On the Tsunami of Consumer Health Apps Headed Our Way

[It is now June 2024, nearly four years since I wrote this post. Talk about a swing and a miss! In practice there are very few software applications actually using Patient Access APIs - not the tsunami I saw in my crystal ball. I need to do a post-mortem to figure out how I - … Continue reading On the Tsunami of Consumer Health Apps Headed Our Way →

How to Comply with the HIPAA Individual Right of Access in your ONC Cures Act-mandated FHIR APIs

In my last post, I spoke to our need to handle sophisticated consent cases ONC Cures Act API compliance for 1/1/21, including patient representatives of various kinds. The mandate has de-scoped data segmentation and redaction for sensitive conditions, as too big a lift for the industry, leaving APIs to deliver all scoped data or none … Continue reading How to Comply with the HIPAA Individual Right of Access in your ONC Cures Act-mandated FHIR APIs →

Your ONC Cures Act APIs and Managing Consent as Policy

The ONC Cures Act final rule is forcing payers and providers to come to grips with automating consent management and enforcement for data access. The best architectural solution to address it is Policy Based Access Control, or PBAC. PBAC is a kind of Attribute-Based Access Control, or ABAC. Unlike Role-Based Access control, in which a … Continue reading Your ONC Cures Act APIs and Managing Consent as Policy →