Understanding Warts and Moles: Differences, Types, and Common Locations
ONC2019 #interopforum Blue Button 2.0 lessons-learned
1. Tackling the barriers to Consumer-Mediated
Interoperability
Lessons learned in building the
Blue Button 2.0 API and positioning it to expand
across healthcare
2. CMS Blue Button Innovator
& Developer Evangelist
HL7 FHIR Da Vinci
Implementation Guide
Author
NewWave
Entrepreneur In Residence
Mark Scrimshire
#BlueButton
3. CMS Blue Button 2.0 - A Guiding Vision
“To build a developer-friendly,
standards-based data API that
enables beneficiaries to connect
their data to the applications,
services, and research programs
they trust “
#BlueButton
4. • Build from established Profiles (US Core)
• Share New Profiles across IG Projects
• Use Established Communication Frameworks
– SMART-on-FHIR
– CDS-Hooks
– Blue Button 2.0 Member-Authorized Exchange
Interoperability Objectives
Transport PayloadAvoid Duplication of Effort
5. • Explosion of Developer Portals
• Developer/App Registration
Access Approval Challenges
• App Discoverability
• Bad Actor Discoverability
Current Registration Doesn’t Scale
3rdPartyApp
DataHolder
FHIRAPI
6. • Education
• Documentation
• Support
• Environment Information
• Application Credentials
Why Do You Need a Developer Portal?
To Provide:
7. • Verifiable Key and Secret Issuing Process
• A published list of authorized apps
What does Blue Button 2.0 Need
Submission Review
Approve /
Validate
Issue Activate
8. Components of a Blue Button 2.0 Solution
Member
Identity
Manager
3rd Party
Apps
Registered
with
Credentials
OAuth2.0
Authorization
Server
FHIR Server
OpenID
Connect
FHIR REST
API
Developer
Portal
“App
Store”
9. HIPAA Privacy Rule
…gives patients the right to direct a
covered entity to transmit a copy of their
medical records to the third party the
patient chooses.
…allows covered entities to offer patients
electronic means to request access to
their medical records.
…establishes appropriate safeguards that
covered entities must achieve to protect
the privacy of health information.
#BlueButton
13. A Thousand App Stores
Does Not Solve
App Discoverability
14. What does a Plan need to support Blue Button 2.0?
Member
Identity
Manager
3rd Party
Apps
Registered
with
Credentials
OAuth2.0
Authorization
Server
FHIR Server
OpenID
Connect
FHIR REST
API
Independent
Verifying
Organization POET/UDAP
Enhanced
DCRP
“App
Store”