[Openid-specs-heart] I asked the Society for Participatory Medicine list: What do you want from HEART?

Eve Maler eve.maler at forgerock.com
Wed Jul 13 16:49:54 UTC 2016 

The SPM list is interesting, and, I think, complementary to and an
extension of privacy principles. It's not talking strictly about data and
its exposure; it sets up a strong new data stewardship role for a patient,
and then defines a relationship between that steward and various putative
services/apps/tools out in the world.

(With an UMA architecture in mind, we can fairly precisely name what those
services/apps/tools might be.)

These are stated nearly in the form of agile user stories: As the patient,
I want to do X, so that I can (benefit in terms of) Y. Once upon a time,
the UMA WG partially went through an exercise
<http://kantarainitiative.org/confluence/display/uma/User+Stories> like
that to assist in our protocol design effort.



*Eve Maler*ForgeRock Office of the CTO | VP Innovation & Emerging Technology
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
*ForgeRock Summits and UnSummits* are coming to
<http://summits.forgerock.com/> *Sydney, London, and Paris!*

On Tue, Jul 12, 2016 at 2:51 PM, Adrian Gropper <agropper at healthurl.com>
wrote:

> The Principles of Privacy will only take you so far in the design of a
> product, service, or HEART. At some point we need to apply Privacy
> Engineering (
> https://ethics.berkeley.edu/privacy/resources/privacy-risk-management-framework-nistir-8062
> ) to achieve a particular set of goals. I submit that the SPM bullet points
> are a reasonable goal for HEART.
>
> A less pedantic way to look at the bullets is simply to see them as the
> essence of patient-centered design and focus HEART (and UMA) on solving the
> multiple portals problem. From the patient's perspective, the only way to
> solve the multiple portals problem is to be able to specify the
> Authorization Server to every resource server. That means that regardless
> of whether a resource server happens to be FHIR or whatever RESTful
> standard my bank exposes for my health savings account or whatever standard
> some wearable uses to stream my location coordinates, I can register and
> manage all of these resources from my one chosen AS.
>
> If HEART doesn't take this perspective as we design our deliverable, who
> does?
>
> Adrian
>
>
>
> On Tue, Jul 12, 2016 at 4:16 PM, John Moehrke <johnmoehrke at gmail.com>
> wrote:
>
>> This is fine, but is simply another way of stating the well established
>> Principles of Privacy... right?  I like how nicely compact your bullets
>> are. I am just trying to determine if you think you have uncovered
>> something missing....
>>
>> I have a blog where I catalog the various standards on the definition of
>> Privacy -- principles. and cross-reference them
>> https://healthcaresecprivacy.blogspot.com/2015/04/privacy-principles.html
>>
>> John
>>
>> John Moehrke
>> Principal Engineering Architect: Standards - Interoperability, Privacy,
>> and Security
>> CyberPrivacy – Enabling authorized communications while respecting Privacy
>> M +1 920-564-2067
>> JohnMoehrke at gmail.com
>> https://www.linkedin.com/in/johnmoehrke
>> https://healthcaresecprivacy.blogspot.com
>> "Quis custodiet ipsos custodes?" ("Who watches the watchers?")
>>
>> On Sun, Jul 10, 2016 at 11:18 AM, Danny van Leeuwen <
>> danny at health-hats.com> wrote:
>>
>>> TX Adrian
>>>
>>>
>>> On Sunday, July 10, 2016, Adrian Gropper <agropper at healthurl.com> wrote:
>>>
>>>> Here's what the thread of patients and physicians came up with:
>>>>
>>>>    - As the patient, I am the primary steward of my health information *wherever
>>>>    it is*.
>>>>    - As the primary steward, I have full access to all of my health
>>>>    information.
>>>>    - As the primary steward, I can determine who has access to which
>>>>    segments of my health information.
>>>>    - As the primary steward, I am notified about changes and access by
>>>>    others to my health information.
>>>>    - Stewardship of my health information is done through a single
>>>>    tool (web page or application) *across my service providers*.
>>>>
>>>> Adrian
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Adrian Gropper MD
>>>>
>>>> PROTECT YOUR FUTURE - RESTORE Health Privacy!
>>>> HELP us fight for the right to control personal health data.
>>>> DONATE: http://patientprivacyrights.org/donate-2/
>>>>
>>>
>>>
>>> --
>>> Danny van Leeuwen
>>> 617-304-4681
>>>
>>> *Blog www.health-hats.com <http://www.health-hats.com/> discovering the
>>> magic levers of best health*
>>> Twitter <https://twitter.com/HealthHats>
>>> LinkedIn <https://www.linkedin.com/in/healthhatsdannyvl>
>>>
>>>
>>> _______________________________________________
>>> Openid-specs-heart mailing list
>>> Openid-specs-heart at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>>>
>>>
>>
>
>
> --
>
> Adrian Gropper MD
>
> PROTECT YOUR FUTURE - RESTORE Health Privacy!
> HELP us fight for the right to control personal health data.
> DONATE: http://patientprivacyrights.org/donate-2/
>
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160713/07ede886/attachment.html>

More information about the Openid-specs-heart mailing list