<div dir="ltr">I know this is a very old thread, but in case anybody takes a look at it in the archives or something, I just wanted to point out that <a href="http://openid.net/wg/heart/charter/">our charter</a> in fact says that our use cases will be internationally applicable in guiding our spec work, and the background info explains that while the group's impetus was US-oriented, the communities involved are intended to be worldwide in scope.</div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">
<p><b>Eve Maler<br></b>ForgeRock Office of the CTO | VP Innovation & Emerging Technology<br>Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl<br>New <a href="https://www.forgerock.com" target="_blank">ForgeRock Identity Platform</a> with <a href="https://www.forgerock.com/platform/user-managed-access/" target="_blank">UMA support</a> and an <a href="https://forgerock.org/openuma/" target="_blank">OpenUMA community</a>!</p></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Mon, Jan 11, 2016 at 5:37 PM, Thompson Boyd <span dir="ltr"><<a href="mailto:thboyd2@gmail.com" target="_blank">thboyd2@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">January 11, 2016 8:30 PM ET<div><br></div><div>I totally agree with Glen Marshall not to tie HEART to a Regulatory or Guidance Document. </div><div><br></div><div>Maintaining an International perspective is likely of strategic importance.</div><span class="HOEnZb"><font color="#888888"><div><br></div><div>Thompson Boyd </div></font></span></div><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Mon, Jan 11, 2016 at 6:11 PM, Glen Marshall [SRS] <span dir="ltr"><<a href="mailto:gfm@securityrs.com" target="_blank">gfm@securityrs.com</a>></span> wrote:<br></span><div><div class="h5"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
I would prefer we not tie HEART to a US regulatory guidance
document. Such things change based on the political winds and on
whoever is interpreting the documents. In addition, OCR's view
represents a minimum, with stronger state regulations -- and there
are many of those -- taking precedence. And patients may opt for
lesser privacy restrictions. Additionally, it is not clear to me
that HEART is US-domain only, at least in the longer term. Other
nations may want to use the profiles. A much more stable basis is
needed.<br>
<br>
What is needed, IMHO, is a clear way to populate the profiles with
policies and patient preferences and to keep them up-to-date as
things change. We need to profile that dynamic environment. <br>
<div>
<p><b>Glen F. Marshall</b><br>
Consultant<br>
Security Risk Solutions, Inc.<br>
698 Fishermans Bend<br>
Mount Pleasant, SC 29464<br>
Tel: <a href="tel:%28610%29%20644-2452" value="+16106442452" target="_blank">(610) 644-2452</a><br>
Mobile: <a href="tel:%28610%29%20613-3084" value="+16106133084" target="_blank">(610) 613-3084</a><br>
<a href="mailto:gfm@securityrs.com" target="_blank">gfm@securityrs.com</a><br>
<a href="http://www.SecurityRiskSolutions.com" target="_blank">www.SecurityRiskSolutions.com</a></p>
</div>
<div>On 1/8/16 22:49, Adrian Gropper wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div>
<p style="line-height:1.656;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><i>(Apologies
for cross-posting in the hope that the groups will
communicate via comments in the shared <a href="http://bit.ly/HEARTfromHIPAA" target="_blank">document</a>. If
you want edit access, please contact me directly)</i><br>
</p>
<p dir="ltr" style="line-height:1.656;margin-top:0pt;margin-bottom:0pt"><br>
</p>
<p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">Can
we expedite a consensus on the HEART profiles directly
from HIPAA rather than just use-cases? The recent
release of detailed and up-to-date guidance from the
Office for Civil Rights. </span><a href="http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html" style="text-decoration:none" target="_blank"><span style="font-size:14.6667px;font-family:Arial;color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline"></span></a><a href="http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html" target="_blank">http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html</a></p>
<p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">makes
this relatively easy. Although it doesn’t answer every
question, this approach, like HIPAA itself,
establishes a baseline of functionality for HEART and
can clarify the remaining technical and policy issues.
In addition, deriving the baseline of functionality
from HIPAA also helps to inform the HL7-FHIR standards
and their relationship to HEART.</span></p>
<br>
<p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">To
begin this process, I’ve copied out a few relevant
sections of the OCR guidance </span><a href="http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html" style="text-decoration:none" target="_blank"><span style="font-size:14.6667px;font-family:Arial;color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline">document</span></a><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">
below and have added initial comments that relate to
HEART. If we can reach consensus on interpretation of
these comments in HEART, then consensus on the scope
and content of the HEART profiles should be relatively
easy. Furthermore, this approach makes it much easier
to inform FHIR, Argonaut, and SMART to the extent that
optionality will be constrained by linking FHIR to the
HIPAA privacy rule.</span></p>
<br>
<span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">The
initial comments in the Google doc are classified (1-9)
according to what particular aspect of patient-directed
interface is being addressed. I hope we can use the
following weeks to resolve any objections to the
interpretations of HIPAA in terms of FHIR and HEART. If
we succeed, I believe the baseline HEART profiles will
then become a straightforward technical exercise. Beyond
this baseline, we can then revisit the use-cases to see
what additional features or issues need to be addressed.</span><br>
</div>
<font size="2"><br>
</font></div>
<font size="2">Happy New Year and thank you OCR!</font></div>
<div><font size="2"><br>
</font></div>
<font size="2">Adrian<br>
</font>
<div>
<div><font size="2"><br>
<br clear="all">
</font>
<div><br>
-- <br>
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div><br>
<div dir="ltr">Adrian Gropper MD<span style="font-size:11pt"></span><br>
<br>
<span style="font-family:"Arial",sans-serif;color:rgb(31,73,125)">PROTECT
YOUR FUTURE - RESTORE Health Privacy!</span><span style="font-family:"Arial",sans-serif;color:rgb(31,73,125)"><br>
HELP us fight for the right to control
personal health data.</span><span style="font-family:"Arial",sans-serif;color:rgb(31,73,125)"></span><span style="font-family:"Arial",sans-serif;color:rgb(31,73,125)"><br>
DONATE:
<a href="http://patientprivacyrights.org/donate-2/" target="_blank"><span style="color:rgb(5,99,193)">http://patientprivacyrights.org/donate-2/</span></a></span><span style="color:rgb(31,73,125)"></span>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
Openid-specs-heart mailing list
<a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.openid.net</a>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a>
</pre>
</blockquote>
<br>
</div>
<br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br></blockquote></div></div></div><br></div>
<br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br></blockquote></div><br></div>