[Openid-specs-heart] Draft HEART Meeting Notes 2016-10-17
Sarah Squire
sarah at engageidentity.com
Mon Oct 17 21:00:43 UTC 2016
Attendees:
Debbie Bucci
Adrian Gropper
Bruce Wilder
Cait Ryan
Daniel van Leeuwen
Edmund Jay
Glen Marshall
John Moehrke
Kathleen Connor
Ken Salyards
Luis Maas
Michael Chen
Nancy Lush
Paul Nichol
Sarah Squire
Scott Shorter
Thompson Boyd
Walter Kirk
Adrian:
The goal of this demo is to show what we think is the first
patient-centered health record based on open standards. It’s
patient-centered in that it’s peer-to-peer, completely independent of any
vendors or hospitals.
*demo of HIE of One AS for Patient*
*demo of NOSH ChartingSystem Personal Health Record*
*demo of Dr. Second’s Practice EHR*
Please add comments and questions to the healthcare blog post.
John:
Do you have a way to deal with identity assurance?
Adrian:
Yes, but it’s complicated. It’s work that’s going on with the UN and W3C.
People are figuring out how to have very strong identities. There is a good
global definition. We’re going to be using an Etherium Blockchain product
that links your identity to a fingerprint on your phone. We are also
dealing with verifiable credentials like admitting privileges to be linked
in a triple-blind verifiable privacy-preserving way. You don’t want the
credential provider to know when and where that credential is being used.
This covers much of what we’re trying to do in HEART because it goes
directly to the clipboard use case and the desire to have a
set-it-and-forget-it model. If we combine this with linking policy to FHIR
resources… We’re now at the point in HEART where we have to get connected
to the FHIR people.
Ken:
Is your HIE a FHIR server?
Adrian:
No, HIE is just an UMA authorization server. pNOSH is the FHIR resource
server. In reality, they would probably be running on the same box, so
there would be no reason for them to be two separate servers, but they are
separate code bases.
Ken:
What about individuals who don’t have access to a cell phone or computer?
How would they get a public and private key?
Adrian:
The whole basis of non-repudiation is problematic if you let someone else
hold your private key. I haven’t heard of a solution to that problem. Maybe
you could issue them a FIDO authenticator?
Debbie:
We’re cancelling Monday’s meeting and picking things up on the 31st. Also
we’re looking for HEART implementations to test with our test tool. I’ll
send something out to the HEART list.
Sarah Squire
Engage Identity
http://engageidentity.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20161017/10f2fa2b/attachment.html>
More information about the Openid-specs-heart
mailing list