The intent of this discussion is to take many of the technical approaches to data sharing that are being discussed in the CMS and ONC proposed rules such as FHIR and use those approaches for the Social Determinants.
This will certainly include the Fast Healthcare Interoperability Resources (FHIR).
Others are working at extending FHIR for use in Social Determinants such as the Gravity Project.
As we begin to exchange private data regarding citizens/patients we will need to get security and privacy right. There are two concepts we need to understand:
Authentication - The process by which we determine that a user is who they say they are (ie John Doe)
Authorization - The process by which we determine what that user is allowed to do with the data (ie John Doe can read all records and modify none)
The most common way to authenticate today is with a Username and Password, If I know the password, then that proves that I am who I say I am. That has limited usefullness when it comes to sharing data at scale as it will be in FHIR.
I would like to use this discussion to educate people and to gather ideas on Authentication.
Please chime in if you would like to learn more.
Replies
Hope we have the chance to discuss the Gravity Project more on a future call. Also, similar efforts around the representation of social risk and protective factors and their strengths/limitations and overlap.