Please check out the technical wiki and email to get invited to this GitHub project.

Application Programming Interfaces or APIs are everywhere from your electronic health record, to your car, to your wearable, and even to your implant. These APIs share your most personal information via the Internet and are typically subject to your consent through a so-called Authorization Server. The Authorization Server is, in the legal sense, acting as your Agent and follows well established Agency Law.

All sorts of businesses, including Apple, Google, and Facebook are eager to serve as your Authorization Agent because they benefit from access to your personal data. But that benefit also comes at a cost to your privacy and represents a business risk to the doctor or device manufacturer that would prefer to have a direct relationship with you as the customer.

As OAuth web API standards are now available, a new opportunity arises in the provision of a standardized personal OAuth Authorization Server. As with other personal agents such as your Firefox browser, or FreedomBox personal cloud, the project we’re calling HIE of One will be open source and owned by nobody but you.

This consumer-focused implementation of the UMA Authorization Server will not force the person to accept a broker or other institution as her agent with all of the privacy risks and potential conflicts of interest that entails.

Project Goal

HIE of One will provide a standards-based platform for durable relationship between customers and vendors. Our approach lowers the barrier to adoption by the vendors by:

The benefit of this approach to both the customer and the vendor is trust, in that valuable behavioral data does not leak to intermediary brokers. We will use UMA 1.0.1 as the core standard and suggest changes for UMA as gaps are identified.


A 14-minute video of a proof-of-concept demo by Michael Chen, MD and a write-up by another family physician.

Baseline HEART Sequence Diagram is a step-by-step example.