[Openid-specs-heart] Sum it up
Eve Maler
eve.maler at forgerock.com
Thu Jan 7 15:33:16 UTC 2016
Agreed, especially since we're supposed to stay out of policy. If we do
this, it should have a technology "hook"...
*Eve Maler*ForgeRock Office of the CTO | VP Innovation & Emerging Technology
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
Join our ForgeRock.org OpenUMA <http://forgerock.org/openuma/> community!
On Thu, Jan 7, 2016 at 6:56 AM, Justin Richer <jricher at mit.edu> wrote:
> I would be hesitant for HEART to require a notice to the patient or AS
> without specifying a common mechanism for that notice.
>
> — Justin
>
>
> On Jan 5, 2016, at 9:47 PM, Eve Maler <eve.maler at forgerock.com> wrote:
>
> Hi guys-- I'm following along as best I can on a busy day/night, so I hope
> my contribution for the moment will be additive and not missing the point...
>
> - Adrian's points about ensuring fairness to Alice around the hospital
> trying to block information access are very well taken.
>
>
> - I don't quite see why an individually controlled AS is strictly
> required, though I see how it can help at the margin. Certainly the RS has
> business reasons (risk mitigation and so on) why it favors more blocking;
> if the AS is in business to serve Alice it will already work in her favor,
> but more business-model pressure in that direction is good.
>
>
> - Note that the default way that UMA works doesn't involve the AS
> passing any of the requesting party's attributes along to the RS; it just
> passes calculated "permissions" in the access token for the RS to inspect
> before judging whether to let the requesting party and their client app in.
> (An alternate UMA token profile could arrange for passing attributes
> instead, but on balance I'd probably not advise that we go in that
> direction in our profiling...)
>
>
> - However, UMA does say
> <https://docs.kantarainitiative.org/uma/draft-uma-core-v1_0_1.html#give-access>
> "The resource server MAY apply additional authorization controls when
> determining how to respond" when the access token contains sufficient
> permissions for the requesting party to get access. Obviously, this is
> where potentially pernicious behavior like delaying access for 72 hours
> could creep in.
>
>
> - The UMA group has been working on draft model clauses that could
> form the basis for legal agreements, consent receipts, etc. We've been
> discussing what to do about model clauses that ensure the RS *never*
> gives access when the access token contains insufficient permissions, and
> offering model clauses that say the RS *has to* notify the RO somehow
> whenever it blocks immediate access when the access token contains
> sufficient permissions. (Accounting of disclosures, anyone?)
>
>
> - This could be an interesting element for us to profile, *if* we
> consider this to be in scope -- iffy because it's in business model-land.
>
>
>
> *Eve Maler*ForgeRock Office of the CTO | VP Innovation & Emerging
> Technology
> Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
> Join our ForgeRock.org OpenUMA <http://forgerock.org/openuma/> community!
>
> On Tue, Jan 5, 2016 at 7:50 PM, Aaron Seib <aaron.seib at nate-trust.org>
> wrote:
>
>> I seriously spent 45 minutes trying to parse this and respond. Then I
>> walked away and came back and tried for another 45 minutes but I am still
>> not sure I completely follow you.
>>
>>
>>
>> I think there is a difference in our understanding about how Direct is
>> implemented which probably fogs the conversation further.
>>
>>
>>
>> I am going to try one more time tonight by just pulling out the things I
>> understand and see if that clarifies what #3 is.
>>
>> · HEART simply needs to recognize that there can be legitimate
>> reasons (within the scope of applicable law) for the Hospital to place
>> additional restrictions on the decision to disclose content *even when
>> the AS(C) would have them do the opposite(?) *.
>>
>>
>>
>> I do not agree that the nation is well served if there are two standards
>> promoted to solve the same problem.
>>
>>
>>
>> Back in 2010 I argued that it should be possible to represent a
>> computable rules engine with what I think I called an atomic expert
>> grammar. This atomic expert grammar could be used to represent HIPAA. It
>> could be used to represent the state specific laws where State Statute
>> superseded HIPAA (at the time I think there were 26 states). The theory
>> was that we would work with states and the federal government to establish
>> “Authoritative” representations of the laws. These sets of atomic expert
>> grammar could be published in such a way that they could be retrieved (this
>> was pre-Cloud days) by software at points where disclosure decisions need
>> to be tested for regulatory compliance and the local rules engine would
>> apply these and any other local policy requirements of the Provider
>> Organization that complied with applicable law.
>>
>>
>>
>> I don’t see any reason why the personal privacy preferences to be
>> represented in an AS(C) wouldn’t be based on the same atomic expert grammar
>> and would argue to have separate standards would be a dis-service to those
>> poor schleps that have to make things work.
>>
>>
>>
>> I have spent a great deal of the last five (now going on six I guess ~
>> Happy New Year) years working on policy side things and was excited to
>> learn that what HEART was working on was a way to implement the Consumer’s
>> desires in the form of an atomic expert grammar that any decision point
>> could retrieve and apply.
>>
>>
>>
>> I would be really surprised if we solve the problem for the applicable
>> law side of the problem that the same grammar wouldn’t suffice for the
>> consumer side of the equation.
>>
>>
>>
>> I think that we cannot assume that we will wake up one morning and every
>> American will have an AS(c) configured with their preferences so we have to
>> figure out how to enable computable disclosure decisions in its absence.
>> It would be very unfortunate if these two applications couldn’t rely on the
>> same Atomic Expert Grammar.
>>
>>
>>
>> Are we saying the same thing? If so then I think the only other gap we
>> have to address is at what point in the life-cycle of clinical data do we
>> expect the disclosure decision point to apply the AS(C), right?
>>
>>
>>
>> One thing that I want to tease apart is what we are really talking about
>> with regards to the notion of a Validation Period. If that is just a
>> through away thought lets drop it. I thought it was important but I was
>> thinking of it in the sense that there is a real need to have a validation
>> period between when the Doc initially captures clinical data during the
>> encounter and when the data was made available to the Patient for sharing.
>> Given my limited experience what I have seen is that once data is made
>> viewable via the patient portal it has completed all the internal processes
>> of the Hospital and is thus ready to be shared with the patient based on
>> the preferences of the patient.
>>
>>
>>
>> What I think you are pointing out is that for certain scenarios involving
>> actors other than the consumer the end-user of the EMR can disclose data to
>> someone external to the system before it has been put into the quiescent
>> state.
>>
>>
>>
>> I am struggling to envision when this actually happens in the real world.
>>
>>
>>
>> Maybe things have changed and it happens all the time but I struggle
>> picturing an Hospital allowing an end-user to disclose anything outside the
>> enterprise that isn’t in a quiescent state. I can see there being paths
>> where as soon as the doc saves it the record goes into a quiescent state
>> and maybe this is where I am over simplifying when I made the tie into the
>> Patient Portal. Perhaps after a typical ambulatory encounter there is no
>> QC that applies and it is saved directly to a quiescent status but isn’t
>> viewable via the portal until after the some other process updates that
>> status to be made viewable via the portal.
>>
>>
>>
>> Is there not a status associated with a clinical document that says it is
>> “final” and ready to share externally? I had assumed that this was being
>> used by Portals but concede that may have been a foolish assumption and
>> perhaps the better way to have put it would be in relation to that “Final”
>> state (knowing full well that the data is subject to change – after all
>> that is the point of the Open Notes initiative, right? To get the patient
>> to provide a second set of eyes to improve the accuracy of what is
>> documented?).
>>
>>
>>
>>
>>
>>
>>
>> Aaron Seib, CEO
>>
>> @CaptBlueButton
>>
>> (o) 301-540-2311
>>
>> (m) 301-326-6843
>>
>> <image001.jpg> <http://nate-trust.org/>
>>
>>
>>
>> *From:* agropper at gmail.com [mailto:agropper at gmail.com] *On Behalf Of *Adrian
>> Gropper
>> *Sent:* Tuesday, January 05, 2016 6:29 PM
>> *To:* Aaron Seib
>>
>> *Cc:* Aaron Seib; openid-specs-heart at lists.openid.net
>> *Subject:* Re: [Openid-specs-heart] Sum it up
>>
>>
>>
>> inline...
>>
>>
>>
>> On Tue, Jan 5, 2016 at 10:29 AM, Aaron Seib <aaron.seib at 23eleven.net>
>> wrote:
>>
>> Thanks Adrian
>>
>>
>>
>> Aaron Seib
>>
>> Principal, 2311
>>
>> (o) 301-540-2311
>>
>> (m) 301-326-6843
>>
>>
>>
>> *From:* agropper at gmail.com [mailto:agropper at gmail.com] *On Behalf Of *Adrian
>> Gropper
>> *Sent:* Tuesday, January 05, 2016 12:14 AM
>> *To:* Aaron Seib
>> *Cc:* Aaron Seib; openid-specs-heart at lists.openid.net
>> *Subject:* Re: [Openid-specs-heart] Sum it up
>>
>>
>>
>> I'm glad we're in agreement on #1 and #2. It would be even better if we
>> had a documented consensus of the workgroup on these points.
>>
>> I apologize for my tortured wording on #3. Let me try again...
>>
>> There is no law that says Hospitals must delay release of patient data to
>> the patient for X hours. There is a law that says patients have a right to
>> their personal data after X hours. The reason patient are not given the
>> right for immediate access is based on the perception that data out of
>> context could have adverse effects on the patients and so the Hospital
>> is allowed X time to establish the context for "patient safety" reasons
>>
>> The problem is that Hospitals and other "providers" that provide a range
>> of services beyond data generation have an economic interest in being the
>> preferred provider for the therapy that follows from the data. Providing
>> access to the data immediately would enable the patient to get an instant
>> second opinion directly or through a more integrated interaction with the
>> payor (with the payor? As in the payor would recommend someone to do
>> the second opinion? As the difference between a Payor and a Provider
>> dwindle this will be less trusted I suspect). Providing an immediate or
>> real-time data feed to the patient would also inhibit the Hospital from
>> manipulating the patient record to improve reimbursement or, in a
>> capitaited system, to increase the risk profile. In the paper days, I
>> remember the pink post-it notes added by "coders" to the chart each evening
>> so that doctors notes could be "enhanced"accordingly. I remember those
>> days too.
>>
>> *[AG] The reason for access to the data is certainly beyond the scope of
>> HEART. I was only using the second opinion example to make the use-case
>> around #3 clear.*
>>
>>
>>
>> Therefore, #3 is about information blocking in this intermediate period
>> where the law tries to prevent harm to the patient and the hospital tries
>> to prevent harm to its business. HEART does not need to care about patient
>> vs. hospital. We simply need to recognize that there can be *legitimate*
>> *reasons* *(within the scope of applicable law)* for the Hospital to
>> place additional restrictions on the decision of the Authorization Server
>> (which AS, the Hospitals or the Patients?). In cases where the Hospital
>> wants to do that, the Hospital's decision should be based on the attributes
>> of the Requesting Party (normally, the attributes of the Requesting Party
>> are evaluated by the Authorization Server – are you saying that they
>> should do this within the 72 hours using their AS without reference to the
>> Patients AS?). HEART profiles should allow the Hospital that wants to
>> verify Requesting Party attributes without adulteration by a
>> patient-controlled Authorization Server to do so. In cases where the
>> Hospital decides to override the decision of the Authorization Server, it
>> should be up to the Hospital to do the verification work and the Hospital
>> should be required to notify the patient or the patient's Authorization
>> Server that their decision was modified and why.
>>
>> *[AG] The Patient's AS. We dealt with "which AS?" earlier in this thread.
>> From the HEART perspective, each Resource has only one AS. This #3 issue is
>> about information blocking and Resources that use the Hospital AS are
>> irrelevant because there's no point to the hospital blocking information to
>> itself. The Hospital might, for consistency, adopt the same standards and
>> profiles as HEART. This issue of intramural vs. extramural AS standards is
>> right now under discussion by the FHIR bunch and I sent around the hopeful
>> document they created. It's up to HL7-FHIR to decide if they want separate
>> standards for their intramural vs. extramural APIs. The API Task Force
>> might try to influence Argonaut but in the end, it's still going to be up
>> to HL7. I hope we end up with just one FHIR.*
>>
>> So there seems to be a need for a policy to address this ambiguous area.
>> It might help to come up with some short hand. To start:
>>
>> AS(D) = Authorization Server of the Data Provider. This would be the AS
>> that is operated on behalf of the entity that provides care professionally
>> (does the 72 hour apply to payors as well? Anyone else?) and creates the
>> data in the EMR that is also operated on their behalf (the AS And the EMR
>> could be outsourced to different vendors I am presuming but the contract is
>> between the vendor and the Data Provider – and includes the T&Cs of a BA).
>>
>> *[AG] So AS(D) is an Authorization Server that is NOT the subject and is
>> NOT the Data Provider / Resource Server. For example, AS(D) could be a
>> HIE. The case where AS(D) is the RS was discussed above and is trivial
>> because the adoption of HEART intramural to the RS is transparent to HEART.*
>>
>> AS(C) = Authorization Server of the subject of the Content. i.e., the
>> patient a.k.a. the consumer or client (in the safety net setting). Also
>> known as a Beneficiary in the Payor sphere. One thing that I think we need
>> to acknowledge up front is that not all consumers will have an AS that the
>> Data Provider can refer to so should we start with the assumption that in
>> the absence of an AS(C) the Data Provider (or their BAA) can only follow
>> the Disclosure Decisions of their AS(D) which creates the policy
>> question of what is the obligation of the Data Provider to discover if a
>> consumer has an AS(C) ? What evidence should they retain of that search
>> to ensure they are not held liable for not discovering the AS(C) of a
>> Patient?
>>
>>
>>
>> *[AG] Yes. The policy question you are posing is equivalent to whether
>> an HIE requires "consent" or not and what the nature of that consent should
>> be [opt-in, opt-out, managed by the Data Provider (RS), managed by the
>> HIE]. These are pure policy issues that may or may not be the domain of the
>> API Task Force. I don't see what this has to do with HEART. As far as HEART
>> is concerned, Data Providers (RS) can choose to allow the patient to
>> specify the AS(C) or not. If they choose to offer the patient this option
>> then HEART profiles MUST support it. The issue of whether the RS MUST offer
>> patients this option is out of scope for HEART. Personally, I would love to
>> treat HEART like a trademark and say that "A Data Provider is not
>> patient-centered and does not get the HEART logo if they do not offer the
>> patient the option of specifying the AS(C)." How many in the workgroup
>> would support this position? *
>>
>> ∫ = the function (i.e., disclosure decision to share or not to share) of
>> an AS
>>
>> T = the time at which the Consumer’s encounter is over.
>>
>> T+V = the time at which the maximum elapsed time from data creation to
>> data availability to the consumer supported by the ‘Context verification’
>> threshold established by who? I don’t think we want to establish the
>> threshold at 72 hours yet in the absence of law the normative practice will
>> become the tolerated policy. In my experience once the data is made
>> viewable in the tethered patient portal of the Data Provider it is
>> generally in a quiescent state and this may be within a day or a few days.
>> I think we should anticipate that data still changes after T+V and think
>> about the policy implications when it does.
>>
>> *[AG] This has nothing to do with HEART and the portal visibility is
>> irrelevant. HEART enables the data to flow directly from the Data Provider
>> to the Requesting Party. This is equivalent to data flowing via a Direct
>> message under DirectTrust where the assumption is that the Requesting Party
>> is not subject to any delay. Any delay in the DirectTrust case might
>> clearly be considered information blocking. Portal visibility is more like
>> Direct messages under NATE, where the assumption is that patient safety
>> issues are more or less out of the control of the Data Provider.*
>>
>>
>>
>> *In other words, HEART fixes the problem with DirectTrust and reduces
>> data blocking because it enables patient control without raising new
>> patient safety issues. This is the most important thing for the API Task
>> Force to consider. HEART is a pure win for data blocking because it avoids
>> both the governance issues with HIEs (as documented by the GAO report on
>> interoperability). HEART also a pure win because it avoids the patient
>> matching issue: the patient does the match when the approve the AS(C)
>> whether the AS(C) is owned by the patient or by an HIE. This is just
>> another byproduct of HEART staying focused on resources that pertain to
>> only one patient. It is another key patient safety benefit that the API
>> Task Force can recognize.*
>>
>> So with those terms maybe we can figure out what HEART has to support and
>> define the policy questions to pose to the appropriate parties.
>>
>> Let’s make the assumption that the consumer has an AS(c) at time T.
>>
>> For any request between time T and T+72 what is the policy that the Data
>> Provider follows with regards to data disclosure decisions?
>>
>> *[AG] It's the right question, but it's not about policy. HEART probably
>> needs to allow for the Data Provider to verify the attribute of the
>> Requesting Party separately from the AS(C). If the Data Provider can do
>> that, and they choose to or are required to do that (per the API Task Force
>> outcome or other policy), then the time delay is not an issue.*
>>
>> I think everyone would agree that where the when ∫ AS(D) = ∫ AS(C) there
>> is no policy question to be answered. Similarly is there agreement that
>> after the Context Verification Period (up to 72 hours?), in the presence of
>> an AS(C), the Data Provider should do whatever ∫ AS(C) indicates?
>>
>> *[AG] Yes.*
>>
>> Which leaves the question what should the Data Provider do within the
>> Context Verification Period T+V, in the presence of a AS(C) when ∫ AS(D)
>> <> ∫ AS(C)?
>>
>> It seems to me that if we had a way to tag the data being shared and ∫ AS
>> (D) <> ∫ AS(C) where the when ∫ AS(C) is to share that it would be
>> useful for the Data Provider to be able to tag anything before T+V with
>> a value that says – this is the data before we have completed our Context
>> Verification steps – probability of modification is high. The policy
>> should probably be informed by how likely it is that even patient safety is
>> improved when the data has a relatively high probability to change within
>> the T+V period. It would help to know if what the professionals would
>> do when given data that was tagged this way? All data has a probability of
>> being wrong and\or being corrected in the future. Is the guy who is giving
>> the second opinion willing to base that opinion on data that is subject to
>> change? Is the recommendation (with the caveats that are likely to be
>> provided) meaningful to the consumer?
>>
>> *[AG] All true and desirable in every case including the intramural case
>> where data in an EHR that covers inpatients and outpatients would benefit
>> from this kind of tag. The tagging issue might be of interest to the API
>> Task Force to the extent it or the industry or KLAS decide to develop
>> objective scores for data blocking behavior. This tagging issue has nothing
>> whatsoever to do with HEART. *
>>
>> Is that what the heart (no pun intended) of the matter comes down to?
>>
>> In the following paragraph you seem to be making the case that within the
>> T+V if the data requestor is a Provider (that has a known relationship
>> to the consumer I assume) and ∫ AS(D) <> ∫ AS(C) that the Data Provider
>> be compelled to share with the licensed physician if the Data Provider
>> can confirm the status of the requestors license (how does the Hospital
>> confirm that my Doc in Springfield is licensed?). Wouldn’t it be easier if
>> the Provider making the request was required to provide a URI or something
>> that demonstrated they are currently licensed? After all which state is
>> Springfield in? :)
>>
>> *[AG] There's a Springfield in every state. Yes, HEART can, and maybe
>> should, profile how the RS can get a verified attribute about the data
>> requestor / Requesting Party. To repeat what I said above: "HEART probably
>> needs to allow for the Data Provider to verify the attribute of the
>> Requesting Party separately from the AS(C)." The API Task Force and others
>> can take it from there.*
>>
>> *Adrian*
>>
>> For example, in the 72 hour delay to avoid patient harm, the
>> Authorization Server can issue a token for an immediate transfer to the
>> Requesting Party's Client. The Hospital can attempt to verify that the RqP
>> is a licensed physician and if it can't, it can block access to the data
>> for 72 hours. Since the Hospital modified the intent of the AS token, it
>> should report the block and the reason (failure to verify RqP license) to
>> the AS immediately. This would allow the patient to do other out-of-band
>> things to get the verification done. In the old day's this would be done by
>> the patient calling a doctor at the Hospital and asking for the info.
>> Unfortunately, most of today's EHRs do not allow individual physicians to
>> override institutional constraints the way they could in the days of phone
>> and fax. In my opinion, that's a "patient safety" issue in it's own right
>> and the domain of the API Task Force. HEART can help but we cannot solve
>> the problem.
>>
>> Adrian
>>
>>
>>
>> On Mon, Jan 4, 2016 at 8:38 PM, Aaron Seib <aaron.seib at nate-trust.org>
>> wrote:
>>
>> In line below..
>>
>>
>>
>> Aaron Seib, CEO
>>
>> @CaptBlueButton
>>
>> (o) 301-540-2311
>>
>> (m) 301-326-6843
>>
>> <image004.jpg> <http://nate-trust.org/>
>>
>>
>>
>> *From:* Openid-specs-heart [mailto:
>> openid-specs-heart-bounces at lists.openid.net] *On Behalf Of *Adrian
>> Gropper
>> *Sent:* Monday, January 04, 2016 6:26 PM
>> *To:* Aaron Seib
>> *Cc:* openid-specs-heart at lists.openid.net
>> *Subject:* Re: [Openid-specs-heart] Sum it up
>>
>>
>>
>> Yes.
>>
>> My point was not just about data blocking but also about governance of
>> Authorization Servers. I made several points:
>>
>> 1 - Federal laws place constraints on Authorization Servers that are not
>> directly controlled by one patient (Another way to put this might be to
>> say that the Federal laws were written with the intent of protecting the
>> patient who otherwise didn’t have a way of communicating their preferences
>> – this approach resulted in a per force conservative set of laws that have
>> had the unintended consequence that we are experiencing today - where
>> patients may want to have their information shared but those who are
>> regulated feeling like they are liable for something if they don’t follow
>> the letter of the law). Therefore, many consent management problems can
>> be solved by simply allowing patients that care to specify and control
>> their own Authorization Server (Yes! This is what I have been saying but
>> I wouldn’t have used the misnomer consent nor referenced a specific
>> technology like Authorization servers). This is easily handled by UMA
>> and OAuth as long as the (FHIR) Resource pertains to just one patient. It's
>> obviously impossible for bulk or other Resources that pertain to more than
>> one patient. I believe this consent management problem was the essence of
>> the use-case you raised and that the HEART profiles can easily solve it.
>> Which brings us back to the debate in December. Was that ever finalized?
>> I think there are or at least may be intra-enterprise use cases where the
>> Consumer’s AS is not involved and the Regulated entity could leverage a
>> Bulk Permission Type. I am thinking about the facility where the EMR has
>> both specially protected data and other PHI. For some of the internal
>> users you may allow not them to access specially protected data but you
>> have some internal users (from the behavioral health unit) that may be
>> authorized to access the specially protected data to. But as I think about
>> the charter I am not so sure this case is in scope of HEART given no
>> consumer is involved? is that accurate?
>>
>> 2 - HEART, UMA, and OAuth do not need to concern themselves with "other"
>> Authorization Servers operated by the Hospital. These are internal to the
>> institution. Since the institution also has the patient's data, the
>> institution always has the last word on its release. The Hospital can
>> always bypass the HEART Authorization Server and can always transfer
>> information by other means. For all HEART, UMA, and OAuth purposes a
>> Resource has only one Authorization Server. By God – I think I am still
>> in agreement with you. You are essentially answer the question I had when
>> I finished reading the last sentence, right?
>>
>> 3 - It's very important that HEART not constrain what John called the
>> "ethics" of health information blocking such as 72 hour delays for data
>> sharing (can anyone provide a reference for this topic? I am not
>> getting it from the fragments shared so far – there is an ethical argument
>> to not disclose for three days? We will serve no wine before its time?).
>> Policies regarding this kind of block are beyond our purview (you can
>> all share your inputs with the API TF of course!). What HEART profiles
>> need to do is to allow the Hospital to verify attributes of the Requesting
>> Party if they are inclined to do such verification (I don’t follow – do
>> you mean if they are inclined to do so before the 72 hours? . That way,
>> Alice's Authorization Server can say: Send One Data Object to Bob and Bob
>> claims he's a Licensed Practitioner in MA. The Hospital would have the
>> option of either verifying that Bob is a licensed MD or not (the 72 hour
>> block is nor required by law???). If they chose to impose the block, the
>> Hospital would need to make a good faith effort to determine Bob's license
>> status. I think this kind of "trust elevation" may be out of band for UMA,
>> but I'm not sure.
>>
>> So to summarize, HEART needs to (1) allow patients to specify a personal
>> AS to avoid blocks on sensitive information, (2) focus on resources that
>> pertain to a single patient to allow (1), and (3) enable direct transfer of
>> resources to Requesting Parties that are able to provide verified
>> attributes to the Resource Server to avoid blocking for "ethical" reasons
>> when such blocking would be unwarranted.
>>
>>
>>
>> I am in agreement up to topic #3 – probably need to get a better
>> understanding.
>>
>>
>>
>> Adrian
>>
>>
>>
>>
>>
>> On Mon, Jan 4, 2016 at 5:26 PM, Aaron Seib <aaron.seib at 23eleven.net>
>> wrote:
>>
>> Adrian,
>>
>>
>>
>> You had a specific point that I wanted t make sure I could refine and
>> restate accurately.
>>
>>
>>
>> I wish I had a handle on the jargon used but maybe you can help me get
>> there.
>>
>>
>>
>> There is a Data Provider. For illustrative purposes let’s say a Hospital
>> (I am learning that in some scenarios the Consumer is a Data Provider where
>> the data is PGHD so I am learning).
>>
>>
>>
>> Let’s keep it simple and say that there is One Data Object that this Data
>> Provider wants to make sharing decisions about but there are two
>> Authorization Servers one of which is controlled by the Consumer and the
>> other is not.
>>
>>
>>
>> For arguments sake let’s say that the AS controlled by Alice is has been
>> configured to properly convey that it is her preference that whenever
>> Hospital is going to make a disclosure to another Provider for Treatment
>> purposes that the Hospital share One Data Object.
>>
>>
>>
>> Let’s say that the Hospital also operates an AS that it uses to make
>> disclosure decisions. It is based on a Law that says “Thou shall not
>> disclose One Data Object without consumer consent”.
>>
>>
>>
>> Is the bottom line that if the Hospital does not disclose One Data Object
>> to another Provider in accordance with the consumers wishes that they are
>> in fact knowingly participating in information blocking if they know that
>> the Consumer has an AS of their own?
>>
>>
>>
>>
>>
>>
>>
>> Aaron Seib
>>
>> Principal, 2311
>>
>> (o) 301-540-2311
>>
>> (m) 301-326-6843
>>
>>
>>
>>
>>
>>
>> --
>>
>>
>>
>> Adrian Gropper MD
>>
>> PROTECT YOUR FUTURE - RESTORE Health Privacy!
>> HELP us fight for the right to control personal health data.
>> DONATE: http://patientprivacyrights.org/donate-2/
>> ------------------------------
>>
>> No virus found in this message.
>> Checked by AVG - www.avg.com
>> Version: 2016.0.7294 / Virus Database: 4489/11319 - Release Date: 01/04/16
>>
>>
>>
>>
>> --
>>
>>
>>
>> Adrian Gropper MD
>>
>> PROTECT YOUR FUTURE - RESTORE Health Privacy!
>> HELP us fight for the right to control personal health data.
>> DONATE: http://patientprivacyrights.org/donate-2/
>> ------------------------------
>>
>> No virus found in this message.
>> Checked by AVG - www.avg.com
>> Version: 2016.0.7294 / Virus Database: 4489/11319 - Release Date: 01/04/16
>>
>>
>>
>>
>> --
>>
>>
>>
>> Adrian Gropper MD
>>
>> PROTECT YOUR FUTURE - RESTORE Health Privacy!
>> HELP us fight for the right to control personal health data.
>> DONATE: http://patientprivacyrights.org/donate-2/
>> ------------------------------
>>
>> No virus found in this message.
>> Checked by AVG - www.avg.com
>> Version: 2016.0.7294 / Virus Database: 4489/11319 - Release Date: 01/04/16
>>
>> _______________________________________________
>> Openid-specs-heart mailing list
>> Openid-specs-heart at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>>
>>
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160107/408f5d40/attachment-0001.html>
More information about the Openid-specs-heart
mailing list