Blue Button and Patient Health Records using OAuth , JOSE

Session Topic: BlueButtons+ and OAuth2

Wednesday 2J

Convener: Justin Richer, J. Mandel A. Gropper

Notes-taker(s): Karen O’Donoghue

BlueButton+, OAuth2, RESTful, JOSE  Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:   Justin provided an overview of the current state of the BlueButton+ effort using OAuth2.

The current documentation is available on github at: blue-button.github.io/blue-button-plus-pull

Josh Mandel, a regular participant in the work, talked about some of the motivation and the problems being addressed. There is a desire to bootstrap an ecosystem where patients can share specific health information with selected providers in a privacy protecting manner. Blue Button was envisioned to "create portable medical histories that facilitate dialog among health care providers, caregivers, and others" (from Wikipedia). The BlueButton+ effort is looking at the addition of capabilities allowing the user to allow medical providers (and others) with access to various sets of information. This needs to work in a fairly dynamic world.

Justin stepped through the various sections of the online document. There were several questions for clarification. Justin provided a diagram of the basic exchanges on the white board (see attached picture). In one case, he was interested in a better term for class of clients. There is confusion surrounding the terms class and instance.

Justin asked for anyone willing to read through the documentation to send in questions or comments. In particular, he is especially interested in those with related use cases.

For more information, please see the link or the associated whiteboard picture.