Skip to content

Instantly share code, notes, and snippets.


Josh Mandel jmandel

View GitHub Profile

Background: Consumer API Access via Certified EHR APIS

In a series of EHR Certification and Meaningful Use programs since 2010, US national policy has driven toward better consumer access to clinical data – first through online portals; then through downloadable documents; and most recently through APIs that enable third-party application access. This technology is enabling consumers to connect apps like Apple Health or MyFHR to their health records, helping individuals understand their health and shop for better care. API access is expanding, but key struggles include:

  • App registration does not scale. Today, connecting an app requires not only permission from a patient, but also (as a pre-requisite), two additional hurdles that limit the ability for apps to scale: registration with an EHR vendor and approval by a healthcare provider organization. These two steps mean that apps must seek approvals from institutions that may not share common values or business incentives. The first hurdle should be
View CARIN Call

Subscribers and dependants

Minimum bar: support patient/ scopes (e.g., patient/, and authorize the app for each patient record. So here at authz time, e.g., scope=launch/patient patient/ patient/ ... e.g., scope=launch/patient patient/*.read

Beyond the minumum, a server can support user-level scopes ("do you want to share all the records you have access to with the following app"...)

jmandel / measure-report-examples.txt
Last active Mar 25, 2020
Example Locations, Groups for tracking beds (work in progress)
View measure-report-examples.txt
Example measure report (pseudo-yaml-pseydo-FHIR)(TM)
resourceType: MeasureReport
status: complete
type: summary (??)
date: today
jmandel / handshake-bare.json
Last active Feb 20, 2020
R5 Subscription Notifications: Packaging Discussion
View handshake-bare.json
"resourceType": "Bundle",
"id": "handshake",
"type": "history",
"timestamp": "2019-08-07T10:24:13.1882432-05:00",
"meta": {
"extension": [
"url": "",
"valueInteger64": "0"
jmandel /
Created Feb 19, 2020
Automated captions for self-owned Identity in healthcare overview

Automated captions for

I wanted to spend a few minutes, and introduced some vocabulary around a few court challenges in managing identity in healthcare and beyond. I want to argue that today. Things are pretty broken. Even when they seem to be working kind of OK and then point forward to a set of emerging specifications that are the first thing I've seen in a long time that really look like they could actually make a dent in the problem.

I think a little bit about a road map towards getting there so to start I want

jmandel /
Last active Jan 8, 2020
Desiging a framework for triggered notifications in FHIR

Proposal: Triggered Notifications

Use case: subscribing to specific lab observations

FHIR offers a REST API that lets clients search for resources on demand. Separately, there is a Messaging API that allows notifications to be "pushed" from one place to another. But neither API provides a clean solution to a common set of real-world "triggering" or notification-type requirements.

For example, let's say Mt. Auburn Hospital's Mother and Infant Unit wants to

jmandel /
Last active Nov 27, 2019
Quick Start Guide for SMART on FHIR Servers: Growth Charts

Getting started implementing a SMART on FHIR server

This is a getting-started guide for SMART on FHIR server developers who want to support the SMART Growth Charts app. For background, SMART on FHRI is a plug-in app platform for health apps based on open standards.

To run SMART's open-source Growth Charts app against your own SMART on FHIR server, you'll need to:

  1. Expose clinical data using FHIR Patient and Observation resources
  2. Protect your clinical data via the SMART on FHIR Authorization protocols(based on OAuth2).

To get up and running as easily as possible, this Quick-start guide helps you through two scenarios: first, to run the app in debugging mode against an unprotected server, and second, to get the app running against an OAuth2-protected server.

jmandel / gist:c9ac24d8e37ea9998a96
Created Nov 21, 2015
Travis CI webhook example full request with headers and body
View gist:c9ac24d8e37ea9998a96
--> POST / HTTP/1.1
--> User-Agent: Faraday v0.9.2
--> Authorization: [redacted]
--> Travis-Repo-Slug: hl7-fhir/fhir-svn
--> Content-Type: application/x-www-form-urlencoded
--> Accept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3
--> Accept: */*
--> Connection: close
--> Host:
--> Content-Length: 12261
jmandel / careevolution.json
Last active Sep 15, 2019
CARIN Blue Button Examples from FHIR 2019-09 Connectathon
View careevolution.json
"resourceType": "Bundle",
"type": "searchset",
"total": 3,
"link": [
"relation": "self",
"url": ""
curl -X POST \
'$submit' \
--data @sample-request.json