HEART Working Group - Overview
What is HEART Working Group?
HEART (Health Relationship Trust) is a set of profiles that enables patients to control how, when, and with whom their clinical data is shared. The HEART model builds on existing state-of-the-art security and adds additional components to ensure that patient clinical data is securely exchanged. In addition to giving patients control over how their own data is shared, HEART defines the interoperable process for systems to exchange patient-authorized healthcare data consistent with open standards, specifically FHIR (Fast Healthcare Interoperability Resources), OAuth, OpenID Connect, and UMA (User-Managed Access).
Today, attempts to enable patients to electronically manage authorizations for sharing their data have only worked within narrow ecosystems, such as a single healthcare system. This is problematic for patients because it is difficult to share healthcare data with an external physician or with a healthcare system in a different region. It is problematic for organizations and providers because there are no processes, rules, or standards for ensuring that the clinical data being shared has been authorized by patients. This lack is likely to limit adoption and use of data-sharing APIs because it will be far more difficult to ensure that apps seeking to use APIs actually have the approval to obtain access to individual patients’ data.
The goal in developing the HEART profiles was to address these issues by creating best practices that accomplish the following practical tasks:
- Enables organizations and other entities to electronically determine whether requests for data are valid (i.e., have been authorized by the patient) and what data the requesting entity is authorized to obtain.
- Creates a protocol for managing both sharing of permissions and data that adheres to the highest levels of security and privacy. In the process, both patients and providers increase trust that the data is authorized and accurate.
- Supports, and integrates with, systems that allow patients to set up permissions and authorizations for sharing their clinical data to ensure that their data is only shared with individuals, institutions, and apps that they choose.
HEART provides a standard to enable patient-mediated interoperability implementation through the FHIR APIs. To obtain the full benefit of open APIs, we need to enable the HEART standard and attain widespread adoption.
Papers and Presentations
The US Office of the National Coordinator for Health Information Technology (ONC for Health IT) lists HEART as a Health IT Standard to Watch, and sponsored a two-hour webinar/workshop on 23 April 2019. Slides and a recording are available.
The group has written the following use cases to crystalize key needs in patient-directed health data exchange and how HEART can contribute to the solution:
Working Group Chairs
- Debbie Bucci (Equideum Health)
To monitor progress and connect with working group members, join the mailing list.
- When: Some Mondays 1PM PST / 4 PM EST
- Join Meeting