Josh Mandel about FHIR servers

Introduction to Access Control Policies
The presentation begins by outlining a diverse range of topics related to access control policies, emphasizing their relevance to user experience. The speaker aims to delve into the micro details of these policies and explain their implications for individuals making data-sharing decisions. A case study on Tefca will illustrate cross-organizational exchange, providing a practical context for the discussion.

Capabilities of Smart App Launch Specification
This section focuses on the Smart App launch specification, which is widely adopted in the U.S. as part of certified EHR testing programs. The speaker explains how granular scopes can be defined at the resource level, allowing applications to access specific subsets of data. The Smart Implementation Guide outlines scope language that enables applications to request permission for various actions—such as reading, creating, or updating FHIR resources—tailored to individual patient contexts.

Patient-Level and User-Level Authorization
The discussion transitions to patient-level authorization, where access is granted based on a single patient record. This scenario is common when a healthcare provider accesses a patient's chart or when patients share their data with applications. In contrast, user-level scopes allow individuals with access to multiple records—like parents managing their children's health data—to share information with applications. This highlights the delegation mechanism that Smart provides, integrating with existing access control systems.

System-Level Scopes and Business Integration
The speaker introduces system-level scopes, which apply in scenarios where no end user is involved. These scopes are relevant for backend services that issue queries directly between machines, such as lab interfaces posting results into EHRs. Examples illustrate how these scopes facilitate business-to-business integration while maintaining flexibility in data access.

Challenges with Custom Operations
A significant challenge arises from FHIR's custom operations and the lack of a standardized way to express permissions for executing these operations within scope language. The speaker discusses various operational definitions and emphasizes the complexity of accounting for different paths and input parameters associated with FHIR operations. Current advice suggests using operation definitions as scope names while developing custom syntax for additional restrictions.

User Experience in Data Sharing
Shifting focus to user experience, the speaker acknowledges that managing scopes and approvals can be complicated for patients accessing their records through applications. A demo illustrates how users interact with an app requesting access to various data categories, highlighting both empowerment and potential overwhelm due to numerous checkboxes for data sharing. The importance of user experience in shaping effective data-sharing policies is underscored.

Smart Health Links as an Alternative Sharing Mode
The presentation introduces Smart Health Links, a project developed during the pandemic to enable individuals to share their COVID-19 vaccination histories and lab results. This system allows consumers to create customized datasets for sharing, emphasizing consumer control over what information is included. The process involves generating links that point to encrypted files containing structured FHIR observations, showcasing a different approach to health data sharing.

Network-Based Exchange Policies
The final topic addresses network-based exchange policies within the U.S., particularly focusing on Tefca's common agreement framework. This framework establishes rules regarding who can query what information under specific circumstances. The speaker points out potential trust issues among network participants, especially in cases where queries may not directly relate to patient treatment.

Principles for Enhancing Trust in Data Sharing
The speaker concludes by proposing three principles aimed at enhancing transparency and trust within networks like Tefca:
Data Visibility: Individuals should have access to their own data.
Query Awareness: Patients should be informed when their data are queried by others.
Control Over Data Sharing: Patients should have the ability to dictate what information is shared.
These principles are positioned as essential for building trust and ensuring accountability in health data sharing practices.