[Openid-specs-heart] Deriving HEART and FHIR from HIPAA

Tue Jan 12 01:37:20 UTC 2016

January 11, 2016 8:30 PM ET

I totally agree with Glen Marshall not to tie HEART to a Regulatory or
Guidance Document.

Maintaining an International perspective is likely of strategic importance.

Thompson Boyd

On Mon, Jan 11, 2016 at 6:11 PM, Glen Marshall [SRS] <gfm at securityrs.com>
wrote:

> I would prefer we not tie HEART to a US regulatory guidance document.
> Such things change based on the political winds and on whoever is
> interpreting the documents.  In addition, OCR's view represents a minimum,
> with stronger state regulations -- and there are many of those -- taking
> precedence.   And patients may opt for lesser privacy restrictions.
> Additionally, it is not clear to me that HEART is US-domain only, at least
> in the longer term.  Other nations may want to use the profiles.  A much
> more stable basis is needed.
>
> What is needed, IMHO, is a clear way to populate the profiles with
> policies and patient preferences and to keep them up-to-date as things
> change.  We need to profile that dynamic environment.
>
> *Glen F. Marshall*
> Consultant
> Security Risk Solutions, Inc.
> 698 Fishermans Bend
> Mount Pleasant, SC 29464
> Tel: (610) 644-2452
> Mobile: (610) 613-3084
> gfm at securityrs.com
> www.SecurityRiskSolutions.com
> On 1/8/16 22:49, Adrian Gropper wrote:
>
> *(Apologies for cross-posting in the hope that the groups will communicate
> via comments in the shared document <http://bit.ly/HEARTfromHIPAA>. If you
> want edit access, please contact me directly)*
>
>
> Can we expedite a consensus on the HEART profiles directly from HIPAA
> rather than just use-cases? The recent release of detailed and up-to-date
> guidance from the Office for Civil Rights.
> <http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html>
> http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html
>
> makes this relatively easy. Although it doesn’t answer every question,
> this approach, like HIPAA itself, establishes a baseline of functionality
> for HEART and can clarify the remaining technical and policy issues. In
> addition, deriving the baseline of functionality from HIPAA also helps to
> inform the HL7-FHIR standards and their relationship to HEART.
>
> To begin this process, I’ve copied out a few relevant sections of the OCR
> guidance document
> <http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html>
> below and have added initial comments that relate to HEART. If we can reach
> consensus on interpretation of these comments in HEART, then consensus on
> the scope and content of the HEART profiles should be relatively easy.
> Furthermore, this approach makes it much easier to inform FHIR, Argonaut,
> and SMART to the extent that optionality will be constrained by linking
> FHIR to the HIPAA privacy rule.
>
> The initial comments in the Google doc are classified (1-9) according to
> what particular aspect of patient-directed interface is being addressed. I
> hope we can use the following weeks to resolve any objections to the
> interpretations of HIPAA in terms of FHIR and HEART. If we succeed, I
> believe the baseline HEART profiles will then become a straightforward
> technical exercise. Beyond this baseline, we can then revisit the use-cases
> to see what additional features or issues need to be addressed.
>
> Happy New Year and thank you OCR!
>
> Adrian
>
>
>
> --
>
> Adrian Gropper MD
>
> PROTECT YOUR FUTURE - RESTORE Health Privacy!
> HELP us fight for the right to control personal health data.
> DONATE: http://patientprivacyrights.org/donate-2/
>
>
> _______________________________________________
> Openid-specs-heart mailing listOpenid-specs-heart at lists.openid.nethttp://lists.openid.net/mailman/listinfo/openid-specs-heart
>
>
>
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160111/f9851d0e/attachment.html>