead toward a more secure, RESTful interface for retrieving documents from mobile devices.

Automating Blue Button
Text for this section is also located in RHEx Data Content Standard Wiki Page.

Blue Button began as a text or pdf file designed by the Veterans Administration to allow veterans a simple, human readable summary of portions of their clinical record. Since its inception in 2011, the Blue Button concept has broadened with many private insurers and vendors developing Blue Button capabilities. The use of Blue Button files through a RESTful interface is now being explored by the S&I Automating Blue Button Initiative (ABBI). This effort will be drawing upon some of the materials within RHEx to achieve the ABBI goals. =Related Standards= The Data Content Standard Alignment Wiki Page describes how the RHEx approach applies to the following standards:
 * Clinical Document Architecture (CDA)
 * HITSP C32
 * Green CDA/C32
 * Consolidated CDA
 * HL7 2.x Messages
 * DICOM Images
 * Blue Button Documents

The Pilots Wiki Page describes how these standards have been implemented in the pilots RHEx is conducting with the Telemedicine & Advanced Technology Research Center (TATRC) and HealthInfoNet, the Maine Health Information Exchange (HIE).

[1]“HIT Standards Committee NwHIN Power Team Final Recommendations”, September 28, 2011: [page|http://healthit.hhs.gov/portal/server.pt/gateway/PTARGS_0_12811_955664_0_0_18/3-Baker_NwHIN-PT_HITSC_9_29_11.pdf page 3. Accessed May 16, 2012.] [2]Ibid., page 24. [3] “Health Information Technology: Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record Technology, 2014 Edition; Revisions to the Permanent Certification Program for Health Information Technology” NPRM, March 7, 2012: [] pages 17-18. Accessed May 16, 2012. [4]Office of the National Coordinator for Health Information Technology, “Diagram of NwHIN Portfolioand a Patient Scenario that demonstrates use of the NWHIN Portfolio”, DRAFT, Jan 2012 [5]“Digital Government: Building a 21st Century Platform to Better Serve the American People,” May 23, 2012: []. page 5 Accessed August 20, 2012. [6] Kantara Initiative User Access Managed Group Charter, July 16, 2009. []. Accessed August 22nd, 2012 [7] “IHE ITI mHealth Profile – Public Comment,” John Moehrke, June 5, 2012. []. Accessed August 22nd, 2012 include component="page" wikiName="siframework" page="space.template.inc_contentleft_end"