[Openid-specs-heart] Please VOTE before Election Day: What’s hindering adoption of HEART?

Wed Nov 1 12:59:42 UTC 2017

Adrian,

I think you are very quick to place others names on the list of reasons
HEART has failed...

The fastest standards get implemented within 5 years, most take longer. I
could be that we haven't waited long enough.

I really like the idea of HEART, but I am not sure it will get implemented,
because it presents more complexity, while not solving a problem that the
data holders believe they have. I will put the word 'believe' in that
sentence, but I am more on the side that they do not have a problem that
HEART solves.  I am not saying that the vision of HEART is false, it is a
fantastic vision. There are just no obvious stepping-stones from where we
are today to this nirvana.

For HEART to exist a large number of HEART authorities must exist. They
must convince custodians that they are trustworthy, and do represent the
patient. They must convince the patient that they are trustworthy and will
accurately represent the patient.  There must be many, so that the patient
has choice. There must be some mechanism where this trust is developed and
maintained  There must be blunt discussions of what happens when
failure-modes happen. This is a case where these must be built and prove
themselves before the system will work, yet they can't prove themselves
until the system is working. Too risky for everyone.

There is a subset of the population that would benefit from HEART, those
that frequent many different and unconnected healthcare providers. I don't
know how big this group is. I 'think' that subset is small relative to the
whole population. I 'think' that subset is generally not the technically
engaged, or technically adventuresome. Yes, there is a couple dozen that
are, but most are not.

Many healthcare providers have fully functional interactions with their
patient population. This includes a user identity. That user identity has
Privacy controls. That user identity has access to a Portal where that
patient can obtain their patient data. That identity is being enabled to be
able to use the FHIR API in many cases.  Note that there is  little
interest in moving to a federated identity, because of the risk of exposing
metadata and patterns of behavior to that third-party. Although we are
encouraging OAuth be used with FHIR, everyone has placed the OAuth
authority within the same walls as their FHIR Server. Thus, it isn't really
a federation, it is just using the technology so that apps can be enabled
and managed using OAuth. This is a win, but not a full identity federation
win. Time might solve this one.

I realize that some healthcare providers are still blocking data. I have
had fantastic access to my data for a decade. The VHA provides full access
for veterans to their data.  In all cases I know of through my family they
have access. And ALL of us are on the eHEX nationwide health information
exchange.  I don't know who these data blockers are, and it is sick that we
keep abusing the whole industry because of these abusive healthcare
providers. I don't understand why we are not yet naming and shaming these
organizations.  We should be abusing THOSE organizations, not the whole of
healthcare.

Thus, HEART is a great idea but it is too difficult: technically, legally,
human, risk...

john

John Moehrke
Principal Engineering Architect: Standards - Interoperability, Privacy, and
Security
CyberPrivacy – Enabling authorized communications while respecting Privacy
M +1 920-564-2067
JohnMoehrke at gmail.com
https://www.linkedin.com/in/johnmoehrke
https://healthcaresecprivacy.blogspot.com
"Quis custodiet ipsos custodes?" ("Who watches the watchers?")

On Tue, Oct 31, 2017 at 8:24 PM, Danny van Leeuwen <danny at health-hats.com>
wrote:

> J other people don’t know about it and don’t understand it’s balue
>
> All 3 votes
>
> On Tue, Oct 31, 2017 at 8:55 PM Adrian Gropper <agropper at healthurl.com>
> wrote:
>
>> Only one vote so far.
>>
>> Adrian
>>
>> On Fri, Oct 27, 2017 at 11:46 PM Adrian Gropper <agropper at healthurl.com>
>> wrote:
>>
>>> A - Our standards work is incomplete
>>> B - Implementation of our profiles is too expensive
>>> C - Why would a hospital want to make patient-directed access easier?
>>> D - HEART distracts the patient from the hospital’s portal experience
>>> E - US regulations are inadequate from a patient rights perspective
>>> F - NATE and other HIE groups don’t see the value of HEART to their
>>> business or mission
>>> G - Patient-directed exchange does not allow the patient to pay for API
>>> access
>>> H - CMS and VA have not endorsed HEART or put it on their road map
>>> I - We have not done enough PR and promotion
>>> J - Other ___________________________________
>>>
>>> Please vote on the list above. Each person has 3 votes to cast on one or
>>> more of the options.
>>>
>>> If you want your vote to be “secret” just send it to me and I promise I
>>> won’t share or even save your name. I will simply report the total count of
>>> people who voted as it grows and then tally the totals *before the Nov
>>> 6 call.*
>>>
>>> Please share this email with anyone you know that has any idea of what
>>> we’re doing with UMA or HEART.
>>>
>>> Thank you,
>>>
>>> Adrian
>>> --
>>>
>>> Adrian Gropper MD
>>>
>>> PROTECT YOUR FUTURE - RESTORE Health Privacy!
>>> HELP us fight for the right to control personal health data.
>>> DONATE: https://patientprivacyrights.org/donate-3/
>>>
>> --
>>
>> Adrian Gropper MD
>>
>> PROTECT YOUR FUTURE - RESTORE Health Privacy!
>> HELP us fight for the right to control personal health data.
>> DONATE: https://patientprivacyrights.org/donate-3/
>> _______________________________________________
>> Openid-specs-heart mailing list
>> Openid-specs-heart at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>>
> --
> Danny van Leeuwen
> Danny at health-Hats.com
> 617-304-4681 <(617)%20304-4681>
> Blog: www.health-hats.com
> Twitter: @healthhats
>
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20171101/5b56aa63/attachment.html>