[Openid-specs-heart] Draft HEART meeting notes 2015-06-01
sarah at engageidentity.com
Tue Jun 2 03:19:14 UTC 2015
The patient should be given a FHIR API endpoint whether they ask for it or
not. They can choose to authorize various things to use the API, but they
shouldn’t have to ask for it.
The opt-in/opt-out choice comes when Alice chooses whether or not to
authorize a client.
Alice can move information between her PHR and PCP portal, or request that
information be synced automatically as it is added. The details of how that
two-way sync could be accomplished has yet to be fleshed out.
Alice’s authorization servers will have white lists, black lists, and gray
lists, which will determine the policy by which the authorization server
agrees to register a client. Trust frameworks can provide a default policy.
Alice can express her own policy preferences at run-time.
Alice’s FHIR identifier within all systems would be a unique URI. Ideally,
this would be discovered automatically, but Alice should be able to paste
it in manually in the case where discovery fails.
Alice can choose whether to do a one-time import of her information at
registration, or to authorize an ongoing sync that allows new information
to be imported every time it is added. The information that is imported
into a client may or may not be used to update existing information. The
client can also give Alice the option to refresh the cache that is being
used by the client.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-heart