[Openid-specs-heart] Deriving HEART and FHIR from HIPAA

Eve Maler eve.maler at forgerock.com
Wed Mar 9 16:11:16 UTC 2016


I know this is a very old thread, but in case anybody takes a look at it in
the archives or something, I just wanted to point out that our charter
<http://openid.net/wg/heart/charter/> in fact says that our use cases will
be internationally applicable in guiding our spec work, and the background
info explains that while the group's impetus was US-oriented, the
communities involved are intended to be worldwide in scope.


*Eve Maler*ForgeRock Office of the CTO | VP Innovation & Emerging Technology
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
New ForgeRock Identity Platform <https://www.forgerock.com> with UMA support
<https://www.forgerock.com/platform/user-managed-access/> and an OpenUMA
community <https://forgerock.org/openuma/>!

On Mon, Jan 11, 2016 at 5:37 PM, Thompson Boyd <thboyd2 at gmail.com> wrote:

> January 11, 2016 8:30 PM ET
>
> I totally agree with Glen Marshall not to tie HEART to a Regulatory or
> Guidance Document.
>
> Maintaining an International perspective is likely of strategic importance.
>
> Thompson Boyd
>
> On Mon, Jan 11, 2016 at 6:11 PM, Glen Marshall [SRS] <gfm at securityrs.com>
> wrote:
>
>> I would prefer we not tie HEART to a US regulatory guidance document.
>> Such things change based on the political winds and on whoever is
>> interpreting the documents.  In addition, OCR's view represents a minimum,
>> with stronger state regulations -- and there are many of those -- taking
>> precedence.   And patients may opt for lesser privacy restrictions.
>> Additionally, it is not clear to me that HEART is US-domain only, at least
>> in the longer term.  Other nations may want to use the profiles.  A much
>> more stable basis is needed.
>>
>> What is needed, IMHO, is a clear way to populate the profiles with
>> policies and patient preferences and to keep them up-to-date as things
>> change.  We need to profile that dynamic environment.
>>
>> *Glen F. Marshall*
>> Consultant
>> Security Risk Solutions, Inc.
>> 698 Fishermans Bend
>> Mount Pleasant, SC 29464
>> Tel: (610) 644-2452
>> Mobile: (610) 613-3084
>> gfm at securityrs.com
>> www.SecurityRiskSolutions.com
>> On 1/8/16 22:49, Adrian Gropper wrote:
>>
>> *(Apologies for cross-posting in the hope that the groups will
>> communicate via comments in the shared document
>> <http://bit.ly/HEARTfromHIPAA>. If you want edit access, please contact me
>> directly)*
>>
>>
>> Can we expedite a consensus on the HEART profiles directly from HIPAA
>> rather than just use-cases? The recent release of detailed and up-to-date
>> guidance from the Office for Civil Rights.
>> <http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html>
>> http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html
>>
>> makes this relatively easy. Although it doesn’t answer every question,
>> this approach, like HIPAA itself, establishes a baseline of functionality
>> for HEART and can clarify the remaining technical and policy issues. In
>> addition, deriving the baseline of functionality from HIPAA also helps to
>> inform the HL7-FHIR standards and their relationship to HEART.
>>
>> To begin this process, I’ve copied out a few relevant sections of the OCR
>> guidance document
>> <http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html>
>> below and have added initial comments that relate to HEART. If we can reach
>> consensus on interpretation of these comments in HEART, then consensus on
>> the scope and content of the HEART profiles should be relatively easy.
>> Furthermore, this approach makes it much easier to inform FHIR, Argonaut,
>> and SMART to the extent that optionality will be constrained by linking
>> FHIR to the HIPAA privacy rule.
>>
>> The initial comments in the Google doc are classified (1-9) according to
>> what particular aspect of patient-directed interface is being addressed. I
>> hope we can use the following weeks to resolve any objections to the
>> interpretations of HIPAA in terms of FHIR and HEART. If we succeed, I
>> believe the baseline HEART profiles will then become a straightforward
>> technical exercise. Beyond this baseline, we can then revisit the use-cases
>> to see what additional features or issues need to be addressed.
>>
>> Happy New Year and thank you OCR!
>>
>> Adrian
>>
>>
>>
>> --
>>
>> Adrian Gropper MD
>>
>> PROTECT YOUR FUTURE - RESTORE Health Privacy!
>> HELP us fight for the right to control personal health data.
>> DONATE: http://patientprivacyrights.org/donate-2/
>>
>>
>> _______________________________________________
>> Openid-specs-heart mailing listOpenid-specs-heart at lists.openid.nethttp://lists.openid.net/mailman/listinfo/openid-specs-heart
>>
>>
>>
>> _______________________________________________
>> Openid-specs-heart mailing list
>> Openid-specs-heart at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>>
>>
>
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160309/d5d30b3b/attachment.html>


More information about the Openid-specs-heart mailing list