The Standard

The latest FAST Focus webinar provided a comprehensive update on the progress and scope of the FAST Consent project, an initiative pivotal to streamlining data exchange in health IT. This quarterly series aims to engage the community, share updates, and encourage participation in ongoing FASTprojects. Below, we delve into the key takeaways from the session, with a spotlight on the objectives and contributions  

The FAST Consent Project: An Overview 

Consent management in healthcare is a complex issue that requires innovative solutions to manage and transmit consent records at scale. The FAST Consent project emerged in response to these challenges, focusing on how to make consent management effective across a diverse and multi-faceted ecosystem. Project leads—including Durwin Day, Mohammad Jafari, Kevin Day, Maidul Islam, Sam Schifman, and Jean Duteau—are spearheading efforts to define scalable consent handling strategies that align with both technical and legal requirements. 

As healthcare's digital transformation accelerates and data fluidity improves, the need to ensure patients maintain control over their health data becomes more urgent. While better interoperability brings many benefits, it also raises significant challenges around consent. The key question is: how do we efficiently manage patient consent to ensure privacy preferences are respected at scale, across multiple organizations and systems? 

The FHIR at Scale Taskforce (FAST), is focused on identifying scalability gaps, defining solutions to address current barriers, and identifying needed infrastructure for scalable HL7 Fast Healthcare Interoperability Resources (FHIR®) solutions so taking on consent as a use case was a natural evolution. 

The upcoming FAST Focus Webinar on November 7, 2024, will delve into this critical topic, offering stakeholders valuable insights into the FAST Consent team's efforts to develop a standardized framework for consent management. The webinar will provide an update on their progress, highlighting the collaborative work that has shaped the project’s evolution, as well as specific use cases that are central to its scope. 

The FHIR at Scale Taskforce (FAST) community has been at the forefront of shaping the future of healthcare interoperability. By working closely with the FHIR community and other FHIR Accelerators, FAST is building the framework for a robust FHIR infrastructure that supports the scalability of FHIR solutions across the healthcare ecosystem. Today, we are excited to announce an important leadership transition as we continue this vital work.

A New Opportunity for Dana Marcelonis

Dana Marcelonis, who has been a cornerstone of FAST as our Program Manager, will be transitioning to a new role at Point-of-Care Partners, where she will provide program support for the Coalition for Health AI (CHAI) project. Dana’s expertise, dedication, and leadership have been instrumental in guiding FAST’s efforts, and her impact on our work cannot be overstated. While Dana managed both roles admirably, the increasing demands of these projects have made it necessary to have a dedicated resource for each. Dana will continue to support Janice and the team through November to ensure a smooth transition.

If you can’t think of a reason to pay attention to FAST's work, we have a couple for you! Recent requirements related to TEFCA (Trusted Exchange Framework and Common Agreement) and the latest HTI-2 proposed rule have named the FAST Security Implementation Guide (IG). This recognition underscores the importance and foundational nature of FAST's contributions to healthcare interoperability. 

On July 1st, the Recognized Coordinating Entity (RCE) released the Facilitated FHIR Implementation Standard Operating Procedure (SOP), outlining the requirements for using FHIR within the TEFCA framework. Notably, these requirements include adopting the FAST HL7 UDAP Security for Scalable Registration, Authentication, and Authorization FHIR Implementation Guide (SSRAA) by January 1, 2026. This timeline allows organizations to implement FAST Security while still using SMART or other security options in the interim. 

Specifically, the SOP states: 

Prior to January 1, 2026: 

• All FHIR Adopters MAY follow the requirements of HL7 SSRAA FHIR IG 1.0.0 STU 1 US Section 3 Registration. 

• Manual registration requests for client_id MUST be resolved within 5 business days where sufficient information has been provided. Information requirements MUST NOT exceed those in Section 3 of HL7 SSRAA FHIR IG and this SOP. 

• All FHIR adopters MUST use one of the following: 
  • HL7 SSRAA FHIR IG 1.0.0 – STU 1 US Sections 4 and 5; 
  • SMART Release 1.0.0; or 
  • Another authentication and authorization framework that adheres to the QTF requirements is based on out-of-band agreements between exchange partners. 

In the realm of healthcare, accurately managing patient identities across various systems is pivotal. The FHIR at Scale Taskforce (FAST) has developed the Interoperable Digital Identity and Patient Matching implementation guide (FAST Identity IG) to address these challenges effectively. This blog delves into the nuances of this implementation guide and encourages participation in its continuous improvement. 

Exploring the FAST Identity Implementation Guide 

The FAST Identity IG aims to enhance the FHIR patient $match operation for use in cross-organizational workflows. It serves as a comprehensive set of best practices not only for transactions directly invoking $match but also for other healthcare transactions that require robust identity matching and management.

In May 2024, the FAST Focus webinar, "Secure Health Data Exchange," brought together experts from across the healthcare industry to delve into the intricacies of the HL7 Unified Data Access Profiles (UDAP) Security for Scalable Registration, Authentication, and Authorization Implementation Guide, commonly referred to as the FAST Security IG. This session featured insights on key components and practical implementations of the FAST Security IG. 

Introduction to the FAST Security IG 

The session began with an explanation of the role of FAST in addressing healthcare interoperability challenges. The FAST Security IG aims to create a scalable, secure framework for health data exchange across national networks like TEFCA, Carequality, and CommonWell. 

The Journey to Trustworthy Information Exchange 

A historical perspective on the FAST Security IG highlighted its roots back to 2017. The goal was to leverage existing standards like public key infrastructure (PKI), OpenID Connect, and OAuth 2.0 to ensure a scalable, secure data exchange solution. The FAST Security IG integrates these standards into a cohesive framework, emphasizing the importance of trust in health data transactions. 

Key Components of the FAST Security IG 

The core elements of the FAST Security IG include: 

• JWT-Based Authentication and Authorization: Utilizing JSON Web Tokens for secure assertions of claims from trusted third parties.
• Dynamic Client Registration: Automating client registration using digital certificates to eliminate the need for shared secrets.
• Tiered OAuth: Facilitating patient-facing workflows by directing patients to trusted identity providers for authentication.

This approach ensures that both clients and servers can be securely identified and authenticated, streamlining the registration process, and enhancing trust across the network. 

Real-World Implementations and Insights 

The panel discussion featured firsthand experiences from implementers of the FAST Security IG. The discussion emphasized the collaborative effort in refining the FAST Security IG and the importance of ongoing participation in workgroups to further enhance the specification. 

Open-source solutions to facilitate implementation were highlighted, including a .NET reference implementation and a diagnostic tool called UDAP Ed. These resources help developers visualize and test their implementations, accelerating the adoption of the FAST Security IG. 

The importance of identity assurance was underscored, advocating for a centralized, trusted entity to manage high-security registrations. The FAST Security IG's reliance on well-established standards makes it a robust and scalable solution for the healthcare industry. 

March 2024 marked a pivotal moment for the healthcare IT sector, with the FHIR at Scale Taskforce (FAST) community survey revealing critical insights into the adoption, challenges, and perspectives surrounding various FAST implementation guides (IGs). This survey, engaging various stakeholders from providers to technology vendors, sheds light on the collective journey towards seamless healthcare interoperability. Let's dive into the nuanced feedback and the path it carves for the future of healthcare IT. 

Survey Results Overview 

FAST Security IG Adoption and the Quest for Clarity   

The uptake of the HL7 FAST UDAP Security for Scalable Registration, Authentication, and Authorization Implementation Guide (FAST Security IG) is on the rise, driven by an evident market need.  A notable proportion of respondents are keen to implement the HL7 FAST Security IG, likely due to its inclusion in the TEFCA FHIR Roadmap. There were some concerns expressed about market readiness. However, respondents expressed a need for clearer guidance beyond the existing FAST Security IG, suggesting the development of a companion document to aid in implementation strategies would be helpful. 

FAST Identity IG: Overcoming Adoption Barriers   

While there seems to be adoption readiness for the Interoperable Digital Identity and Patient Matching IG, the survey highlights perceived barriers to adoption. These barriers were related to industry issues such as cross-jurisdiction consent and broader market acceptance and adoption by other industry initiatives rather than any issues with the IG itself. 

Five new Steering Committee members will bring unique insights to an upcoming slate of HL7 FHIR use cases in oncology, cardiovascular health, and genomics.

CodeX, the HL7® Fast Healthcare Interoperability Resources (FHIR®) Accelerator™ working to advance the adoption of FHIR as the standard to obtain high-quality, computable data for patient care and research, including the domains of oncology, cardiovascular health, and genomics, announced an expanded steering committee and new members of its leadership team.

“These experts in their fields are committed to helping CodeX develop and implement a strategic vision for the future with integrity, fairness, and equity. We embrace the HL7 ethos of collaboration and community to collectively solve interoperability challenges,” said Su Chen, M.D., program manager and clinical director of CodeX & digital health clinical principal at MITRE. In her role, Chen serves as chair of the CodeX Steering Committee.