[Openid-specs-heart] I asked the Society for Participatory Medicine list: What do you want from HEART?

Tue Jul 12 21:51:46 UTC 2016

The Principles of Privacy will only take you so far in the design of a
product, service, or HEART. At some point we need to apply Privacy
Engineering (
https://ethics.berkeley.edu/privacy/resources/privacy-risk-management-framework-nistir-8062
) to achieve a particular set of goals. I submit that the SPM bullet points
are a reasonable goal for HEART.

A less pedantic way to look at the bullets is simply to see them as the
essence of patient-centered design and focus HEART (and UMA) on solving the
multiple portals problem. From the patient's perspective, the only way to
solve the multiple portals problem is to be able to specify the
Authorization Server to every resource server. That means that regardless
of whether a resource server happens to be FHIR or whatever RESTful
standard my bank exposes for my health savings account or whatever standard
some wearable uses to stream my location coordinates, I can register and
manage all of these resources from my one chosen AS.

If HEART doesn't take this perspective as we design our deliverable, who
does?

Adrian

On Tue, Jul 12, 2016 at 4:16 PM, John Moehrke <johnmoehrke at gmail.com> wrote:

> This is fine, but is simply another way of stating the well established
> Principles of Privacy... right?  I like how nicely compact your bullets
> are. I am just trying to determine if you think you have uncovered
> something missing....
>
> I have a blog where I catalog the various standards on the definition of
> Privacy -- principles. and cross-reference them
> https://healthcaresecprivacy.blogspot.com/2015/04/privacy-principles.html
>
> John
>
> John Moehrke
> Principal Engineering Architect: Standards - Interoperability, Privacy,
> and Security
> CyberPrivacy – Enabling authorized communications while respecting Privacy
> M +1 920-564-2067
> JohnMoehrke at gmail.com
> https://www.linkedin.com/in/johnmoehrke
> https://healthcaresecprivacy.blogspot.com
> "Quis custodiet ipsos custodes?" ("Who watches the watchers?")
>
> On Sun, Jul 10, 2016 at 11:18 AM, Danny van Leeuwen <danny at health-hats.com
> > wrote:
>
>> TX Adrian
>>
>>
>> On Sunday, July 10, 2016, Adrian Gropper <agropper at healthurl.com> wrote:
>>
>>> Here's what the thread of patients and physicians came up with:
>>>
>>>    - As the patient, I am the primary steward of my health information *wherever
>>>    it is*.
>>>    - As the primary steward, I have full access to all of my health
>>>    information.
>>>    - As the primary steward, I can determine who has access to which
>>>    segments of my health information.
>>>    - As the primary steward, I am notified about changes and access by
>>>    others to my health information.
>>>    - Stewardship of my health information is done through a single tool
>>>    (web page or application) *across my service providers*.
>>>
>>> Adrian
>>>
>>>
>>>
>>>
>>> --
>>>
>>> Adrian Gropper MD
>>>
>>> PROTECT YOUR FUTURE - RESTORE Health Privacy!
>>> HELP us fight for the right to control personal health data.
>>> DONATE: http://patientprivacyrights.org/donate-2/
>>>
>>
>>
>> --
>> Danny van Leeuwen
>> 617-304-4681
>>
>> *Blog www.health-hats.com <http://www.health-hats.com/> discovering the
>> magic levers of best health*
>> Twitter <https://twitter.com/HealthHats>
>> LinkedIn <https://www.linkedin.com/in/healthhatsdannyvl>
>>
>>
>> _______________________________________________
>> Openid-specs-heart mailing list
>> Openid-specs-heart at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>>
>>
>

-- 

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160712/30bf9564/attachment.html>