[Openid-specs-heart] HEART 2015-05-11 rough meeting notes

Debbie Bucci debbucci at gmail.com
Mon May 11 22:56:00 UTC 2015 

If we do not have a common understanding - how do we know when we are
conflating the issues?   I found it helpful to walk stepwise through the
use case and understand the complexities.  If we have bucket to sort them
into  - great.
 There are a lot different parts/issue to consider within each component -
which was primarily registration today

Does solving the patient portal =  Alice’s PHR (or PCP portal or vendor
health app)  can be her single point of truth via the use of FHIR APIs ?




On Mon, May 11, 2015 at 6:12 PM, Justin Richer <jricher at mit.edu> wrote:

> I’m with Adrian in terms of decomposing the problem into its components.
> There was a lot of conflation of authentication, authorization, trust,
> assurance, and different actors in the discussion today. If we don’t keep
> the parts clearly-defined we’ll never make progress.
>
>  — Justin
>
>
> On May 11, 2015, at 5:52 PM, Adrian Gropper <agropper at healthurl.com>
> wrote:
>
> I interpreted the principal goal of Bill's Use Case to be a desire to
> solve the multiple portals problem. I'm aware of parents of seriously ill
> children that have as many as 11 separate portals to deal with.
>
> Is this the principal goal of this conversation? If so, then we can begin
> to decompose the goal of solving the multiple portals problem into
> registration, authorization and authentication components for the various
> actors. If there's another goal, please make it clear.
>
> Adrian
>
> On Mon, May 11, 2015 at 5:07 PM, Debbie Bucci <debbucci at gmail.com> wrote:
>
>> All
>>
>> Great idea from Justin to post now and great discussion ... If other post
>> - I will try to merge before the weekend for next week.
>>
>>
>> 1. Alice calls the practice and schedules her initial appointment.
>>
>> A.   The Scheduler does not find an existing account for Alice and
>> creates a new account.
>>
>>                                  i.       Local account – Alice may not
>> know
>>
>>                                 ii.       Could bind an external
>> account/identity to it – binding ceremony
>>
>>                               iii.       Object at database/table – that
>> point to Alice OIDC + Public key or other stuff
>>
>> B.   The Scheduler creates an appointment with the PCP Alice has
>> selected.
>>
>> 2. Alice arrives at the practice and registers with the front desk.
>>
>> A.   Alice provides the Registrar with her driver’s license and insure
>> card(s).
>>
>>                                  i.        – id proofing process
>>
>>                                 ii.       online eligibility checking –
>> what is covered? payment
>>
>>                               iii.       collect and scan – but how
>> about verification ?
>>
>> B.   The Registrar scan the cards and updates Alice’s account.
>>
>>                                  i.       Id proofing
>>
>>                                 ii.       Can this ID process be re-used
>> “known to the practice?”  How can we represent that within the protocols?
>>
>>
>>                               iii.       FITS into vectors of trust in
>> IETF work
>>
>> 1.1.1.2.B.iii.1.              Verify holder of claims/document with
>> identity– high level of confidence
>>
>> 1.1.1.2.B.iii.2.              Onboarding ceremony can bind and verify
>> separately
>>
>> 1.1.1.2.B.iii.3.              Quick photograph and imbed into record for
>> evidence of practice.
>>
>>                                iv.       How does the profiles represent
>> the level of trusts – two levels of proofing  - trust elevation  -
>>
>> 1.1.1.2.B.iv.1.               (bill concerns) Login to phr  - portals
>> will create login account – Alice has a choice – PCP or PHR  - potential
>> to use multiple accounts with different levels of trust – how does the
>> levels of trust get described across relying parties/resource servers (?)
>> How do we know Alice is Alice?
>>
>> 1.1.1.2.B.iv.2.               Alice should have the choice to use
>> whatever. Identity to bind external accounts with local accounts is powerful
>>
>> 1.1.1.2.B.iv.3.               When alice goes to specialist – why would
>> alice need an additional proofing? Specialist can always do their own
>> binding process.
>>
>> 1.1.1.2.B.iv.4.               Who is the system of record – not bound in
>> OAUTH world.  Alice could prove in multi- ways.
>>
>> 1.1.1.2.B.iv.5.               FHIR Referral message – between provider –
>> I am referring to alice –I know here as 1234 – she used cred
>> (issuer/subject) –  if you trust me  - let her in – save binding
>> ceremony.   Who’s to trust bits of information –
>>
>> 1.1.1.2.B.iv.6.               If FHIR API increases patient engagement
>> going forward …once Alice has set up credential –next system –if level of
>> trust – should be able to transfer /share information.
>>
>>                                 v.       More info – vectors of trust
>> and binding … take advantage of capabilities that did not exist in paper
>> world
>>
>> _______________________________________________
>> Openid-specs-heart mailing list
>> Openid-specs-heart at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>>
>>
>
>
> --
> Adrian Gropper MD
> Ensure Health Information Privacy. Support Patient Privacy Rights.
> *http://patientprivacyrights.org/donate-2/*
> <http://patientprivacyrights.org/donate-2/>
>
>  _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20150511/8faa7e97/attachment.html>

More information about the Openid-specs-heart mailing list