[Openid-specs-heart] Draft HEART Meeting Notes 2015-08-03
Sarah Squire
sarah at engageidentity.com
Mon Aug 3 21:03:27 UTC 2015
Attending:
Debbie Bucci
Catherine Schulten
Sarah Squire
Justin Richer
Adrian Gropper
Glen Marshall
Eve Maler
Abbie Barbir
Obi Ogbanufe
Corey Spears
Thompson Boyd
Tom Sullivan
Jeremy Maxwell
Edmund Jay
John Moehrke
Jim Kragh
Jeffrey Shultz
Josh Mandel
Chad Evans
Next steps:
2pm EDT Wednesday, August 5th, a group will meet to discuss the technical
profiles.
The group will continue to work on this use case in the Google Doc.
Next week we will discuss scopes and the next use case.
Notes:
We reviewed the “Alice Enrolls with PCP and Sets Up Two-Way Exchange of
Personal Data [OAuth Only]” use case.
We decided to use the term PHR rather than CFA. PHR is more specific and
more commonly used.
We decided to replace “cloud-based” with the more general “internet-facing”
to describe Alice’s PHR in order to clarify without having to specify
unnecessary details about service hosting.
We discussed what the problem statement should be and decided that Bill
should ultimately review that and contribute. Our rough idea is “EHR and
PHR orgs know each other but require Alice’s consent to bridge them”
We discussed the idea that consent is a two-way transaction, and that we
have captured that in the use case by assuming that the EHR and PHR have a
predefined agreement to allow Alice-to-Alice sharing.
We decided not to include a suggested addition of a technical precondition
to track Alice physically at her PCP. Every EHR has an MPI - master patient
index. This registry includes all activity across providers using that EHR.
All access management systems have the ability to identify a person and
associate them with a record, so this does not need to be specifically
addressed in this use case.
Should we point to a reference to define OAuth entity roles? Or should we
write out the definitions in every use case? We decided to write out the
definitions.
We decide to replace consumption and insertion with read and write.
We discussed the definitions of EHR and PHR. A PHR is “untethered” in that
it has no business relationship to a care provider, and it is controlled by
the patient. An EHR is “tethered” in that it has a business relationship
with a care provider, and it is controlled by the care provider.
The group will continue to work on this use case in the google doc. We will
move onto scopes and the next use case next week.
Sarah Squire
Engage Identity
http://engageidentity.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20150803/888e261f/attachment.html>
More information about the Openid-specs-heart
mailing list