[Openid-specs-heart] Dissecting the Release of information form

John Moehrke johnmoehrke at gmail.com
Wed Jul 20 22:58:15 UTC 2016 

Yeah

On Jul 20, 2016 5:23 PM, "Debbie Bucci" <debbucci at gmail.com> wrote:

> Glen
>
> What struck me about the ROI is the potential to use as an example for
> general use.   All along Adrian had been trying to point out the
> similarities and only until recently have I begun to understand the how
> parts of the UMA protocol could be used to effectively describe (and
> essentially is ) an authorization for release of info.
>
> I'd also like to propose that although the confidentiality codes may not
> be used in FHIR the vocabulary has been accepted by HL7 so why couldn't
> that be used as a scope that all would consume and understand?  How the
> value iRS chooses to process out of scope.  Would f my that be a baby step
> in the right direction?
>
>
> On July 19, 2016, at 12:34 PM, "Glen Marshall [SRS]" <gfm at securityrs.com>
> wrote:
>
>
> While I think that mapping a Release of Information form onto UMA protocol
> data would be useful as a proof of concept exercise, I am left wondering:
>
> ·         The form itself is just an instance.
>
> o   Has it been vetted for peer review at the policy level, i.e., can it
> be easily adapted for more general use?
>
> o   Is there a compendium of federal and state requirements we can
> reference, or can we use a reasonable guess to start the analysis without
> extensive debate?  We need to avoid the 42CFR quicksand, and similar
> well-bounded cases.
>
> o   Is there some general user experience design guidance – paper or
> on-screen – for collecting Release of Information from patients or their
> authorized representatives?
>
> o   How can we minimize the cognitive challenges that sick people have
> when presented with a sheaf of forms to sign when seeking treatment?
>
> o   Is this work in-scope for HEART?
>
> ·         Are we going to propose a standardized API for such mapping?
>
> o   Is this work in-scope for HEART?
>
>
>
> I think the most useful outcome of this line if inquiry is proof that
> OAuth and UMA can be used for health care data access control, without
> extensions or with a small set of extensions.
>
>
>
> Glen
>
>
>
> Glen F. Marshall
>
> Consultant
>
> Security Risk Solutions, Inc.
>
> 698 Fishermans Bend
>
> Mount Pleasant, SC 29464
>
> Tel: (610) 644-2452
>
> Mobile: (610) 613-3084
>
> gfm at securityrs.com
>
> www.SecurityRiskSolutions.com <http://www.securityrisksolutions.com/>
>
>
>
>
>
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160720/57c3e13d/attachment.html>

More information about the Openid-specs-heart mailing list