[Openid-specs-heart] Draft HEART Meeting Notes 2017-04-25

Thomas Sullivan tsullivan at drfirst.com
Tue Apr 25 21:53:37 UTC 2017


Justin and all,



Here are the several HL7 FHIR  and related references to the "Break the Glass" and "Emergency Access"  definitions and examples, originally from the Mike Davis (Veterans Administration) excerpted paper of 1999 that I cited during the call today.



I attached Mike's entire paper also (HC Requirements...)  which is cited in the  HL7 guide (the pdf document from January 2014).



Tom

Thomas E Sullivan, MD
Chief Strategic Officer
Chief Privacy Officer
[Description: Description: DrFirst_OneLiner_OneLiner_Main]
 DrFirst.com, Inc.
(978) 729-5075 (M)
tsullivan at drfirst.com<mailto:tsullivan at drfirst.com>
sullivan at massmed.org<mailto:sullivan at massmed.org>

________________________________
From: Openid-specs-heart <openid-specs-heart-bounces at lists.openid.net> on behalf of Sarah Squire <sarah at engageidentity.com>
Sent: Tuesday, April 25, 2017 5:08 PM
To: HEART List
Subject: [Openid-specs-heart] Draft HEART Meeting Notes 2017-04-25


Attending:


Debbie Bucci

Celestin Bitjonck

Edmund Jay

Eve Maler

Justin Richer

Luis Maas

Nancy Lush

Sarah Squire

Thomas Sullivan


Justin:

There are two changes to the OAuth FHIR profile. The description of the document has changed to clarify that this applies to any FHIR resource. That was always the intent. There's also new guidance about the patient compartment. We also have new examples of scopes.


Luis:

We might also want to reference the URL of the FHIR specification, but people could find it from the patient compartment website. We might want to say that the normative definitions of these are governed by FHIR, not by us.


Justin:

Agreed. That should be easy to do.


We have changed a MAY to a SHOULD with regard to ETH scopes. I think that still gives enough wiggle room for people to disregard it in special circumstances.


We changed section 2.1 to talk about resources or compartments, since talking about a compartment might be more valuable.


We changed compartments and scope definitions in the UMA FHIR spec.


Eve:

Can you say more about compartments?


Debbie:

It's a resource type that's commonly referenced in FHIR implementations.


Eve:

Great. That makes sense to me.


Justin:

If people can propose example text on the list, that would be very helpful.


We also took out purpose of use. We might see it come back in in a different place, but I don't think that we were using it well.


Nancy:

I think the VA might have been using it. I'll ask them.


Luis:

Fundamentally, it's an assertion by the user, similar to break the glass


Justin:

Right, break the glass is a scope.


Luis:

Does the break the glass section belong in the OAuth spec or the UMA spec?


Justin:

It's in both. It's defined in OAuth and referenced in UMA.


Thomas:

I just sent the break the glass text used by the VA.


Debbie:

Is emergency access different from break the glass?


Luis:

So typically hipaa describes emergency access as like when the system is down, whereas break the glass is getting access to something you wouldn't normally have.


Debbie:

So really we're talking about break the glass.


Luis:

Right.


Debbie:

So there's no meeting next Monday. We have an open review period and then a vote, and then they're published as implementer's drafts. It was suggested by the OpenID Foundation that once the drafts are final, we should still keep the group active so implementers can ask questions.

Sarah Squire
Engage Identity
http://engageidentity.com<http://engageidentity.com/>
Notice of Confidentiality: The information included and/or attached in this electronic mail transmission may contain confidential or privileged information and is intended for the addressee. Any unauthorized disclosure, reproduction, distribution or the taking of action in reliance on the contents of the information is prohibited. If you believe that you have received the message in error, please notify the sender by reply transmission and delete the message without copying or disclosing it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20170425/c1cbf8b1/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: HCS Guide pub final.pdf
Type: application/pdf
Size: 3225756 bytes
Desc: HCS Guide pub final.pdf
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20170425/c1cbf8b1/attachment-0001.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: BTG references.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 118024 bytes
Desc: BTG references.docx
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20170425/c1cbf8b1/attachment-0001.docx>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: HC Requirements Emergency Access.doc
Type: application/msword
Size: 107520 bytes
Desc: HC Requirements Emergency Access.doc
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20170425/c1cbf8b1/attachment-0001.doc>


More information about the Openid-specs-heart mailing list