<div dir="ltr"><div><div>If we do not have a common understanding - how do we know when we are conflating the issues? I found it helpful to walk stepwise through the use case and understand the complexities. If we have bucket to sort them into - great. <br> There are a lot different parts/issue to consider within each component - which was primarily registration today <br><br>Does solving the patient portal = <span style="font-size:11pt;line-height:107%;font-family:Calibri">Alice’s PHR (or PCP portal or vendor health app) can be her single point of truth via the use of FHIR APIs ? </span>
</div></div><div><br><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, May 11, 2015 at 6:12 PM, Justin Richer <span dir="ltr"><<a href="mailto:jricher@mit.edu" target="_blank">jricher@mit.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">I’m with Adrian in terms of decomposing the problem into its components. There was a lot of conflation of authentication, authorization, trust, assurance, and different actors in the discussion today. If we don’t keep the parts clearly-defined we’ll never make progress.<span class="HOEnZb"><font color="#888888"><div><br></div><div> — Justin</div></font></span><div><div class="h5"><div><br></div><div><br><div><blockquote type="cite"><div>On May 11, 2015, at 5:52 PM, Adrian Gropper <<a href="mailto:agropper@healthurl.com" target="_blank">agropper@healthurl.com</a>> wrote:</div><br><div><div dir="ltr"><div><div>I interpreted the principal goal of Bill's Use Case to be a desire to solve the multiple portals problem. I'm aware of parents of seriously ill children that have as many as 11 separate portals to deal with.<br><br></div>Is this the principal goal of this conversation? If so, then we can begin to decompose the goal of solving the multiple portals problem into registration, authorization and authentication components for the various actors. If there's another goal, please make it clear.<br><br></div>Adrian<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, May 11, 2015 at 5:07 PM, Debbie Bucci <span dir="ltr"><<a href="mailto:debbucci@gmail.com" target="_blank">debbucci@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>All <br><br></div>Great idea from Justin to post now and great discussion ... If other post - I will try to merge before the weekend for next week.<br><br><br><p style="margin-left:0.75in"><span><span>1.<span style="font:7pt "Times New Roman""> </span></span></span>Alice
calls the practice and schedules her initial appointment.</p><p style="margin-left:1in"><span><span>A.<span style="font:7pt "Times New Roman"">
</span></span></span>The Scheduler does not find an existing account
for Alice and creates a new account.</p><p style="margin-left:1.2in"><span><span><span style="font:7pt "Times New Roman"">
</span>i.<span style="font:7pt "Times New Roman"">
</span></span></span>Local account – Alice may not know</p><p style="margin-left:1.2in"><span><span><span style="font:7pt "Times New Roman"">
</span>ii.<span style="font:7pt "Times New Roman"">
</span></span></span>Could bind an external account/identity to it –
binding ceremony</p><p style="margin-left:1.2in"><span><span><span style="font:7pt "Times New Roman"">
</span>iii.<span style="font:7pt "Times New Roman"">
</span></span></span>Object at database/table – that point to Alice
OIDC + Public key or other stuff</p><p style="margin-left:1in"><span><span>B.<span style="font:7pt "Times New Roman"">
</span></span></span>The Scheduler creates an appointment with the
PCP Alice has selected.</p><p style="margin-left:0.75in"><span><span>2.<span style="font:7pt "Times New Roman""> </span></span></span>Alice
arrives at the practice and registers with the front desk.</p><p style="margin-left:1in"><span><span>A.<span style="font:7pt "Times New Roman"">
</span></span></span>Alice provides the Registrar with her driver’s
license and insure card(s). </p><p style="margin-left:1.2in"><span><span><span style="font:7pt "Times New Roman"">
</span>i.<span style="font:7pt "Times New Roman"">
</span></span></span><span> </span>– id
proofing process</p><p style="margin-left:1.2in"><span><span><span style="font:7pt "Times New Roman"">
</span>ii.<span style="font:7pt "Times New Roman"">
</span></span></span>online eligibility checking – what is covered?
payment</p><p style="margin-left:1.2in"><span><span><span style="font:7pt "Times New Roman"">
</span>iii.<span style="font:7pt "Times New Roman"">
</span></span></span>collect and scan – but how about verification ?<span> </span></p><p style="margin-left:1in"><span><span>B.<span style="font:7pt "Times New Roman"">
</span></span></span>The Registrar scan the cards and updates Alice’s
account.</p><p style="margin-left:1.2in"><span><span><span style="font:7pt "Times New Roman"">
</span>i.<span style="font:7pt "Times New Roman"">
</span></span></span>Id proofing</p><p style="margin-left:1.2in"><span><span><span style="font:7pt "Times New Roman"">
</span>ii.<span style="font:7pt "Times New Roman"">
</span></span></span>Can this ID process be re-used “known to the
practice?”<span> </span>How can we represent that
within the protocols?<span> </span></p><p style="margin-left:1.2in"><span><span><span style="font:7pt "Times New Roman"">
</span>iii.<span style="font:7pt "Times New Roman"">
</span></span></span>FITS into vectors of trust in IETF work</p><p style="margin-left:1.4in"><span><span>1.1.1.2.B.iii.1.<span style="font:7pt "Times New Roman"">
</span></span></span>Verify holder of claims/document with identity–
high level of confidence</p><p style="margin-left:1.4in"><span><span>1.1.1.2.B.iii.2.<span style="font:7pt "Times New Roman"">
</span></span></span>Onboarding ceremony can bind and verify
separately</p><p style="margin-left:1.4in"><span><span>1.1.1.2.B.iii.3.<span style="font:7pt "Times New Roman"">
</span></span></span>Quick photograph and imbed into record for
evidence of practice. </p><p style="margin-left:1.2in"><span><span><span style="font:7pt "Times New Roman"">
</span>iv.<span style="font:7pt "Times New Roman"">
</span></span></span>How does the profiles represent the level of
trusts – two levels of proofing<span> </span>- trust
elevation <span> </span>- </p><p style="margin-left:1.4in"><span><span>1.1.1.2.B.iv.1.<span style="font:7pt "Times New Roman"">
</span></span></span>(bill concerns) Login to phr<span> </span>- portals will create login account – Alice
has a choice – PCP or PHR<span> </span>- potential to
use multiple accounts with different levels of trust – how does the levels of
trust get described across relying parties/resource servers (?)<span> </span>How do we know Alice is Alice?</p><p style="margin-left:1.4in"><span><span>1.1.1.2.B.iv.2.<span style="font:7pt "Times New Roman"">
</span></span></span>Alice should have the choice to use whatever.
Identity to bind external accounts with local accounts is powerful</p><p style="margin-left:1.4in"><span><span>1.1.1.2.B.iv.3.<span style="font:7pt "Times New Roman"">
</span></span></span>When alice goes to specialist – why would alice
need an additional proofing? Specialist can always do their own binding
process. </p><p style="margin-left:1.4in"><span><span>1.1.1.2.B.iv.4.<span style="font:7pt "Times New Roman"">
</span></span></span>Who is the system of record – not bound in OAUTH
world.<span> </span>Alice could prove in multi- ways.</p><p style="margin-left:1.4in"><span><span>1.1.1.2.B.iv.5.<span style="font:7pt "Times New Roman"">
</span></span></span>FHIR Referral message – between provider – I am
referring to alice –I know here as 1234 – she used cred (issuer/subject) –<span> </span>if you trust me<span> </span>- let her in – save binding ceremony.<span> </span>Who’s to trust bits of information – </p><p style="margin-left:1.4in"><span><span>1.1.1.2.B.iv.6.<span style="font:7pt "Times New Roman"">
</span></span></span>If FHIR API increases patient engagement going
forward …once Alice has set up credential –next system –if level of trust –
should be able to transfer /share information.</p><p style="margin-left:1.2in"><span><span><span style="font:7pt "Times New Roman"">
</span>v.<span style="font:7pt "Times New Roman"">
</span></span></span>More info – vectors of trust and binding … take
advantage of capabilities that did not exist in paper world<span> </span></p>
</div></div>
<br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div><div dir="ltr">Adrian Gropper MD<span style="font-size:11pt"></span><font size="1"><br><font size="2">Ensure Health Information Privacy. Support Patient Privacy Rights.<br></font></font><span style="font-size:11pt"><font size="1"></font></span><font size="2"><a href="http://patientprivacyrights.org/donate-2/" target="_blank"><font color="blue"><u>http://patientprivacyrights.org/donate-2/</u></font></a><font color="blue"><u> </u></font></font><span style="font-size:11pt"></span><span style="font-size:11pt"></span><span style="font-size:11pt"><font size="1"> <br></font><div></div></span><br></div></div>
</div>
_______________________________________________<br>Openid-specs-heart mailing list<br><a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.openid.net</a><br><a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br></div></blockquote></div><br></div></div></div></div></blockquote></div><br></div>