[Openid-specs-heart] HEART meeting notes 2015-02-02

Mon Feb 2 23:07:19 UTC 2015

Roll call stats

8/14 on the call were members

25 have submitted IPR - reminder - http://openid.net/intellectual-property.
specify the working group as “OpenID HEART"

Listserv count up to 78 (thanks for interest!)

Meeting notes:

Kathleen Connor presented the Privacy on FHIR use case.

·       She works for Mike Davis at the VA.

·       This use case is complicated, but if we can solve it for
healthcare, we can solve it for everything.

·       The idea was to do a pilot with ONC and VA, and there are other
partners, including vendors such as Jericho Systems. This involved, for
example, putting security labels on information.

·       JASON is based on a presidential memorandum on big data. The
Learning Health System is an ecosystem of symbiotic health entities. It’s a
“health Internet of things”.

·       Alice is a veteran nurse (RN). She has a complex health history.
She’s IT-savvy. She needs control in a variety of sharing situations.

·       Consent directives are agreements under law that she can make with
an organization that authorize the use of her information. Kathleen wants
to get to understand how UMA can enable patient control of how health
information is accessed and used. UMA interactions are dependent on a lot
of factors.

·       MU = Meaningful Use.

·       The use case refers to several special regulations, such as 42 CFR
Part 2 (Substance Abuse Information).

·       Tricare = the DoD health system.

·       JASON = a group of scientists advising the US government on health
IT interoperability.

·       Handling caveats = obligations or restrictions on the purpose of
use.

·       Refrains = prohibited actions.

·       The storyboard imagines a single UMA authorization server. The
resource servers register information. Alice can hopefully specify whether
these are registered at a more or less granular level. She could register
her PHR at a granular level while her provider’s EHR may register her
entire record as a resource bundle. Opaque identifiers are required to
prevent leakage.

·       The Apps on FHIR use case is about HIoT.

·       QSO = Qualified Service Organization.

·       (Kathleen's slides have an acronym list at the back.)

·       Discussion:

·       Could this be made more generic, for non-US veterans and for
non-veterans? Yes. The health history timeline and the HIE on FHIR
data-sharing slide (#14) in particular are applicable. However, if the
patient were to try to restrict data sharing, and not authorize a
particular provider where a custodian is another HIPAA provider, because
the PCP has the right under law to disclose information except under
special circumstances. There’s a push for providers to disclose even more
information, as well. As well, the size and “openness” of the app ecosystem
would differ, at least in the case of VA vs. the US healthcare market. HL7
has international reach, so there is input from other countries.

·       It was noted that it’s desirable to move past an assumption of a
closed ecosystem to account for unregistered apps. So this would be a case
of a complication that’s actually more complex than the VA use case.

·       Next steps on these use cases:

·       We recommended boiling them down to “ACE” format for HIPAA-governed
and non-HIPPA-governed versions, eliding the technical portions so we can
reserve that for our actual profiling work.

·       We’ll meet on Feb 16 even though it’s a holiday for some.

·       Technical catchup by Justin: The group voted for an in-depth
presentation. He managed to cover OAuth in the remaining time.

Action Items

·      OIDF Wiki for use cases - Deb Bucci
·      Updated presentation pdf for wiki - Kathleen Connor
·      Kathleen: Revise and boil down the VA use cases.
·      Adrian (if desired): Map the currently submitted use cases to the
Venn diagram.

Tenative next week

·       20 minute review VA use case in ACE format
·       OpenID Connect - hopefully Justin pick up where he left off
·       UMA - Eve Maler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20150202/36ff2ba3/attachment.html>