Post on 02-Jan-2016
Automate Blue Button Initiative Pull Workgroup Meeting
November 20, 2012
Meeting Etiquette
• Remember: If you are not speaking, please keep your phone on mute
• Do not put your phone on hold. If you need to take a call, hang up and dial in again when finished with your other call o Hold = Elevator Music = frustrated speakers and participants
• This meeting is being recordedo Another reason to keep your phone on mute when not
speaking• Use the “Chat” feature for questions, comments and items you
would like the moderator or other participants to know.o Send comments to All Panelists so they can be addressed
publically in the chat, or discussed in the meeting (as appropriate). From S&I Framework to Participants:
Hi everyone: remember to keep your phone on mute
All Panelists
2
Announcements and Reminders
3
• Meeting Reminders– Pull Workgroup Meetings are Tuesdays from 3:00 – 4:00 pm Eastern.– The next Community Meeting will be announced.
Agenda
Topic Time Allotted
Welcome and Announcements 5 minutes
ABBI Schedule and Pull WG Status Update 5 minutes
Continue Discussion on Pull • Review Summary Discussion on OAuth• Review Strawman for Search / Strawman for Summary
45 minutes
Next Steps / Reminders 5 minutes
4
Looking ForwardABBI Schedule• November
– October 22- November 19: Drafting and comment period on ABBI Implementation Guide (Part 1: Send via Direct + Content)
– Nov 19th : BEGIN Comment Period Round 2 on ABBI Implementation Guide (Part 1: Send via Direct, Content) – 26th : Discuss Comments in workgroup calls– 28th : END Comment Period on ABBI IG (Part 1)
• December– 3rd : Review Implementation Guide Comments in Workgroup Calls and Finalize Guide– 6th : ABBI Participates in Connect-a-thon– 10th : “Public Release” of ABBI Implementation Guide (Part 1)– 11th : ABBI Participates in Town Hall @ ONC Annual Meeting– 21st : BEGIN Comment Period on ABBI Implementation Guide (Part 2: Send via Email, Payor Content, and Developer
Toolkit)• January
– ~ 10th: END Comment Period on ABBI Implementation Guide (Part 2)– ~ 15th : Release ABBI Implementation Guide (Part 2)– All of January: Testing Period; Identify and Respond to Reference Implementations
• February– Testing Period; Identify and Respond to Reference Implementations
• March– Complete Testing Period– HIMMS: Showcase ABBI Implementatiosn – Release Final Automate Blue Button v2 Implementation Guide (Part 1 and Part 2 listed above)
Pre-Discover
y
Discovery
Reference Implementatio
ns
Agreed and voted on charter, including Scope Timeline Deliverables
Open call for straw man proposals for PULL scenarios Review background information from other S&I groups like RHex Project Discuss advantages and disadvantages of proposed straw men Identify proposal(s) to invest in Write draft implementation guide
Identify 1-2 partners that can build proof of concepts for PULL Have 1-2 partners demonstrate the technical feasibility of the implementations
Implementation Guidance
Implementations
Refine use cases based on reference implementations Refine implementation guide based on reference implementations
2-4 full implementations that reflect implementation guidance
PULL Current Status PullWorkgroup1
6
OAuth Summary Points(from Adrian G)
• - OAuth is a means of securing RESTful servers based on a secret token communicated over a secure channel. OAuth security applies to a wide range of clients and servers including mobile devices but risk mitigation methods apply to various use-cases.
• - OAuth uses a two-level authorization mechanism to facilitate scalability. The top level is institutional and analogous to a white-list or federation mechanism. The lower level is individual and corresponds to a time and scope-limited authorization by a specific patient.
• - OAuth can work both as part of a specified federation and by using a dynamic discovery process without a specified federation. The dynamic process could be useful in support of universal access that does not restrict the patient's choice of pull agent while still allowing for the administrative efficiency of specified federations.
• - OAuth by itself distributes the authorization management to the edges of the network. This can get confusing for patients that want to manage authorizations at many data holders including labs, specialists, clinics and payers. UMA is a proposed standard protocol on top of OAuth that allows for access authorizations to be managed by a trusted central service that can be independent of any particular data holder. This trusted, independent central service would be analogous to a federated identity provider for Single Sign On and could either be the same or separate from the IDP.
Example “Search” and “Summary” Endpoints(from Keith B.)
ABBI.htm
Click to open
Pull Summary Points(from Josh Mandel)
Double-Click to access /open PDF
Next Steps / Meeting Reminders
10
• Next Steps– Homework: Review Push IG & Content IG– Looking Forward: Josh M. prototype ; Keith B – Search & Summary Endpoint doc
on the public site – Dec 6th: Virtual Connectathon for DIRECT / Trust to test sending data from data
holders to receivers; NIST tools will also be present– Dec 11th: ONC annual Meeting; ABBI will have a Town Hall from 2:30-4 pm, and
more of a casual meeting up that evening for all ABBI folks who are interested. • Meeting Reminders
– Next PULL Workgroup Meeting is Tuesday, November 27, 2012 @ 3:00 pm Eastern.
– The next Community Meeting will be announced.– http://wiki.siframework.org/Automate+Blue+Button+Initiative
• For questions, please contact your support leads– Initiative Coordinator: Pierce Graham-Jones (pierce.graham-jones@hhs.gov)– Presidential Innovation Fellow: Ryan Panchadsaram (ryan.panchadsaram@hhs.gov)– Project Manager: Jennifer Brush (jennifer.brush@esacinc.com)– S&I Admin: Apurva Dharia (apurva.dharia@esacinc.com)