HEART (Health Relationship Trust) is a set of profiles that enables patients to control how, when, and with whom their clinical data is shared. The HEART model builds on existing state-of-the-art security and adds additional components to ensure that patient clinical data is securely exchanged. In addition to giving patients control over how their own data is shared, HEART defines the interoperable process for systems to exchange patient-authorized healthcare data consistent with open standards, specifically FHIR (Fast Healthcare Interoperability Resources), OAuth, OpenID Connect, and UMA (User-Managed Access).

Today, attempts to enable patients to electronically manage authorizations for sharing their data have only worked within narrow ecosystems, such as a single healthcare system. This is problematic for patients because it is difficult to share healthcare data with an external physician or with a healthcare system in a different region. It is problematic for organizations and providers because there are no processes, rules, or standards for ensuring that the clinical data being shared has been authorized by patients. This lack is likely to limit adoption and use of data-sharing APIs because it will be far more difficult to ensure that apps seeking to use APIs actually have the approval to obtain access to individual patients’ data.

The goal in developing the HEART profiles was to address these issues by creating best practices that accomplish the following practical tasks:

• Enables organizations and other entities to electronically determine whether requests for data are valid (i.e., have been authorized by the patient) and what data the requesting entity is authorized to obtain.
• Creates a protocol for managing both sharing of permissions and data that adheres to the highest levels of security and privacy. In the process, both patients and providers increase trust that the data is authorized and accurate.
• Supports, and integrates with, systems that allow patients to set up permissions and authorizations for sharing their clinical data to ensure that their data is only shared with individuals, institutions, and apps that they choose.

HEART provides a standard to enable patient-mediated interoperability implementation through the FHIR APIs. To obtain the full benefit of open APIs, we need to enable the HEART standard and attain widespread adoption.

(You can find this overview as a standalone document.)