[Openid-specs-heart] Deriving HEART and FHIR from HIPAA
Glen Marshall [SRS]
gfm at securityrs.com
Mon Jan 11 23:11:25 UTC 2016
I would prefer we not tie HEART to a US regulatory guidance document.
Such things change based on the political winds and on whoever is
interpreting the documents. In addition, OCR's view represents a
minimum, with stronger state regulations -- and there are many of those
-- taking precedence. And patients may opt for lesser privacy
restrictions. Additionally, it is not clear to me that HEART is
US-domain only, at least in the longer term. Other nations may want to
use the profiles. A much more stable basis is needed.
What is needed, IMHO, is a clear way to populate the profiles with
policies and patient preferences and to keep them up-to-date as things
change. We need to profile that dynamic environment.
*Glen F. Marshall*
Consultant
Security Risk Solutions, Inc.
698 Fishermans Bend
Mount Pleasant, SC 29464
Tel: (610) 644-2452
Mobile: (610) 613-3084
gfm at securityrs.com
www.SecurityRiskSolutions.com
On 1/8/16 22:49, Adrian Gropper wrote:
>
> /(Apologies for cross-posting in the hope that the groups will
> communicate via comments in the shared document
> <http://bit.ly/HEARTfromHIPAA>. If you want edit access, please
> contact me directly)/
>
>
> Can we expedite a consensus on the HEART profiles directly from HIPAA
> rather than just use-cases? The recent release of detailed and
> up-to-date guidance from the Office for Civil Rights.
> http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html
>
> makes this relatively easy. Although it doesn’t answer every question,
> this approach, like HIPAA itself, establishes a baseline of
> functionality for HEART and can clarify the remaining technical and
> policy issues. In addition, deriving the baseline of functionality
> from HIPAA also helps to inform the HL7-FHIR standards and their
> relationship to HEART.
>
>
> To begin this process, I’ve copied out a few relevant sections of the
> OCR guidance document
> <http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html>below
> and have added initial comments that relate to HEART. If we can reach
> consensus on interpretation of these comments in HEART, then consensus
> on the scope and content of the HEART profiles should be relatively
> easy. Furthermore, this approach makes it much easier to inform FHIR,
> Argonaut, and SMART to the extent that optionality will be constrained
> by linking FHIR to the HIPAA privacy rule.
>
>
> The initial comments in the Google doc are classified (1-9) according
> to what particular aspect of patient-directed interface is being
> addressed. I hope we can use the following weeks to resolve any
> objections to the interpretations of HIPAA in terms of FHIR and HEART.
> If we succeed, I believe the baseline HEART profiles will then become
> a straightforward technical exercise. Beyond this baseline, we can
> then revisit the use-cases to see what additional features or issues
> need to be addressed.
>
> Happy New Year and thank you OCR!
>
> Adrian
>
>
>
> --
>
> Adrian Gropper MD
>
> PROTECT YOUR FUTURE - RESTORE Health Privacy!
> HELP us fight for the right to control personal health data.
> DONATE: http://patientprivacyrights.org/donate-2/
>
>
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-heart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160111/76f7fd21/attachment.html>
More information about the Openid-specs-heart
mailing list