[Openid-specs-heart] Draft HEART Meeting Notes 2017-03-06

[Sarah Squire]

Attending:

Debbie Bucci

David Batchelor

Edmund Jay

Eve Maler

Glen Marshall

Jim Kragh

Jin Wen

Justin Richer

Nancy Lush

Sarah Squire

Thomas Sullivan

Thompson Boyd

Glen:

I sent a thread to the list regarding licensing with links to the
appropriate FHIR resources.

Justin:

Yeah, it looks like the practitioner role subset is the part that would be
relevant. The values for qualification are from the Australian job codes
categories?

Glen:

HL7 job codes just need a value set to it and everything would work.

Justin:

The US also has a job classification taxonomy.

Glen:

It doesn’t really matter. The process for getting a taxonomy verified is
fairly simple.

Justin:

>From the HEART perspective, it will be treated as a human-readable string.
I have a preference for shortnames as opposed to oids, but it’s not
dissimilar.

Glen:

These things can be dereferenced, so you don’t have to carry a large
vocabulary burden.

Debbie:

HL7 is ANSI, right?

Glen:

Yes, it’s a draft standard because it’s a work in progress, and an ISO
standard.

Eve:

We’re not standardizing job codes, though, right?

Glen:

No, we’re not.

Eve:

So I wanted to talk about offline access.

Justin:

I think online access is more of the exception to the rule.

So going back to the “ER” discussion, I consider it to be emergency
situations in general.

It’s just a way for the identity provider to say that certain people can
ask permission to break glass.

It allows the requesting party to say that they are looking for a “break
the glass” claim from an IdP it trusts. It’s intended to be flexible on
both sides.

Nancy:

I think that’s good. I think we do need to have definitions of policies and
use cases of how these things would be done.

Justin:

You can also have requirements to audit and notify.

Nancy:

So I want to talk about information sensitivity policy. Patients may want
to share a subset of their medical information based on how sensitive it
is. I don’t think we should create policies about tagging data, but if data
is already tagged, I think we should profile how to handle those tags.

Eve:

We definitely don’t want it to be leaked that there is a hidden condition
though.

Glen:

This is common with HIV.

Eve:

Your sharing preferences themselves are personal.

Debbie:

Is tagging standardized yet?

Glen:

Yes. There’s a vocabulary for them in HL7.

Debbie:

Is this metadata about the resource?

Glen:

These labels can be attached to resources.

Debbie:

So if you’re using FHIR, if it’s there, it can be read.

Eve:

I’m getting the idea that there’s all these categories of labels. Maybe
there are technical mechanisms that we can use to solve some of the
problems that were solved by labels before.

Nancy:

Can we put this sensitivity data profile into heart?

Justin:

Where would it fit? Is it a scope? Or where would be put it? We need to
answer that question first. We also need to settle the occupational
licensing question.

We would like to take the drafts to a vote by the end of March

Debbie:

So we’ll pick up on Nancy’s conversation. We need to figure out whether
sensitivity falls within scopes or claims?

Justin:
Or purpose of use, yes.

Sarah Squire
Engage Identity
http://engageidentity.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20170306/ad05af5d/attachment.html>