[Openid-specs-heart] Draft HEART Meeting Notes 2015-10-13

Tue Oct 13 21:05:40 UTC 2015

+1 - We publish under OIDF.

On Tue, Oct 13, 2015 at 5:03 PM, Justin Richer <jricher at mit.edu> wrote:

> I would like to reiterate what I believe is an important point to the
> call: we are not necessarily going to hand off to another organization for
> final publication, and most likely will not do so. It’s the charter of this
> WG to publish documents within OIDF.
>
>  — Justin
>
> On Oct 13, 2015, at 5:02 PM, Sarah Squire <sarah at engageidentity.com>
> wrote:
>
> Action Items:
>
> Debbie will make a sequence diagram for the registration use case.
> (created 10/13)
> Adrian will make a sequence diagram for the delegation use case. (created
> 10/13)
>
>
> Attendees:
>
> Steve Greenberg
> Danny van Leeuwen
> Glen Marshall
> Tom Sullivan
> Sarah Squire
> Adrian Gropper
> Debbie Bucci
> Dale Moberg
> Eve Maler
> Justin Richer
> Edmund Jay
> Jim Kragh
>
> We discussed the three existing use cases: registration, delegation, and
> data contribution.
>
> Are there other use cases we should be considering? What are the possible
> design patterns when you have an individual sharing with an institution (or
> non-person entity requesting party). What happens when that institution
> shares that data by means of a chained delegation?
>
> Is Alice sharing with Dr. Bob the person, Dr. Bob the role, or the
> institution of the hospital?
>
> If we could show an example of running code implementing UMA and FHIR,
> that deliverable would be the simplest example of a healthcare API.
>
> We should identify design patterns for UMA that could be implemented now.
>
> Does anonymity fit into these deliverables anywhere? It could.
>
> We are positioned to be able to influence FHIR if we can build something
> out relatively quickly. However, that possibility does not imply that we
> would hand off this group’s work to another organization.
>
> We are not developing a standard. We are developing a profile of a
> standard.
>
> HEART is primarily about user-mediated exchange, but we can’t ignore
> clinical data exchange. For example, if a patient works on the Eastside,
> but lives on the Westside. There are hospitals on each side of town. If the
> patient breaks his leg at work, he should be able to delegate access to his
> Westside hospital records to the Eastside hospital. The patient would be
> sharing the information they are authorized to see.
>
> Should we have the portal transfer patient information? No, portals are
> user-facing. We are describing an API that is machine-facing.
> Should we disregard the first use case since the PHR isn’t involved in
> this use case? No, because the patient should still have the right to use
> the PHR as their source of truth. Is it a subset of the second and third
> use cases? Yes, it could be.
>
> Five sharing design patterns:
> Identity
> Role
> Organization
> Self (PHR)
> Aggregator (patient directory, disease registry, researcher)
>
> How is the aggregator different from the organization? Aggregators are
> dealing with multiple hospitals across multiple security boundaries.
> Organizations are within one security boundary.
>
> More and more hospitals are part of an aggregated or affiliated entity or
> enterprise. That makes them de facto aggregators.
>
> Would sequence diagrams of the three use cases move us closer toward
> implementation? Yes it would. Debbie will make a sequence diagram for the
> registration use case. Adrian will make a sequence diagram for the
> delegation use case.
>
> We need to discuss what sort of profile UMA design patterns would fit
> within, since they’re not technically security, but they also aren’t
> exclusive to FHIR, so they aren’t appropriate for the semantic profile.
>
> Sarah Squire
> Engage Identity
> http://engageidentity.com
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>
>
>
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>
>

-- 

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20151013/5f0bdf73/attachment.html>