[Openid-specs-heart] Dissecting the Release of information form

[Glen Marshall [SRS]]

While I think that mapping a Release of Information form onto UMA protocol data would be useful as a proof of concept exercise, I am left wondering:

·         The form itself is just an instance.

o   Has it been vetted for peer review at the policy level, i.e., can it be easily adapted for more general use?

o   Is there a compendium of federal and state requirements we can reference, or can we use a reasonable guess to start the analysis without extensive debate?  We need to avoid the 42CFR quicksand, and similar well-bounded cases.

o   Is there some general user experience design guidance – paper or on-screen – for collecting Release of Information from patients or their authorized representatives?

o   How can we minimize the cognitive challenges that sick people have when presented with a sheaf of forms to sign when seeking treatment?

o   Is this work in-scope for HEART?

·         Are we going to propose a standardized API for such mapping?

o   Is this work in-scope for HEART?

I think the most useful outcome of this line if inquiry is proof that OAuth and UMA can be used for health care data access control, without extensions or with a small set of extensions.

Glen

Glen F. Marshall
Consultant
Security Risk Solutions, Inc.
698 Fishermans Bend
Mount Pleasant, SC 29464
Tel: (610) 644-2452
Mobile: (610) 613-3084
gfm at securityrs.com
www.SecurityRiskSolutions.com<http://www.securityrisksolutions.com/>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160719/fdd53ab4/attachment-0001.html>