Health 2.0 at the CCR Workshop in San Diego and thoughts about Google’s Subauth, by Indu Subaiya

InduYesterday we attended David Kibbe’s CCR workshop in San Diego and learned lots about XML and the
utility of the continuity of care record in many different settings.  For more info about the CCR, read David’s posts on the topic – here and here.

Over the course of the workshop, there were presentations by Rick Peters, the chief architect of the
CCR who has recently left a PBM start-up to look at several new
opportunities, Steve Waldren of the AAFP, Michael Rosenthal from Minute Clinic and Google’s
Jerry Lin. In the audience were people from Microsoft (Healthvault),
Qualcomm, Rediclinic, Patients Like Me, Edmund Billings from OpenHealth
and Michael Mee, who is working with Adam Bosworth on his new gig, and
a host of tech companies and provider groups offering or trying to
implement the CCR functionality respectively.

Google’s Jerry Lin sparked a heated debate about security and
authentication and whether username and password based systems were
enough or whether you needed 2 factor or 3 factor authentication.
Google’s subauth was pretty cool I thought although the open source
version known as oauth
is more likely to be relevant to apps outside of

Subauth is a way for user data to be shared across websites.
According to Jerry, the old model of multiple usernames and passwords
is bad because it impersonates the user and someone who wants to do
harm can simply pose as you if they have access to your information.
Subauth is a way for users to authenticate on Google’s website so that
third-party websites can gain access to user data without needing the
user to re-enter a username and password on the third-party website.
After the user authenticates on Google, a token is passed to the
third-party website (say Flickr) where it can be stored for future
to user data. What does this have to do with healthcare?  Presumably,
if I stored my health records on Google, other websites could directly
publish to my account without
my needing to re-authenticate myself at that third-party website.
for Google Health, but if you’re not storing your records on Google
then Google subauth is just a good example of how sites can build trust
networks with each other to facilitate the flow of sensitive

When we were not at the workshop, we charged around San Diego scoping out venues for the party for the upcoming Health 2.0 conference.

From rooftop decks with swimming pools, to sushi bars and blues clubs, we got a tour of the best the Gaslamp district had to offer. After calamari and drinks on the house and tours by attractive sales staff, Matthew has decided he’s leaving healthcare policy and technology blogging to become a professional event planner.

Here are Matthew and our Event Manager extraordinaire, Sara Walker, at the House of Blues.


And here’s Matthew pretending to take a very important call laid out on
the throne on the roof of the Ivy Hotel after its 90 million dollar


Indu Subaiya

Leave a Reply

Your email address will not be published. Required fields are marked *