HIE on FHIR ( high level )

1. HIE on FHIR (high level) Patient Out of Band: UMA Protection Flow: UMA Authz. Flow: Data Access Flow: 3 Set Resource Authz Policy GUI Patient’s Authorization Server GUI Protection API Authorization API 0 CDMS Submit CD 7 2 Provide Claims and Acquire Authz Token Register Resources and Scopes Requesting Org Provider Org Protection client Authorization client 1 Authz API Request for Data 4 8 Authz Token + Request for Data Approve CD Resource server Resource server Redirect to Patient AS 6 End-user FHIR API FHIR API ACS/PPS Labelled/Segmented Data 10 5 ACS/PPS 9 Scheduling System (read-ahead & cache) Check Overarching Policies Verify Token Invoke Labeling Service

2. HIE on FHIR (detail) Patient Out of Band: UMA Protection Flow: UMA Authz. Flow: Data Access Flow: 3 Set Resource Authz Policy GUI 7 2 Patient’s Authorization Server Potential Claims Flow GUI Protection API Authorization API CDMS 0 a Submit CD b AAT a c 4 AAT a Acquire Authorization Access Token (AAT) Acquire Protection Access Token (PAT) Request Requesting Party Token (RPT) b a Issue and send RPT c Claims RPT PAT Register Resources & Scopes Acquire Access Token (AT) b a Request for Data b Requesting Org. Provider Org. b Authorization client PAT Protection client Authz API Resource server AT 1 a Resource server Request for Data + Authz Token 8 Approve CD Redirect to Patient AS 6 b ACS/PPS AT RPT FHIR API End-user FHIR API Labelled/Segmented Data AT 10 ACS/PPS 9 5 Scheduling System (read-ahead & cache) Check Overarching Policies Verify Tokens OAuth Protected Invoke Labeling Service