<div dir="ltr"><div>I'm having a hard time following this use-case. If we're looking for the simplest possible cases, I can think of two:<br><br></div>Case A: <br><ul><li>Alice visits Labcorp to get a blood test for HIV. <br></li><li>She pays cash. She does not show ID.<br></li><li>She wants to send the result to somewhere identified by an email address that she gives to Lab Corp</li><li>A Webfinger or equivalent lookup provides Labcorp with a pubic encryption key</li><li>Labcorp encrypts the result and exposes a protected resource with the result.</li><li>Labcorp transmits the URI of the protected resource to Alice in-person or via email.<br></li></ul><p><br></p><p>Case B:</p><ul><li>Alice visits Labcorp to get a blood test for HIV that she will share with her PCP.</li><li>Both Labcorp and her PCP trust AppleIDs to belong to the same person even though the same person can have multiple AppleIDs.<br></li><li>She pays cash.</li><li>She identifies herself by using her AppleID to sign-in to the Labcorp kiosk. Labcorp does not see her AppleID.<br></li><li>Labcorp gets a pairwise pseudonymous identifier for her HIV test from Apple.<br></li><li>Labcorp encrypts the result and exposes a protected resource with the result.</li><li>Labcorp transmits the URI of the protected resource to Alice in-person or via email.<br></li><li>Alice visits her PCP and uses the same AppleID she used at Labcorp to sign-in to the PCP kiosk. The PCP does not see her AppleID.<br></li><li>PCP gets a pairwise pseudonymous identifier for Alice's health record from Apple.<br></li><li>Alice use the kiosk she is signed into to point her PCP to Labcorp's protected resource. <br></li><li>The PCP accesses the protected resource and trusts Apple that it belongs to Alice's health record and the HIV test was performed by Labcorp.</li></ul><p>Case A has no patient ID issue whatsoever. Neither does Case B. If Alice wants to make her HIV result endpoint discoverable, that's a different, more complicated use case - let's call that Case C.<br></p><p>If we replace Labcorp / HIV with the state controlled substance database and the the resource is a list of Alice's opioid prescriptions, then that's a different use-case where Alice must present the PCP with a verified ID - let's call this Case D. However, this trust elevation form a voluntary ID in case B to a verified ID in Case D should not happen except if Alice asks for a controlled substance and she agrees to provide a verified ID. This is equivalent to the car dealer asking you for permission to run your Social Security Number if you ask for a car loan and only then do you sign the form with your SSN on it for a credit check.</p><p>Can we start with just case A and B and add C and D later?</p><p>Also, introducing a PHR into the conversation makes all of the cases more complicated because we then have to deal with provenance and with how we correct errors when data is accessed by copy instead of by reference, etc.. I would consider a PHR just another protected resource, no different from any other.<br></p><p>Adrian<br></p><p><br></p></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, May 7, 2015 at 10:30 PM, Debbie Bucci <span dir="ltr"><<a href="mailto:debbucci@gmail.com" target="_blank">debbucci@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>First question<br></div><br></div>What is the function of the UMA service in the practice? Is it an enterprise function to help the practice manage the its authorizations and/or supports the patient portal ? <br>Given Alice has chosen her PHR to be her source of truth, my current assumption is that she would manage her authorizations at the PHR UMA service<br> <br></div><div><br><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, May 7, 2015 at 8:02 PM, Kinsley, William <span dir="ltr"><<a href="mailto:BKinsley@nextgen.com" target="_blank">BKinsley@nextgen.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div link="blue" vlink="purple" lang="EN-US">
<div>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a">Debbie, (and group)<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a">In the attached word document, I hopefully clarified this use case and answered your questions. Again, the point is to create the discussion of these very issues you
bring up.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a">Questions:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a"> #1: “Trust between patient portal and cloud based PHR?” I am simplify this by removing the dynamic discovery process. See the attached documents.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a"> #2: “The cloud PHR has established a base identity proofing/authentication level of trust?” Since the PHR is not a HIPAA covered entity (like most personal
HIT devices and services), the PHR is using common internet credentialing (e-mail or SMS codes). Two points here:<u></u><u></u></span></p>
<p style="margin-left:.75in">
<u></u><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a"><span>1)<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a">There are no regulation requiring the PHR to use any credentialing standard such as NIST and there are different credentialing processes being used. (Do
not be mistaken, this is not what I am advocating, it “just is”)<u></u><u></u></span></p>
<p style="margin-left:.75in">
<u></u><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a"><span>2)<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a">Each system is offering different level of authentication controls.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a">Again, this is a simple real world use case; but it has a lot of moving parts.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a">Bill<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a"> <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Openid-specs-heart [mailto:<a href="mailto:openid-specs-heart-bounces@lists.openid.net" target="_blank">openid-specs-heart-bounces@lists.openid.net</a>]
<b>On Behalf Of </b>Debbie Bucci<br>
<b>Sent:</b> Saturday, May 02, 2015 1:46 PM<br>
<b>To:</b> <a href="mailto:openid-specs-heart@lists.openid.net" target="_blank">openid-specs-heart@lists.openid.net</a><br>
<b>Subject:</b> [Openid-specs-heart] HEART Stepping stones - Consent Use case<u></u><u></u></span></p><div><div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Picking this back up again but removed the background leading to this and starting a different thread. Bill says keep it simple but it's complex! He has 2 scenarios but I focused on the most difficult -
I have posted the original text to Bill's question on the wiki:<br>
<br>
<a href="http://hg.openid.net/heart/wiki/PCP_First_Appointment" target="_blank">http://hg.openid.net/heart/wiki/PCP_First_Appointment</a>
<u></u><u></u></p>
</div>
<div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#44546a">Questions:</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#44546a">Client one: If Alice has chosen a cloud based PHR that already has an established trust:
</span><u></u><u></u></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;color:#5f497a">Please clarify what you mean by established trust:</span></b><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:30.0pt">
<b><span style="font-size:10.0pt;color:#5f497a">1.</span></b><b><span style="font-size:7.0pt;color:#5f497a">
</span></b><b><span style="font-size:10.0pt;color:#5f497a">Trust between patient portal and cloud based PHR: the patient portal has establish an FHIR API server , is accepting client applications and the client PHR is has been registered with the Patient Portal?</span></b><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:30.0pt">
<b><span style="font-size:10.0pt;font-family:"Times",serif;color:#5f497a">2.</span></b><b><span style="font-size:7.0pt;color:#5f497a">
</span></b><b><span style="font-size:10.0pt;color:#5f497a">The cloud PHR has established a base identity proofing/authentication level of trust?
</span></b><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:30.0pt">
<b><span style="font-size:10.0pt;font-family:"Times",serif;color:#5f497a">3.</span></b><b><span style="font-size:7.0pt;color:#5f497a">
</span></b><b><span style="font-size:10.0pt;color:#5f497a">Both</span></b><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#44546a">What are the credentialing requirements to create Alice's account?
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:30.0pt">
<b><span style="font-size:10.0pt;color:#44546a">1.</span></b><b><span style="font-size:7.0pt;color:#44546a">
</span></b><b><span style="font-size:10.0pt;color:#44546a">Patient Portal</span></b><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:30.0pt">
<b><span style="font-size:10.0pt;color:#44546a">2.</span></b><b><span style="font-size:7.0pt;color:#44546a">
</span></b><b><span style="font-size:10.0pt;color:#44546a">Cloud PHR </span></b><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:30.0pt">
<b><span style="font-size:10.0pt;color:#44546a">3.</span></b><b><span style="font-size:7.0pt;color:#44546a">
</span></b><b><span style="font-size:10.0pt;color:#44546a">Both</span></b><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#44546a">Note that ONC"s Ten year interop roadmap refer's to NIST SP 800-63-2 and OMB M-040-04 and is implying level 2 or 3 levels of assurance
(LOA). (see pp 59)</span><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;color:#44546a">LOA2 is a single factor –that’s out. The HITPC committee recommended more than username and password for patient portals – that
implies multifactor. Transaction will be more secure but what is the level of identity proofing needed – no real guidance issued for patients that I am aware of. There is the notion that the patient is know to the practice – but at this point - it’s
an initial visit – not the case.</span></b><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#44546a">Are there two or three consent profiles?</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#44546a">One for Alice's PHR defining what to share with the Practice?
</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#44546a">One for the Practice defining what is to be shared with Alice's PHR?
</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#44546a">One for Alice at the Practice portal defining what the Portal (or Practice?) is to be shared?
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:30.0pt">
<b><span style="font-size:10.0pt;color:#44546a">1.</span></b><b><span style="font-size:7.0pt;color:#44546a">
</span></b><b><span style="font-size:10.0pt;color:#44546a">Are there consent preferences stored /shared on the patient’s trusted UMA service?
</span></b><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:30.0pt">
<b><span style="font-size:10.0pt;color:#44546a">2.</span></b><b><span style="font-size:7.0pt;color:#44546a">
</span></b><b><span style="font-size:10.0pt;color:#44546a">Is there a Consent Directives Management Service trusted by the UMA service?</span></b><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:30.0pt">
<b><span style="font-size:10.0pt;color:#44546a">3.</span></b><b><span style="font-size:7.0pt;color:#44546a">
</span></b><b><span style="font-size:10.0pt;color:#44546a">Is there a CDMS maintained by the provider</span></b><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:30.0pt">
<b><span style="font-size:10.0pt;color:#44546a">4.</span></b><b><span style="font-size:7.0pt;color:#44546a">
</span></b><b><span style="font-size:10.0pt;color:#44546a">Does the PHR maintain it own CDMS?</span></b><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#44546a"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#44546a">How is the initial implied consent for TPO electronically presented, stored and accessed?
</span><u></u><u></u></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;color:#44546a">Generate a consent receipt reminding the patient they agreed </span></b><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;color:#44546a">I wonder if this is the ruckus I've heard re: check the box for consent ...
</span></b><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#44546a"> How is this consent profile used by the practice's internal HIT systems? (if at all)</span><u></u><u></u></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;color:#44546a">Which profile?</span></b><u></u><u></u></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><u></u> <u></u></p>
</div>
</div>
</div>
</div></div></div>
</div>
</blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr">Adrian Gropper MD<span style="font-size:11pt"></span><font size="1"><br><font size="2">Ensure Health Information Privacy. Support Patient Privacy Rights.<br></font></font><span style="font-size:11pt"><font size="1"></font></span><font size="2"><a href="http://patientprivacyrights.org/donate-2/" target="_blank"><font color="blue"><u>http://patientprivacyrights.org/donate-2/</u></font></a><font color="blue"><u> </u></font></font><span style="font-size:11pt"></span><span style="font-size:11pt"></span><span style="font-size:11pt"><font size="1"> <br></font><div></div></span><br></div></div>
</div>