Stream: social
Topic: Apple Health Authentication Flow
Simone Heckmann (Mar 19 2018 at 12:19):
Hi,
does anyone know the details or where to find the details of how the authentication flow for Apple Health works?
I mean, I know it's technically SMART, OAUTH etc. but I wonder how this works from a Patient's POV.
Do they get credentials from the hospital, or do they sign in with their Apple account?
How does the linkage of the account-ID and the Patient-ID in the hospital work?
How does the App know the correct Patient-ID for the launch scope?
Jenni Syed (Mar 19 2018 at 15:30):
They typically sign in with the same credentials they would sign in to their portal with, though that could vary by site (none that I know of use the Apple id). That portal account has already been linked to their record in the provider(s) systems.
John Moehrke (Mar 19 2018 at 16:18):
They use the Sync for Science and SMART-on-FHIR see my writeup (and improvement opportunity for them) https://healthcaresecprivacy.blogspot.com/2018/02/apple-should-have-heart.html
Jenni Syed (Mar 19 2018 at 16:27):
Note that the only thing used that is "different"/some aren't familiar with is the offline_access scope, most people are familiar with the S4S workflow that may have raised it, but I believe it's part of the normal SMART standard (online vs offline access) now.
Simone Heckmann (Mar 19 2018 at 20:05):
Jenny and John, thank you so much for this information! I'm currently reading up on HEART.
What makes me still wonder: Isn't the fact that someone might mistype the patient's eMail-adress into the system a big danger?
What if the eMail arrives in someone completely different's inbox (like some.body@somewhere.com instead of some-body@somewhere.com?)
Couldn't the person accidentially receiving the eMail with the one-time password create an account, consent to everything and read up on someone else's health data? I guess they could ask for additional information such as birthdate (not much else comes to mind) upon registration...
I absolutely agree that linkage is the most painful aspect of this...
John Moehrke (Mar 19 2018 at 20:22):
where in the process are you seeing a reliance on an email address?
John Moehrke (Mar 19 2018 at 20:28):
The identity proofing step is usually done today using a piece of paper postal mail. For which in the USA there are severe and clear penalties involved in stealing or even opening mail that is not addressed to you. This is essential legal fact that providers rely upon. Inside that piece of paper mail is a secret code. When that patient goes to the provider's portal, they use that secret code. Their use of that secret code is what gives high assurance of identity proofing, thus binding that login account to that Patient identity. If the user is malicious, not really the patient, and is logged into their own account; THEN the Federal penalties around postal fraud apply...
Simone Heckmann (Mar 19 2018 at 20:29):
Sorry, my bad. I missed the word "postal" in this sentence,:"The Healthcare Providers usually mange the Identifiers by sending their known patients a postal mail letter with a username and a one-time-secret."
David Hay (Mar 19 2018 at 23:00):
I'm going to take over Lloyds role and suggest that this should move to the implementers stream...
Simone Heckmann (Mar 20 2018 at 09:39):
I was actually thinking of posting in the SMART stream, but it's very quiet there...
Grahame Grieve (Mar 20 2018 at 09:45):
wake it up
Grahame Grieve (Mar 20 2018 at 09:45):
or there's an argonaut stream
Simone Heckmann (Mar 20 2018 at 10:25):
I'd say. Drop it into SMART, however I have to admit I have no idea how to do that...
Lloyd McKenzie (Mar 20 2018 at 14:47):
Start a new thread there and post a link to the thread here :)
John Moehrke (Mar 20 2018 at 15:11):
it is not a specifically argonaut thing... I would rather it be a thread in the normal implementers stream.
Kevin Mayfield (Mar 20 2018 at 18:51):
So it’s not HEART? Are Apple planning to go that way?
Is their anyway of booking marking a topic. I want to watch this thread.
Grahame Grieve (Mar 20 2018 at 19:10):
i haven't heard of any actual health vendor considering heart. Let me know if I'm wrong...
Grahame Grieve (Mar 20 2018 at 19:10):
the coming rewrite of heart might move the needle
John Moehrke (Mar 20 2018 at 19:43):
there are many reasons holding back HEART... all of them non-technical... aka policy, trust, ease, etc...
Kevin Shekleton (Mar 21 2018 at 01:36):
The Apple Health app integration is not using HEART. The Apple Health app is acting as a SMART app and using the Argonaut FHIR profiles.
Pascal Pfiffner (Mar 21 2018 at 03:31):
Exactly.
Grahame Grieve (Mar 21 2018 at 04:03):
@Kevin Mayfield : "Is their anyway of booking marking a topic" - yes, you can star a message
Kevin Mayfield (Mar 21 2018 at 05:33):
So I jumped a stage or two, assuming Apple could act as the Patients authorisation service. The scenario I was looking at is a national 'OAuth2 OpenID' accessing FHIR servers, this seems to be saying UMA rather than SMART (extranet rather than intranet?).
Kevin Mayfield (Mar 21 2018 at 05:34):
Seems to be a direction of travel rather than a current requirement.
Grahame Grieve (Mar 21 2018 at 05:47):
over the horizon at best. if not further away
Grahame Grieve (Mar 21 2018 at 05:47):
(on the next planet?)
Kevin Mayfield (Mar 21 2018 at 05:49):
Next galaxy would be consent discussions... aka committees, lasting for several months trying to work out how to get patient consent (without asking the patient - except on paper forms in an office far far away...)
Kevin Mayfield (Mar 21 2018 at 06:05):
@Grahame Grieve is that commentary on the maturity of UMA (and HEART). I do believe it would be better to start OAuth2 from the bottom up rather than top down. More practical and gains collective experience.
Grahame Grieve (Mar 21 2018 at 06:17):
more a comment on the maturity of the overall industry here. Most people think there's a problem here, but no agreement on what it is, what the scope of a solution should be, what success looks like
John Moehrke (Mar 21 2018 at 16:09):
There is also mismatched motivations... those with the power/money to architect systems have different motivations driving those designs. The patients have very little leverage to drive for a nationwide consent concept where they benefit from having just on place to manage their consent rules. Hence why I proposed that Apple is a likely contender to flip this as they represent the consumers more than they represent the legacy healthcare parties...... BUT, I have never intended for people to believe that Apple is or wants to take on this role. I have tried to be very clear that Apple is doing just like other apps and leveraging SMART and SyncForScience...
John Silva (Mar 27 2018 at 18:06):
Sweden has some laws on nation-wide consent (privacy) laws and hospitals have to comply (not sure if all the hospitals are government owned or if there are private ones too?) https://content.next.westlaw.com/Document/I43e1d2bc1c9a11e38578f7ccc38dcbee/View/FullText.html?contextData=(sc.Default)&transitionType=Default&firstPage=true&bhcp=1
Last updated: Apr 12 2022 at 19:14 UTC
