<div dir="ltr">I know this is a very old thread, but in case anybody takes a look at it in the archives or something, I just wanted to point out that <a href="http://openid.net/wg/heart/charter/">our charter</a> in fact says that our use cases will be internationally applicable in guiding our spec work, and the background info explains that while the group's impetus was US-oriented, the communities involved are intended to be worldwide in scope.</div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">







<p><b>Eve Maler<br></b>ForgeRock Office of the CTO | VP Innovation & Emerging Technology<br>Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl<br>New <a href="https://www.forgerock.com" target="_blank">ForgeRock Identity Platform</a> with <a href="https://www.forgerock.com/platform/user-managed-access/" target="_blank">UMA support</a> and an <a href="https://forgerock.org/openuma/" target="_blank">OpenUMA community</a>!</p></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Mon, Jan 11, 2016 at 5:37 PM, Thompson Boyd <span dir="ltr"><<a href="mailto:thboyd2@gmail.com" target="_blank">thboyd2@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">January 11, 2016 8:30 PM ET<div><br></div><div>I totally agree with Glen Marshall not to tie HEART to a Regulatory or Guidance Document. </div><div><br></div><div>Maintaining an International perspective is likely of strategic importance.</div><span class="HOEnZb"><font color="#888888"><div><br></div><div>Thompson Boyd </div></font></span></div><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Mon, Jan 11, 2016 at 6:11 PM, Glen Marshall [SRS] <span dir="ltr"><<a href="mailto:gfm@securityrs.com" target="_blank">gfm@securityrs.com</a>></span> wrote:<br></span><div><div class="h5"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    I would prefer we not tie HEART to a US regulatory guidance
    document.  Such things change based on the political winds and on
    whoever is interpreting the documents.  In addition, OCR's view
    represents a minimum, with stronger state regulations -- and there
    are many of those -- taking precedence.   And patients may opt for
    lesser privacy restrictions.  Additionally, it is not clear to me
    that HEART is US-domain only, at least in the longer term.  Other
    nations may want to use the profiles.  A much more stable basis is
    needed.<br>
    <br>
    What is needed, IMHO, is a clear way to populate the profiles with
    policies and patient preferences and to keep them up-to-date as
    things change.  We need to profile that dynamic environment.  <br>
    <div>
      <p><b>Glen F. Marshall</b><br>
        Consultant<br>
        Security Risk Solutions, Inc.<br>
        698 Fishermans Bend<br>
        Mount Pleasant, SC 29464<br>
        Tel: <a href="tel:%28610%29%20644-2452" value="+16106442452" target="_blank">(610) 644-2452</a><br>
        Mobile: <a href="tel:%28610%29%20613-3084" value="+16106133084" target="_blank">(610) 613-3084</a><br>
        <a href="mailto:gfm@securityrs.com" target="_blank">gfm@securityrs.com</a><br>
        <a href="http://www.SecurityRiskSolutions.com" target="_blank">www.SecurityRiskSolutions.com</a></p>
    </div>
    <div>On 1/8/16 22:49, Adrian Gropper wrote:<br>
    </div>
    <blockquote type="cite">
      
      <div dir="ltr">
        <div>
          <div>
            <div>
              <p style="line-height:1.656;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><i>(Apologies
                  for cross-posting in the hope that the groups will
                  communicate via comments in the shared <a href="http://bit.ly/HEARTfromHIPAA" target="_blank">document</a>. If
                  you want edit access, please contact me directly)</i><br>
              </p>
              <p dir="ltr" style="line-height:1.656;margin-top:0pt;margin-bottom:0pt"><br>
              </p>
              <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">Can
                  we expedite a consensus on the HEART profiles directly
                  from HIPAA rather than just use-cases? The recent
                  release of detailed and up-to-date guidance from the
                  Office for Civil Rights. </span><a href="http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html" style="text-decoration:none" target="_blank"><span style="font-size:14.6667px;font-family:Arial;color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline"></span></a><a href="http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html" target="_blank">http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html</a></p>
              <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">makes
                  this relatively easy. Although it doesn’t answer every
                  question, this approach, like HIPAA itself,
                  establishes a baseline of functionality for HEART and
                  can clarify the remaining technical and policy issues.
                  In addition, deriving the baseline of functionality
                  from HIPAA also helps to inform the HL7-FHIR standards
                  and their relationship to HEART.</span></p>
              <br>
              <p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">To
                  begin this process, I’ve copied out a few relevant
                  sections of the OCR guidance </span><a href="http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html" style="text-decoration:none" target="_blank"><span style="font-size:14.6667px;font-family:Arial;color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline">document</span></a><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">
                  below and have added initial comments that relate to
                  HEART. If we can reach consensus on interpretation of
                  these comments in HEART, then consensus on the scope
                  and content of the HEART profiles should be relatively
                  easy. Furthermore, this approach makes it much easier
                  to inform FHIR, Argonaut, and SMART to the extent that
                  optionality will be constrained by linking FHIR to the
                  HIPAA privacy rule.</span></p>
              <br>
              <span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">The
                initial comments in the Google doc are classified (1-9)
                according to what particular aspect of patient-directed
                interface is being addressed. I hope we can use the
                following weeks to resolve any objections to the
                interpretations of HIPAA in terms of FHIR and HEART. If
                we succeed, I believe the baseline HEART profiles will
                then become a straightforward technical exercise. Beyond
                this baseline, we can then revisit the use-cases to see
                what additional features or issues need to be addressed.</span><br>
            </div>
            <font size="2"><br>
            </font></div>
          <font size="2">Happy New Year and thank you OCR!</font></div>
        <div><font size="2"><br>
          </font></div>
        <font size="2">Adrian<br>
        </font>
        <div>
          <div><font size="2"><br>
              <br clear="all">
            </font>
            <div><br>
              -- <br>
              <div>
                <div dir="ltr">
                  <div>
                    <div dir="ltr">
                      <div>
                        <div dir="ltr">
                          <div><br>
                            <div dir="ltr">Adrian Gropper MD<span style="font-size:11pt"></span><br>
                              <br>
                              <span style="font-family:"Arial",sans-serif;color:rgb(31,73,125)">PROTECT
                                YOUR FUTURE - RESTORE Health Privacy!</span><span style="font-family:"Arial",sans-serif;color:rgb(31,73,125)"><br>
                                HELP us fight for the right to control
                                personal health data.</span><span style="font-family:"Arial",sans-serif;color:rgb(31,73,125)"></span><span style="font-family:"Arial",sans-serif;color:rgb(31,73,125)"><br>
                                DONATE:
                                <a href="http://patientprivacyrights.org/donate-2/" target="_blank"><span style="color:rgb(5,99,193)">http://patientprivacyrights.org/donate-2/</span></a></span><span style="color:rgb(31,73,125)"></span>
                            </div>
                          </div>
                        </div>
                      </div>
                    </div>
                  </div>
                </div>
              </div>
            </div>
          </div>
        </div>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
Openid-specs-heart mailing list
<a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.openid.net</a>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a>
</pre>
    </blockquote>
    <br>
  </div>

<br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br></blockquote></div></div></div><br></div>
<br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br></blockquote></div><br></div>