The Standard

The Official Blog of Health Level Seven® International

visit HL7.org 

FAST Security Now Part of TEFCA and HTI-2 Requirements

[fa icon="calendar'] Jul 17, 2024 1:33:09 PM / by FAST Project Management Team posted in FHIR, health IT policy, FHIR Accelerator, FAST, FHIR Implementation Guides, FHIR Community, TEFCA, FAST Security, HTI-2

[fa icon="comment"] 1 Comment

If you can’t think of a reason to pay attention to FAST's work, we have a couple for you! Recent requirements related to TEFCA (Trusted Exchange Framework and Common Agreement) and the latest HTI-2 proposed rule have named the FAST Security Implementation Guide (IG). This recognition underscores the importance and foundational nature of FAST's contributions to healthcare interoperability. 

On July 1st, the Recognized Coordinating Entity (RCE) released the Facilitated FHIR Implementation Standard Operating Procedure (SOP), outlining the requirements for using FHIR within the TEFCA framework. Notably, these requirements include adopting the FAST HL7 UDAP Security for Scalable Registration, Authentication, and Authorization FHIR Implementation Guide (SSRAA) by January 1, 2026. This timeline allows organizations to implement FAST Security while still using SMART or other security options in the interim. 

Specifically, the SOP states: 

Prior to January 1, 2026: 

  • All FHIR Adopters MAY follow the requirements of HL7 SSRAA FHIR IG 1.0.0 STU 1 US Section 3 Registration. 
  • Manual registration requests for client_id MUST be resolved within 5 business days where sufficient information has been provided. Information requirements MUST NOT exceed those in Section 3 of HL7 SSRAA FHIR IG and this SOP. 
  • All FHIR adopters MUST use one of the following: 
    • HL7 SSRAA FHIR IG 1.0.0 – STU 1 US Sections 4 and 5; 
    • SMART Release 1.0.0; or 
    • Another authentication and authorization framework that adheres to the QTF requirements is based on out-of-band agreements between exchange partners. 
Read More [fa icon="long-arrow-right"]

Scaling Patient Identity Solutions: The Role of FAST Interoperable Digital Identity and Patient Matching Implementation Guide

[fa icon="calendar'] Jun 18, 2024 11:24:49 AM / by FAST Project Management Team posted in FHIR, FHIR Accelerator, FAST, FHIR Implementation Guides, FHIR Community, HRex, FAST Security, FAST Identity

[fa icon="comment"] 0 Comments

In the realm of healthcare, accurately managing patient identities across various systems is pivotal. The FHIR at Scale Taskforce (FAST) has developed the Interoperable Digital Identity and Patient Matching implementation guide (FAST Identity IG) to address these challenges effectively. This blog delves into the nuances of this implementation guide and encourages participation in its continuous improvement. 

 

 

Exploring the FAST Identity Implementation Guide 

The FAST Identity IG aims to enhance the FHIR patient $match operation for use in cross-organizational workflows. It serves as a comprehensive set of best practices not only for transactions directly invoking $match but also for other healthcare transactions that require robust identity matching and management.

Read More [fa icon="long-arrow-right"]

Recap of the May FAST Focus Webinar: Advancing Secure Health Data Exchange

[fa icon="calendar'] Jun 12, 2024 3:15:31 PM / by FAST Project Management Team posted in FHIR, FHIR Accelerator, FAST, FHIR Implementation Guides, FHIR Community, TEFCA, FAST Security

[fa icon="comment"] 0 Comments

In May 2024, the FAST Focus webinar, "Secure Health Data Exchange," brought together experts from across the healthcare industry to delve into the intricacies of the HL7 Unified Data Access Profiles (UDAP) Security for Scalable Registration, Authentication, and Authorization Implementation Guide, commonly referred to as the FAST Security IG. This session featured insights on key components and practical implementations of the FAST Security IG. 

Introduction to the FAST Security IG 

The session began with an explanation of the role of FAST in addressing healthcare interoperability challenges. The FAST Security IG aims to create a scalable, secure framework for health data exchange across national networks like TEFCA, Carequality, and CommonWell

 

The Journey to Trustworthy Information Exchange 

A historical perspective on the FAST Security IG highlighted its roots back to 2017. The goal was to leverage existing standards like public key infrastructure (PKI), OpenID Connect, and OAuth 2.0 to ensure a scalable, secure data exchange solution. The FAST Security IG integrates these standards into a cohesive framework, emphasizing the importance of trust in health data transactions. 

 

Key Components of the FAST Security IG 

The core elements of the FAST Security IG include: 

  • JWT-Based Authentication and Authorization: Utilizing JSON Web Tokens for secure assertions of claims from trusted third parties.
  • Dynamic Client Registration: Automating client registration using digital certificates to eliminate the need for shared secrets.
  • Tiered OAuth: Facilitating patient-facing workflows by directing patients to trusted identity providers for authentication.

This approach ensures that both clients and servers can be securely identified and authenticated, streamlining the registration process, and enhancing trust across the network. 

 

Real-World Implementations and Insights 

The panel discussion featured firsthand experiences from implementers of the FAST Security IG. The discussion emphasized the collaborative effort in refining the FAST Security IG and the importance of ongoing participation in workgroups to further enhance the specification. 

Open-source solutions to facilitate implementation were highlighted, including a .NET reference implementation and a diagnostic tool called UDAP Ed. These resources help developers visualize and test their implementations, accelerating the adoption of the FAST Security IG. 

The importance of identity assurance was underscored, advocating for a centralized, trusted entity to manage high-security registrations. The FAST Security IG's reliance on well-established standards makes it a robust and scalable solution for the healthcare industry. 

Read More [fa icon="long-arrow-right"]

Navigating Perceptions: Insights from the FHIR at Scale Taskforce (FAST) Community Survey

[fa icon="calendar'] May 2, 2024 11:58:16 AM / by FAST Project Management Team posted in FHIR, FAST, FHIR Implementation Guides, ONC FAST, FHIR Community, TEFCA, FAST Security, Digital Identity and Patient Matching IG, National Directory IG

[fa icon="comment"] 1 Comment

March 2024 marked a pivotal moment for the healthcare IT sector, with the FHIR at Scale Taskforce (FAST) community survey revealing critical insights into the adoption, challenges, and perspectives surrounding various FAST implementation guides (IGs). This survey, engaging various stakeholders from providers to technology vendors, sheds light on the collective journey towards seamless healthcare interoperability. Let's dive into the nuanced feedback and the path it carves for the future of healthcare IT. 

 

Survey Results Overview 

 

FAST Security IG Adoption and the Quest for Clarity   

The uptake of the HL7 FAST UDAP Security for Scalable Registration, Authentication, and Authorization Implementation Guide (FAST Security IG) is on the rise, driven by an evident market need.  A notable proportion of respondents are keen to implement the HL7 FAST Security IG, likely due to its inclusion in the TEFCA FHIR Roadmap. There were some concerns expressed about market readiness. However, respondents expressed a need for clearer guidance beyond the existing FAST Security IG, suggesting the development of a companion document to aid in implementation strategies would be helpful. 

 

FAST Identity IG: Overcoming Adoption Barriers   

While there seems to be adoption readiness for the Interoperable Digital Identity and Patient Matching IG, the survey highlights perceived barriers to adoption. These barriers were related to industry issues such as cross-jurisdiction consent and broader market acceptance and adoption by other industry initiatives rather than any issues with the IG itself. 

Read More [fa icon="long-arrow-right"]

Save the Date: Discover Secure Data Exchange in Our Upcoming FAST Focus Webinar

[fa icon="calendar'] Apr 30, 2024 9:20:22 AM / by FAST Project Management Team posted in FHIR, FAST, FHIR Implementation Guides, ONC FAST, FHIR Community, TEFCA, webinar, FAST Security

[fa icon="comment"] 3 Comments

Read More [fa icon="long-arrow-right"]

Demystifying the Implementation of the FAST Security FHIR® IG: A Closer Look

[fa icon="calendar'] Apr 24, 2024 4:41:44 PM / by FAST Project Management Team posted in OAuth2, FAST, FHIR Connectathon, FHIR Implementation Guides, ONC FAST, FHIR API, TEFCA, FAST Security

[fa icon="comment"] 1 Comment

The HL7 FHIR at Scale Taskforce (FAST) UDAP Security for Scalable Registration, Authentication and Authorization Implementation Guide (FAST Security IG) was designed to streamline and secure data exchange across different healthcare stakeholders. This blog post seeks to dispel common misconceptions about the complexity of implementing the FAST Security IG. 

Read More [fa icon="long-arrow-right"]

Diving In: A Recap of FAST's Latest Presentations and Engagements at Industry Events

[fa icon="calendar'] Apr 5, 2024 2:37:24 PM / by FAST Project Management Team posted in FHIR, HIMSS, FHIR Accelerator, FAST, ViVE, FAST Consent, FAST Security, Consent, security

[fa icon="comment"] 0 Comments

Journeying Through Industry Waters: FAST's Impactful Presence at Recent Events

As the dust settles from the whirlwind of activity over the past several weeks in the healthcare industry, marked by prominent events such as ViVE and HIMSS24, it'sevident that innovation and collaboration are at the forefront of progress. Amidst this bustling landscape, the FHIR at Scale Taskforce (FAST) has not only made its presence felt but has also unveiled new initiatives, including the launch of the FAST Focus webinar series and the initiation of public meetings for its scalable Consent project. This blog is a brief highlight of all the most recent excitement and includes helpful links for your reference. 

Introducing FAST Focus: A Quarterly Glimpse into FHIR Infrastructure 

Launching the inaugural FAST Focus webinar marked a significant milestone, offering a quarterly rendezvous for the FHIR and interoperability communities. This platform serves as a vital conduit for keeping stakeholders abreast of FAST's endeavors in bolstering FHIR infrastructure. Past sessions' recordings and decks are readily available on the FAST calendar page in the archive section, providing a wealth of insights for eager participants. 

HIMSS24: Spotlight on FAST's Participation 

FAST had a presence at HIMSS24 and was thrilled to interact with so many attendees, from the FHIR curious to seasoned FHIR implementers curious, to learn more about FAST’s work. FAST provided volunteer FAST representatives to staff the HL7 Accelerator kiosk in the interoperability showcase. The kiosk buzzed with activity and insightful interactions. FAST also left an indelible mark with multiple presentations at the Spotlight Theater and the HL7 booth, amplifying awareness and fostering dialogue around FHIR infrastructure work. 

Read More [fa icon="long-arrow-right"]

Lists by Topic

see all

Posts by Topic

see all