[Openid-specs-heart] Alice's health resource set
Adrian Gropper
agropper at healthurl.com
Tue Aug 2 17:55:08 UTC 2016
Debbie is sort-of right in cases where the Client goes to the RS first but
keep in mind that I said subsets of FHIR published by HEART or other
organizations are optional. All HEART has to do is to "strictly" enable
access to all of FHIR. The optional parts will need to be published by the
RS and or standardized but that is always the case.
We should also not ignore the Client-to-AS first flow. This is the
preferred flow from a privacy engineering perspective. (see other thread
with Justin). In the majority of cases of HIE, the Client has a
relationship with Alice already (this is typical of HIPAA TPO consent) or
the Client has found Alice via a "Relationship Locator Service" which is a
directory operated by the state or some private entity like CommonWell.
When the Client matches with Alice in the RLS, does the RLS return a list
of RSs or a pointer to Alice's AS?
The most privacy-preserving thing would be for RLSs to return pointers to
Alice's AS and in the future this is what Alice might insist on if she is
still given a choice to opt-in or opt-out of HIE. Alice does have that
choice today in the US. In other countries, not-so-much.
Adrian
On Tue, Aug 2, 2016 at 1:42 PM, Debbie Bucci <debbucci at gmail.com> wrote:
> Tagging on to this question ... I think you have it backwards wrt the use
> of the HEART protocol to meet the desired goals - don't think this can be
> done - How does Alice publish to all potential clients the subsets of
> whatever the RS has available that she wants to offer so that Clients can
> politely ask for just those subsets?
>
> Its the RS that publishes to the AS (and perhaps even via a conformance
> statement or site for the clients) what data combinations are available to
> ease the burden on both clients and Alice.
>
> On Tue, Aug 2, 2016 at 1:33 PM, Aaron Seib <aaron.seib at nate-trust.org>
> wrote:
>
>> Phew – that is great.
>>
>> At the end you say:
>>
>>
>>
>> · The AS doesn't "get everything" it gets the right to control
>> everything.
>>
>> I am totally going to sound ignorant but is this what UMA was intended to
>> do from the start? In other – can we do that today?
>>
>>
>>
>>
>>
>
>
>
>>
>>
>> Aaron Seib, CEO
>>
>> @CaptBlueButton
>>
>> (o) 301-540-2311
>>
>> (m) 301-326-6843
>>
>> <http://nate-trust.org>
>>
>>
>>
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160802/73708f29/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 3198 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160802/73708f29/attachment.jpg>
More information about the Openid-specs-heart
mailing list