Sunday, July 17, 2016

Extending the FHIR standard to handle provenance

I wrote a paper for W3C PROV program with Arnon and Adriane from Mitre. The paper discusses the experience so far with applying the W3C PROV model to the HL7 FHIR model. Much of the material and inspiration came from my blog post in March on "Provenance vs Audit - its not a competition". The paper is much better, and all of that better-ness is because of my co-authors.

The paper is published on Provenance Week 2016 - program agenda "PROV: Three Years Later". I was not present to present. Search for "FHIR".

You will also notice that Reed Gelzer has a paper published there as well.

The main point we make in our paper is to introduce the PROV community to the FHIR community, and thus enable the PROV community to better understand how other standards communities are using their standard, and thus the struggles they have with understanding and applying it to the Healthcare domain.  In fact pointing out that because of historic reasons healthcare has separated Audit from Provenance, and this might not please a provenance purist.
In this work, we look at the problems a domain-specific standard committee faces when trying to “involve” provenance to meet domain requirements, without committing to the major expansion of adding a general provenance capability. We also begin the discussion of what the provenance community can do to assist the domain-specific creation committee with the easy inclusion and usage of well-specified, and provenance-community approved guidance.
That is not to say that the goal is to force all PROV use to be pure, but rather to help the PROV community understand how they need to be guiding force, not breaking force.

Tuesday, July 12, 2016

Privacy-by-Design Data-Analytics Platform on FHIR

In all the networking and interviewing I have been doing lately I have been thinking more and more about a really cool project that I would love to participate in. As far as I know someone must have tried this, but it will take many technology advancements yet. So if anyone is working on this, I want to talk to you and see if I can get on your team. Yes, I am still looking for a job.

The idea is I want to use Privacy-By-Design to design a Data-Lake that will respect Privacy Principles in all data uses.

Wednesday, July 6, 2016

Stories of poor security from vendors that should know better

I simply must point to a very specific episode of SecurityNow, a very good podcast every week. Episode 567 because he describes in detail five different products/services that simply did not do security right. All might look like well secured products to marketing, sales, or any leadership. But not done right at all. Sorry that the podcast is 2 hours long, but the whole thing is worth listening to because the whole two hours is full of story after story. These are not old stories, these are from this week or the week before. Symantic, StartCom, AuYou, etc...
The point is to

For those that want to read, not listen... He has fantastic notes he uses during the show; and later will have transcripts of the actual spoken word.

Monday, July 4, 2016

Interoperability will never be perfect - not even FHIR

I just finished a fantastic book "In the Land of Invented Languages: Adventures in Linguistic Creativity, Madness, and Genius" by Arika Okrent.
This book was recommended by Grahame Grieve. I don't have evidence he recommended it, but I am sure it was Grahame. I wondered why he would have recommended such an obscure book. I may have figured out why, but I might have completely over blown the thought.

Wednesday, June 29, 2016

Apple makes a difference with targeted use of Differential Privacy

Amazing news this week from Apple on their use of Differential Privacy. They didn't invent Differential Privacy, they are not the first to use De-Identification, but they seem to have thought about this. We can't yet tell how well they thought about this, as the details are not clear. That is, they are still not being Transparent.

I am not an Apple fanboy, I think they get far too much credit and buzz. I don't think this is their fault, they are masters of marketing, and they never claim to have created something no-one else has. What they do very well is take technology that is just slightly behind bleeding edge, letting someone else get most of the cuts and blood, and the critical thing, they use it in a way that provides really good value. It is this that I am very much a fanboy for apple, they know how to pivot the work of others into a bigger value for their customers.

Differential Privacy is another case of this value-adding exceptional execution.   Specifically...

Wednesday, June 22, 2016

On-Behalf-Of - FHIR Signature datatype update

The Security workgroup is looking at the FHIR datatype for Signature, specifically the use-cases where the one signing is not the one that the agreement or contract is about. For example when a parent signs for an infant child, or a guardian signs for an individual, or where an individual signs for an organization.

We look to the Uniform Commercial Code (UCC) as one use-case for the use of On-Behalf-Of, as it is a long-standing and proven case where this is needed and has been used. ....

Tuesday, June 14, 2016

MHD - Why use of FHIR Contained?

I was asked why MHD has the requirements to contain a provider and patient in document reference. Why is that necessary?

The containment of Provider and Patient are ONLY for very specific reasons. Some are driven by XDS constraints; but even those constraints are driven by reasonable use-cases.