[Openid-specs-heart] Identity, Directory, Agency in UMA

Glen Marshall [SRS] gfm at securityrs.com
Tue Feb 16 20:01:35 UTC 2016

Although I always welcome alternative views, the larger context of the use case I authored was to support current clinical research CDRNs and PCORnet’s efforts, offering a path toward greater patient control.  This includes reasonable real-world policy assumptions for IRBs and CDRNs.  It contributes to a known need for standardization of IRBs.  Any alternatives should also consider that context in its objectives.

I’d rather see an additional use case supporting PPRNs, in which patients voluntarily contribute health data and share it among themselves as well as researchers.  There are use cases for anonymized contributions as well as non-anonymous.  The key is ongoing patient participation.

For example, as a sleep apnea patient, I am a member of a data-sharing support group on https://myapnea.org/.  This includes member-to-member support, non-anonymously, as well as anonymous research surveys.  The privacy model, and its implementation, needs improvement and could benefit from a standardized approach.

Another alternative for a new use case is to support pragmatic clinical research, such as the massive COPD study I mentioned in our last phone call.  See https://www.nihcollaboratory.org/Pages/GR-Slides-02-12-16.pdf for the presentation slides.

Glen F. Marshall
Security Risk Solutions, Inc.
698 Fishermans Bend
Mount Pleasant, SC 29464
Tel: (610) 644-2452
Mobile: (610) 613-3084
gfm at securityrs.com

From: Openid-specs-heart [mailto:openid-specs-heart-bounces at lists.openid.net] On Behalf Of Josh Mandel
Sent: Tuesday, February 16, 2016 14:21
To: Adrian Gropper <agropper at healthurl.com>
Cc: openid-specs-heart at lists.openid.net
Subject: Re: [Openid-specs-heart] Identity, Directory, Agency in UMA

I've read this doc and littered it with questions and comments. In short: the proposal doesn't make technical sense to me, but I think I understand your desired outcomes. Perhaps best would be to start with an explicit list of these outcomes instead of attempting a complete protocol flow. I'm inferring these are:

1. A patient can participate in research by making her data, de-identified, available to researchers in a flexible way.
2. A patient should be able to create distinct "personas" such that two researchers would each see a different persona (same de-identified data, but no link telling Researcher A and Researcher B that they're dealing with the same patient).

Is that right? Are there others?

On Tue, Feb 16, 2016 at 2:02 PM, Adrian Gropper <agropper at healthurl.com<mailto:agropper at healthurl.com>> wrote:

This is an attempt at a more general alternative to the HEART research use case. I use participant to stand for either a patient or a clinician with PII resources.

Consider this a very early draft to start discussion and not a fully thought-through solution.

Can this work? Please comment on this thread if you make changes to the document.



Adrian Gropper MD

HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/<https://urldefense.proofpoint.com/v2/url?u=http-3A__patientprivacyrights.org_donate-2D2_&d=BQMFaQ&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=c7b1QeR755-dBx2b0xnlepDTylromoEzcLl-6ixmBL3TpXSxSvtAvT553fzSgLpm&m=0FMJmhehRNrnCD-vrLGsH76o-LxCfR27wIjx564HTxU&s=HfJbO0I2FJIxcMir8mTEllHJy-pySoZPHot6WRJHeK4&e=>

Openid-specs-heart mailing list
Openid-specs-heart at lists.openid.net<mailto:Openid-specs-heart at lists.openid.net>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160216/ad014b63/attachment.html>

More information about the Openid-specs-heart mailing list