[Openid-specs-heart] Draft HEART Meeting Notes 2015-08-03

Sarah Squire sarah at engageidentity.com
Mon Aug 3 21:03:27 UTC 2015


Attending:

Debbie Bucci

Catherine Schulten

Sarah Squire

Justin Richer

Adrian Gropper

Glen Marshall

Eve Maler

Abbie Barbir

Obi Ogbanufe

Corey Spears

Thompson Boyd

Tom Sullivan

Jeremy Maxwell

Edmund Jay

John Moehrke

Jim Kragh

Jeffrey Shultz

Josh Mandel

Chad Evans

Next steps:

2pm EDT Wednesday, August 5th, a group will meet to discuss the technical
profiles.

The group will continue to work on this use case in the Google Doc.

Next week we will discuss scopes and the next use case.

Notes:

We reviewed the “Alice Enrolls with PCP and Sets Up Two-Way Exchange of
Personal Data [OAuth Only]” use case.

We decided to use the term PHR rather than CFA. PHR is more specific and
more commonly used.

We decided to replace “cloud-based” with the more general “internet-facing”
to describe Alice’s PHR in order to clarify without having to specify
unnecessary details about service hosting.

We discussed what the problem statement should be and decided that Bill
should ultimately review that and contribute. Our rough idea is “EHR and
PHR orgs know each other but require Alice’s consent to bridge them”

We discussed the idea that consent is a two-way transaction, and that we
have captured that in the use case by assuming that the EHR and PHR have a
predefined agreement to allow Alice-to-Alice sharing.

We decided not to include a suggested addition of a technical precondition
to track Alice physically at her PCP. Every EHR has an MPI - master patient
index. This registry includes all activity across providers using that EHR.
All access management systems have the ability to identify a person and
associate them with a record, so this does not need to be specifically
addressed in this use case.

Should we point to a reference to define OAuth entity roles? Or should we
write out the definitions in every use case? We decided to write out the
definitions.

We decide to replace consumption and insertion with read and write.

We discussed the definitions of EHR and PHR. A PHR is “untethered” in that
it has no business relationship to a care provider, and it is controlled by
the patient. An EHR is “tethered” in that it has a business relationship
with a care provider, and it is controlled by the care provider.

The group will continue to work on this use case in the google doc. We will
move onto scopes and the next use case next week.


Sarah Squire
Engage Identity
http://engageidentity.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20150803/888e261f/attachment.html>


More information about the Openid-specs-heart mailing list