[Openid-specs-heart] Draft HEART Meeting Notes 2017-04-25

Sat Apr 29 18:28:34 UTC 2017

HEART specs have been updated ahead of Monday’s OIDF meeting. These incorporate the handful of changes that were discussed on the call. I have not yet added the BTG references below as I would like the WG to discuss this.

Also, now’s the time to properly fill out the “contributors” section of all the documents. If you can think of anyone (including yourself) that’s not on the list for a particular document that you think should be, just let me know (off list if you prefer).

 — Justin

> On Apr 25, 2017, at 5:53 PM, Thomas Sullivan <tsullivan at drfirst.com> wrote:
> 
> Justin and all,
>  
> Here are the several HL7 FHIR  and related references to the "Break the Glass" and "Emergency Access"  definitions and examples, originally from the Mike Davis (Veterans Administration) excerpted paper of 1999 that I cited during the call today.
>  
> I attached Mike's entire paper also (HC Requirements...)  which is cited in the  HL7 guide (the pdf document from January 2014).
>  
> Tom
> Thomas E Sullivan, MD
> Chief Strategic Officer
> Chief Privacy Officer
> 
>  DrFirst.com <http://drfirst.com/>, Inc.
> (978) 729-5075 (M)
> tsullivan at drfirst.com <mailto:tsullivan at drfirst.com>
> sullivan at massmed.org <mailto:sullivan at massmed.org>
>  
> From: Openid-specs-heart <openid-specs-heart-bounces at lists.openid.net <mailto:openid-specs-heart-bounces at lists.openid.net>> on behalf of Sarah Squire <sarah at engageidentity.com <mailto:sarah at engageidentity.com>>
> Sent: Tuesday, April 25, 2017 5:08 PM
> To: HEART List
> Subject: [Openid-specs-heart] Draft HEART Meeting Notes 2017-04-25
>  
> Attending:
> 
> Debbie Bucci
> Celestin Bitjonck
> Edmund Jay
> Eve Maler
> Justin Richer
> Luis Maas
> Nancy Lush
> Sarah Squire
> Thomas Sullivan
> 
> Justin:
> There are two changes to the
>  OAuth FHIR profile. The description of the document has changed to clarify that this applies to any FHIR resource. That was always the intent. There’s also new guidance about the patient compartment. We also have new examples of scopes.
> 
> Luis:
> We might also want to reference
>  the URL of the FHIR specification, but people could find it from the patient compartment website. We might want to say that the normative definitions of these are governed by FHIR, not by us.
> 
> Justin:
> Agreed. That should be easy
>  to do.
> 
> We have changed a MAY to a SHOULD
>  with regard to ETH scopes. I think that still gives enough wiggle room for people to disregard it in special circumstances.
> 
> We changed section 2.1 to talk
>  about resources or compartments, since talking about a compartment might be more valuable.
> 
> We changed compartments and
>  scope definitions in the UMA FHIR spec.
> 
> Eve:
> Can you say more about compartments?
> 
> Debbie:
> It’s a resource type that’s
>  commonly referenced in FHIR implementations.
> 
> Eve:
> Great. That makes sense to me.
> 
> Justin:
> If people can propose example
>  text on the list, that would be very helpful.
> 
> We also took out purpose of
>  use. We might see it come back in in a different place, but I don’t think that we were using it well.
> 
> Nancy:
> I think the VA might have been
>  using it. I’ll ask them.
> 
> Luis:
> Fundamentally, it’s an assertion
>  by the user, similar to break the glass
> 
> Justin:
> Right, break the glass is a
>  scope.
> 
> Luis:
> Does the break the glass section
>  belong in the OAuth spec or the UMA spec?
> 
> Justin:
> It’s in both. It’s defined in
>  OAuth and referenced in UMA.
> 
> Thomas:
> I just sent the break the glass
>  text used by the VA.
> 
> Debbie:
> Is emergency access different
>  from break the glass?
> 
> Luis:
> So typically hipaa describes
>  emergency access as like when the system is down, whereas break the glass is getting access to something you wouldn’t normally have.
> 
> Debbie:
> So really we’re talking about
>  break the glass.
> 
> Luis:
> Right.
> 
> Debbie:
> So there’s no meeting next Monday. We have an open review period and then a vote, and then they’re published
>  as implementer’s drafts. It was suggested by the OpenID Foundation that once the drafts are final, we should still keep the group active so implementers can ask questions.
> 
> 
> Sarah Squire
> Engage Identity
> http://engageidentity.com <http://engageidentity.com/>Notice of Confidentiality: The information included and/or attached in this electronic mail transmission may contain confidential or privileged information and is intended for the addressee. Any unauthorized disclosure, reproduction, distribution or the taking of action in reliance on the contents of the information is prohibited. If you believe that you have received the message in error, please notify the sender by reply transmission and delete the message without copying or disclosing it. <HCS Guide pub final.pdf><BTG references.docx><HC Requirements Emergency Access.doc>_______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net <mailto:Openid-specs-heart at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-specs-heart <http://lists.openid.net/mailman/listinfo/openid-specs-heart>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20170429/83387dc3/attachment.html>