[Openid-specs-heart] Dissecting the Release of information form

Adrian Gropper agropper at healthurl.com
Tue Jul 19 03:43:45 UTC 2016


Debbie,

In case it's not on the HEART servers, I've put a copy of the NYP
Authorization Form here:
https://dl.dropboxusercontent.com/u/8909568/NYP%20authorization.pdf

Mapping the NYP Authorization Form to actual UMA protocol is way above my
pay grade. Here's as far as I get (inline):

In the case of Alice authorizing  Dr. Bob:

>
>
>
>    - Alice is the Resource Owner *[Yes. Notice that we have to handle the
>    case where Alice has a Representative sign for her as at the bottom of the
>    form]*
>
>
>    - The requested resource set  - is the protected resource. *[Someone
>    else needs to propose the mapping to standards]*
>    - The resource set would need to have date range.
>       - Form indicates that release of sensitive information is
>       explicitly OPT-IN so a confidentiality code of V (very sensitive) would not
>       release HIV-AIDS/Mental Health/Genetics/Substance Abuse unless explicitly
>       asked for (as a scope?).
>    - Can the Authorization server sign the RPT(ROI) on behalf of Alice?*
>    [Yes. That's the whole point of UMA and HEART as far as I can tell.]*
>    - Probably good hygiene to recommend that claims re: Bob's medical
>    affiliation be recorded as part of the audit or consent receipt if unable
>    to include as part of RPT process. *[Maybe but it seems peripheral.]*
>
> It's important to note that this form is labeled by NYP as an
"authorization" and represents UMA Phase 2 where Dr. Bob is on the scene.
Whoever proposes a mapping to standards needs to also deal with UMA Phase 1
where Alice or her representative tells NYP the address of her UMA
Authorization Server. This happens before Bob is on the scene and is what I
would call "consent".

For the purpose of HEART, could we call UMA Phase 1 consent and UMA Phase 2
authorization?

Adrian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160718/ee9e19c5/attachment.html>


More information about the Openid-specs-heart mailing list