[Openid-specs-heart] Draft HEART Meeting Notes 2016-11-21

Mon Nov 21 22:47:26 UTC 2016

The HIE of One project at hieofone.org is a user experience sandbox
implementing the standards for FHIR RS, UMA AS, FHIR Clients, and OpenID
Connect IDPs as best we can. Those of you that are implementing either FHIR
resource servers or UMA / HEART authorization servers are invited to test
your implementations against the complementary HIE of One service. Please
contact me if we can help.

Adrian

On Mon, Nov 21, 2016 at 5:02 PM, Sarah Squire <sarah at engageidentity.com>
wrote:

> Attending:
>
> Debbie Bucci
>
> Adrian Gropper
>
> Cait Ryan
>
> Celestin Bitjonck
>
> Edmund Jay
>
> Eve Maler
>
> Glen Marshall
>
> Jim Kragh
>
> Justin Richer
>
> Kenneth Salyards
>
> Nancy Lush
>
> Sarah Squire
>
> Scott Shorter
>
> Walter Kirk
>
> Scott:
>
> While we’re looking at things to restrict access to, maybe we should look
> at demographic information.
>
> Nancy:
>
> There are lots that people will want to use, we just decided to pick a few
> so we have something to talk about.
>
> Debbie:
>
> So, Eve, we tried to go through your infographic, but we weren’t getting
> anywhere, so we tried to go to the text and start with a few resource sets
> to think about - conditions, medications, allergies, and maybe all? Or
> basic demographics?
>
> Nancy:
>
> Going back to purpose for a second, purpose is important, but I’m not sure
> it’s a scope
>
> Eve:
>
> I’m glad we’re getting to the use cases. Technically, I would agree that
> it’s probably not a scope. I would achieve it a different way. Think of the
> scope as being the “what you want them to do” - the verb. Purpose would be
> a claim, a promise, that Alice can require in her policies. This would be
> conditions that Alice imposes.
>
> Debbie:
>
> Is this more of a promissory claim?
>
> Eve:
>
> Yes
>
> Debbie:
>
> So do we have any custom UMA scopes?
>
> Eve:
>
> We have read, write, and all. Anonymized data might be another.
>
> Nancy:
>
> It might be better to keep this simple to start with, and if we include a
> scope that FHIR doesn’t support, that complicates things. Maybe we don’t
> want to do that for our first pass through.
>
> Debbie:
>
> How do I differentiate between current medications, and all medications
> ever?
>
> Nancy:
>
> You would use the “active” FHIR filter
>
> Debbie:
>
> Do we need anything more than read and write?
>
> Eve:
>
> We might not
>
> Debbie:
>
> Okay, let’s move onto claims.
>
> Eve:
>
> We want to make sure that these are well-known. Are people sharing with a
> specific person? Or a fuzzy set?
>
> Adrian:
>
> The four that we used in HIE of One are:
>
> Anyone signed in directly to this AS sees everything
>
> Anyone signed in with mdNOSH sees these resources
>
> Anyone that has a Google ID and NPI sees these resources
>
> Anyone signed in via Google ID gets an email from me and can see emergency
> information
>
> Debbie:
>
> Okay, I added NPI
>
> Eve:
>
> Those four options seem to ask a lot of Alice
>
> Debbie:
>
> So can we have some examples of sharing UX?
>
> Eve:
> So we’ve got a couple different ways to share. If Alice chooses to share
> with someone, she can enter their identifier and then select which
> information she wants to share.
> Sarah Squire
> Engage Identity
> http://engageidentity.com
>
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>
>

-- 

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20161121/9f7e6f21/attachment.html>