[Openid-specs-heart] Deriving HEART and FHIR from HIPAA

Glen Marshall [SRS] gfm at securityrs.com
Mon Jan 11 23:11:25 UTC 2016


I would prefer we not tie HEART to a US regulatory guidance document.  
Such things change based on the political winds and on whoever is 
interpreting the documents.  In addition, OCR's view represents a 
minimum, with stronger state regulations -- and there are many of those 
-- taking precedence.   And patients may opt for lesser privacy 
restrictions.  Additionally, it is not clear to me that HEART is 
US-domain only, at least in the longer term.  Other nations may want to 
use the profiles.  A much more stable basis is needed.

What is needed, IMHO, is a clear way to populate the profiles with 
policies and patient preferences and to keep them up-to-date as things 
change.  We need to profile that dynamic environment.

*Glen F. Marshall*
Consultant
Security Risk Solutions, Inc.
698 Fishermans Bend
Mount Pleasant, SC 29464
Tel: (610) 644-2452
Mobile: (610) 613-3084
gfm at securityrs.com
www.SecurityRiskSolutions.com

On 1/8/16 22:49, Adrian Gropper wrote:
>
> /(Apologies for cross-posting in the hope that the groups will 
> communicate via comments in the shared document 
> <http://bit.ly/HEARTfromHIPAA>. If you want edit access, please 
> contact me directly)/
>
>
> Can we expedite a consensus on the HEART profiles directly from HIPAA 
> rather than just use-cases? The recent release of detailed and 
> up-to-date guidance from the Office for Civil Rights. 
> http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html
>
> makes this relatively easy. Although it doesn’t answer every question, 
> this approach, like HIPAA itself, establishes a baseline of 
> functionality for HEART and can clarify the remaining technical and 
> policy issues. In addition, deriving the baseline of functionality 
> from HIPAA also helps to inform the HL7-FHIR standards and their 
> relationship to HEART.
>
>
> To begin this process, I’ve copied out a few relevant sections of the 
> OCR guidance document 
> <http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html>below 
> and have added initial comments that relate to HEART. If we can reach 
> consensus on interpretation of these comments in HEART, then consensus 
> on the scope and content of the HEART profiles should be relatively 
> easy. Furthermore, this approach makes it much easier to inform FHIR, 
> Argonaut, and SMART to the extent that optionality will be constrained 
> by linking FHIR to the HIPAA privacy rule.
>
>
> The initial comments in the Google doc are classified (1-9) according 
> to what particular aspect of patient-directed interface is being 
> addressed. I hope we can use the following weeks to resolve any 
> objections to the interpretations of HIPAA in terms of FHIR and HEART. 
> If we succeed, I believe the baseline HEART profiles will then become 
> a straightforward technical exercise. Beyond this baseline, we can 
> then revisit the use-cases to see what additional features or issues 
> need to be addressed.
>
> Happy New Year and thank you OCR!
>
> Adrian
>
>
>
> -- 
>
> Adrian Gropper MD
>
> PROTECT YOUR FUTURE - RESTORE Health Privacy!
> HELP us fight for the right to control personal health data.
> DONATE: http://patientprivacyrights.org/donate-2/
>
>
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-heart

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160111/76f7fd21/attachment.html>


More information about the Openid-specs-heart mailing list