<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Adrian, <br>
<br>
Thanks for including me. <br>
<br>
John, <br>
<br>
The gross ceremony / fine-grain issue is an interesting vocabulary
that I rather like.<br>
<br>
Many of the issues of law and consent can be viewed as problems of
traceability. How do I know the text I'm being asked to sign or
rely on is derived from a verified source, am I informed if someone
spots an issue, which solutions are trusted by people I trust? This
problem maps well to issues in source code management, and
git/GitHub provides a really robust solution. The "legal" part of
the problem is mostly a matter of getting communities of use around
particular formulations. The goal is shared repositories/wikis - a
kind of 3.0 Civil Code. <br>
<br>
Patient consents are one of the most interesting use cases because
they are so important. We've done a number of examples. With
Primavera De Filippi (of Berkman, who also coded the current parser)
we did a 3-language machine-readable model patient consent based on
the form of the Global Alliance for Genomics and Health. With
Adrian, I did a swim lanes sketch. For Apple's ResearchKit (with
John Wilbanks of Sage Bionetworks) - I did a form from one of their
studies.<br>
<br>
Global Alliance:<br>
<a class="moz-txt-link-freetext" href="http://ga4gh.commonaccord.org/index.php?action=list&file=./Demo/">http://ga4gh.commonaccord.org/index.php?action=list&file=./Demo/</a>
<br>
Swimming with Adrian:<br>
<a class="moz-txt-link-freetext" href="http://www.commonaccord.org/index.php?action=list&file=/doc/roi/">http://www.commonaccord.org/index.php?action=list&file=/doc/roi/</a><br>
ResearchKit:<br>
<a class="moz-txt-link-freetext" href="http://my.commonaccord.org/index.php?action=source&file=Research/Consent/Form/Research_Consent_Form.md">http://my.commonaccord.org/index.php?action=source&file=Research/Consent/Form/Research_Consent_Form.md</a><br>
<br>
None of these yet have active communities, though there are a number
of discussions at various stages.<br>
<br>
There is a strong fit with peer-to-peer payments systems. The gross
ceremony / fine-grain issue is a lot like the legal text vs "smart
contract" discussion there.<br>
<br>
Happy to point to more examples or make a new one.<br>
<br>
Cheers, Jim<br>
<br>
<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On 8/6/15 4:37 PM, Adrian Gropper
wrote:<br>
</div>
<blockquote
cite="mid:CANYRo8hky2BRKzEc+TSUH_UoEjfZeMh7Wprc4fqic_VTGcW+qg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>This is exactly the problem Jim's Common Accord is designed
to solve. It links human-readable documents with machine-based
structures a-la github. We also just launched a legal subgroup
in UMA. All good stuff that HL7 and FHIR should not have to
worry about.<br>
<br>
</div>
Adrian<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Aug 6, 2015 at 9:06 AM,
Moehrke, John (GE Healthcare) <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:John.Moehrke@med.ge.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:John.Moehrke@med.ge.com">John.Moehrke@med.ge.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div link="blue" vlink="purple" lang="EN-US">
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I
agree with your proposal for ‘Authorize for
Disclosure’ and to de-emphasize ‘Consent’… (although
this problem with ‘Consent’ is only a USA problem)…
</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><br>
But I don’t think that a UMA/OAuth ‘token’ will be
seen as legitimate evidence in a court. It would be
quickly shown to be not intelligible by the
layperson, I can barely read them. Thus it is not
evidence of the act of ‘authorizing for disclosure’
ceremony. This is indeed a practice-of-law problem
that we all hope changes, but I have little hope
that it will change in the coming 10 years. This is
why I want the gross ceremony to be a pre-condition,
with the UMA/OAuth technology be the fine-grain
solution. I expect that a gross ceremony can be
shown in a court as evidence that all parties
understood the use of the technology would be used
for fine-grain. Note that if the courtroom antics
change, then this pre-condition simply goes away.
But by putting it there we enable it to be used, and
thus make our solution more palatable to the legal
folks at those custodian organizations that are
afraid to release information today.</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">John</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<div>
<div style="border:none;border-top:solid #b5c4df
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Aaron Seib [mailto:<a moz-do-not-send="true"
href="mailto:aaron.seib@nate-trust.org"
target="_blank">aaron.seib@nate-trust.org</a>]
<br>
<b>Sent:</b> Thursday, August 06, 2015 7:58 AM<br>
<b>To:</b> Moehrke, John (GE Healthcare);
'Adrian Gropper'; 'Debbie Bucci'<br>
<b>Cc:</b> <a moz-do-not-send="true"
href="mailto:openid-specs-heart@lists.openid.net"
target="_blank">openid-specs-heart@lists.openid.net</a><br>
<b>Subject:</b> RE: [Openid-specs-heart] HEART
2015-08-05 meeting notes</span></p>
</div>
</div>
<div>
<div class="h5">
<p class="MsoNormal"> </p>
<p class="MsoNormal"><a moz-do-not-send="true"
name="14f0334d8c08d35d__MailEndCompose"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I
tend to agree with John’s recommendation with
a friendly amendment.</span></a><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">We
should not mis-use the word consent. We should
use the term – authorize for disclosure.</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">The
primary reason being that the term consent has a
lot of baggage and is defined in law for Human
research protections and authorize for
disclosure is more accurate to me. Consent – as
pointed out by the Kind Sir from Boston (Adrian)
to point out – meant something before 2002 that
it doesn’t mean anymore.</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">In
my opinion the notion of authorize for
disclosure also conveniently aligns with my
understanding of what ab “UMA/OAuth token” would
represent on a per transaction basis.</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">In
court we would expect the entity accused of
unauthorized disclosure to be able to produce a
valid UMA/OAuth token as a sufficient defense
from mis-representations of trial lawyers.</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Aaron
Seib</span></p>
<p class="MsoNormal"><a moz-do-not-send="true"
href="https://urldefense.proofpoint.com/v2/url?u=http-3A__www.nate-2Dtrust.org_&d=AwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=87vCtxeoEunALdecDlNur8aIU5qcY6YWTAxWw6j34cs&s=PU_01do09mzHBYjfdhFvZCLDAP7Tpxnm1P001w-6AlU&e="
target="_blank"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">NATE</span></a><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">,
CEO</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">@CaptBlueButton</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">(o)
<a moz-do-not-send="true"
href="tel:301-540-2311" value="+13015402311"
target="_blank">301-540-2311</a></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">(m)
<a moz-do-not-send="true"
href="tel:301-326-6843" value="+13013266843"
target="_blank">301-326-6843</a></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<div>
<div style="border:none;border-top:solid #b5c4df
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Openid-specs-heart [<a
moz-do-not-send="true"
href="mailto:openid-specs-heart-bounces@lists.openid.net"
target="_blank"><a class="moz-txt-link-freetext" href="mailto:openid-specs-heart-bounces@lists.openid.net">mailto:openid-specs-heart-bounces@lists.openid.net</a></a>]
<b>On Behalf Of </b>Moehrke, John (GE
Healthcare)<br>
<b>Sent:</b> Thursday, August 6, 2015 7:27
AM<br>
<b>To:</b> Adrian Gropper; Debbie Bucci<br>
<b>Cc:</b> <a moz-do-not-send="true"
href="mailto:openid-specs-heart@lists.openid.net"
target="_blank">openid-specs-heart@lists.openid.net</a><br>
<b>Subject:</b> Re: [Openid-specs-heart]
HEART 2015-08-05 meeting notes</span></p>
</div>
</div>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">At
the federal level, under HIPAA alone, there is
no need for consent for purposes of using the
data within the Covered Entity for Treatment,
Payment, and Normal operations.</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">BUT,
there are plenty of states that require consent…
Ignoring reality of states regulations is not
useful.</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">AND,
there are some institutions that would rather
have a consent that authorizes them to share
beyond their Covered Entity boundary. Not
everyone reads HIPAA ‘Treatment’ as an
authorization to share with any treating
provider.</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">AND,
there are some ‘sensitive’ health topics covered
by federal money that do come with a requirement
for consent for sharing. This was the main focus
of the DS4P efforts.</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">So,
let’s not focus on HIPAA alone. Let’s expect
that ‘for whatever reason an organization wants
to have positive evidence that the patient
desires sharing to happen’ as the trigger to
allow it to happen (otherwise deny it from
happening. This would seem more helpful to the
community we are doing this work for. </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">An
important aspect of all of this is how will the
organization holding the data be able to legally
defend that a UMA/OAuth token was valid evidence
of consent that would hold up in a courtroom… We
can’t address this in HEART, but it should not
slow us down. We again, document this as a
precondition to our work. One way this is done
is that a paper trail is a part of the initial
setup of a patient engaging with the system.</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">John</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Openid-specs-heart [<a moz-do-not-send="true"
href="mailto:openid-specs-heart-bounces@lists.openid.net"
target="_blank">mailto:openid-specs-heart-bounces@lists.openid.net</a>]
<b>On Behalf Of </b>Adrian Gropper<br>
<b>Sent:</b> Wednesday, August 05, 2015 11:49 PM<br>
<b>To:</b> Debbie Bucci<br>
<b>Cc:</b> <a moz-do-not-send="true"
href="mailto:openid-specs-heart@lists.openid.net"
target="_blank">openid-specs-heart@lists.openid.net</a><br>
<b>Subject:</b> Re: [Openid-specs-heart] HEART
2015-08-05 meeting notes</span></p>
<p class="MsoNormal"> </p>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt">I have never
heard the term "simple consent". There's
nothing like "consent" in the context of
data sharing that I can think of. HIPAA
removed the patient's right of consent in
2002 <a moz-do-not-send="true"
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__patientprivacyrights.org_-3Fs-3DHIPAA-2BConsent&d=AwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=QPfpP6tNPhNn0uCYFnfBuRqSH5IVEwKw_Jqp3j4NGRQ&s=u1OCcH7ZkX-4jzmNs_eIhVZUi0lQOy0npXd30zYGE8I&e="
target="_blank">https://patientprivacyrights.org/?s=HIPAA+Consent</a></p>
</div>
<p class="MsoNormal"
style="margin-bottom:12.0pt">There are
consent forms for research but that's not
part of the use cases we're tackling these
days.</p>
</div>
<p class="MsoNormal"
style="margin-bottom:12.0pt">Does anyone have
an example of consent for clinical data
sharing to share with us?</p>
</div>
<p class="MsoNormal">Adrian</p>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> </p>
</div>
</div>
</div>
</div>
</div>
<div>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">On Thu, Aug 6, 2015 at
12:10 AM, Debbie Bucci <<a
moz-do-not-send="true"
href="mailto:debbucci@gmail.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:debbucci@gmail.com">debbucci@gmail.com</a></a>>
wrote:</p>
<div>
<div>
<p class="MsoNormal">@Eve - yes I know its
client but I'm really hung up on the token
generation/choices. Thanks for the
tweaks.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">I know we clarified
that the release form is NOT consent in
one of our earlier meetings but is this
(release of information) what I have heard
others refer to as simple consent?
During this process would access to
problems/meds/allergies be included in
that authorization/consent flow? I
visualized more than demographics in the
conversation.</p>
</div>
<div>
<div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">On Wed, Aug 5,
2015 at 9:21 PM, Justin Richer <<a
moz-do-not-send="true"
href="mailto:jricher@mit.edu"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:jricher@mit.edu">jricher@mit.edu</a></a>>
wrote:</p>
<div>
<p class="MsoNormal">Thank you,
Adrian, this is a great reference!
I think your annotations make
sense as well, things should map
pretty plainly to the OAuth
process. The tricky part (that we
got a start on today) is going to
be the scopes bits and getting
those right.<br>
<br>
For an UMA flow, it's also
similar, except that the "who can
see it" is a set of claims instead
of the client application.<span
style="color:#888888"><br>
<br>
-- Justin</span></p>
<div>
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> </p>
<div>
<p class="MsoNormal">On
8/5/2015 9:12 PM, Adrian
Gropper wrote:</p>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt">I've
attached a very
typical Release of
Information
authorization. I've
annotated the 5
elements common to
all such documents
that I have ever
seen. The stuff
outside if the
rectangles is more
or less optional. </p>
</div>
<p class="MsoNormal"
style="margin-bottom:12.0pt">This
form covers one
direction of the
EHR-PHR Use Case. It
is presented to the
Custodian (the patient
or their designate )
and approved by them
by the Resource Server
and pre-filled with
information supplied
by the Client, if
available. <br>
<br>
In some cases, the
Client information is
not available at the
time the Authorization
form is signed. In
that case, it will be
up to the
Authorization Server
to consider the Client
and User information
and provide the
authorization to the
Resource Server.</p>
</div>
<p class="MsoNormal"
style="margin-bottom:12.0pt">The
Resource Server has the
final say in all cases
and could decide to
ignore the authorization
based on local or
jurisdictional policy.
This is outside the
control of the Resource
Owner and likely to be
out of scope for HEART
in all use-cases.</p>
</div>
<div>
<p class="MsoNormal">This
ROI Authorization Form
is the only "consent"
that I'm aware of in
clinical IT. Patients
are asked to sign other
documents, including:</p>
</div>
<div>
<p class="MsoNormal">Registration
Form, Notice of Privacy
Practices, and Treatment
Consent but none of
these has anything to do
with sharing of health
data (except for HIPAA
TPO which we will not
get into here.)</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<p class="MsoNormal">Adrian</p>
</div>
<div>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">On
Wed, Aug 5, 2015 at 8:27
PM, jim kragh <<a
moz-do-not-send="true"
href="mailto:kragh65@gmail.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:kragh65@gmail.com">kragh65@gmail.com</a></a>>
wrote:</p>
<div>
<p class="MsoNormal">Thanks
for sharing,...
informative and
constructive in
reaching the patient
end point. </p>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">May
all have a nice
evening!</p>
</div>
</div>
<div>
<p class="MsoNormal"> </p>
<div>
<div>
<div>
<p
class="MsoNormal">On
Wed, Aug 5, 2015
at 3:26 PM,
Debbie Bucci
<<a
moz-do-not-send="true"
href="mailto:debbucci@gmail.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:debbucci@gmail.com">debbucci@gmail.com</a></a>>
wrote:</p>
</div>
</div>
<blockquote
style="border:none;border-left:solid
#cccccc
1.0pt;padding:0in
0in 0in
6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<div>
<div>
<p
class="MsoNormal">Attendees:</p>
</div>
<div>
<p
class="MsoNormal">Eve
Maler</p>
</div>
<div>
<p
class="MsoNormal">Justin
Richer</p>
</div>
<div>
<p
class="MsoNormal">Josh
Mandel</p>
</div>
<div>
<p
class="MsoNormal">Adrian
Gropper</p>
</div>
<div>
<p
class="MsoNormal">Thomas
Sullivan </p>
</div>
<div>
<p
class="MsoNormal">Debbie
Bucci</p>
</div>
<div>
<p
class="MsoNormal"> </p>
</div>
<div>
<p
class="MsoNormal">We
have decided
to delineate
between
mechanical and
semantic scope
docs.</p>
</div>
<div>
<p
class="MsoNormal"> </p>
</div>
<div>
<p
class="MsoNormal">For
the PCP
<-> PHR
use case:</p>
</div>
<div>
<p
class="MsoNormal"> </p>
</div>
<div>
<p
class="MsoNormal">The
pre determined
choice token
confidential
token choice
and exactly
what
information
needs (example:
PHR's authorization
endpoint) to
be shared in
advance
between the
PCP's EHR and
Alice's PCP
was left out
of the
discussion for
now.</p>
</div>
<div>
<p
class="MsoNormal"> </p>
</div>
<div>
<p
class="MsoNormal">There
is one
basic mechanical
Oauth generic
flow that
occurs twice
in the use
case.</p>
</div>
<div>
<p
class="MsoNormal"> </p>
</div>
<div>
<p
class="MsoNormal">Given
the group has
generally
agreed that
the SMART
specifications
are a good
place to <strong><i>start
</i></strong><em>...
</em>for this
particular use
case the only
semantic FHIR
scope that is
necessary is
the
patient/*.read
scope that
grants
permission to
read any
resource for
the current
patient.</p>
</div>
<div>
<p
class="MsoNormal"> </p>
</div>
<div>
<p
class="MsoNormal">During
the
registration
process Alice
should be able
to select at a
fine grain
level which
resources she
is willing to
share with the
PHR. This
mimic's a
specific
process
- Adrian
please
provide. This
information
will be used
to generate
the access
token.</p>
</div>
<div>
<p
class="MsoNormal"> </p>
</div>
<div>
<p
class="MsoNormal">The
one thing left
at the end of
the discussion
is whether the
patient record
is implicit or
explicitly
stated. This
is a design
decision that
may make a
difference as
we move
towards our
next use case
in
which delegation
is a factor.</p>
</div>
<div>
<p
class="MsoNormal"> </p>
</div>
<div>
<p
class="MsoNormal">Corrections/updates
appreciated.
</p>
</div>
<div>
<p
class="MsoNormal"> </p>
</div>
<div>
<p
class="MsoNormal"> </p>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
<pre> </pre>
</blockquote>
<p class="MsoNormal"> </p>
</div>
</div>
</div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a moz-do-not-send="true"
href="mailto:Openid-specs-heart@lists.openid.net"
target="_blank">Openid-specs-heart@lists.openid.net</a><br>
<a moz-do-not-send="true"
href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dheart&d=AwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=QPfpP6tNPhNn0uCYFnfBuRqSH5IVEwKw_Jqp3j4NGRQ&s=rCzIAK2qBPKQaibR7Ns2AF69bEcf2hFBrgPF6wgZ0i4&e="
target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a></p>
</div>
<p class="MsoNormal"> </p>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><br>
<br clear="all">
<br>
-- </p>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">Adrian Gropper MD<br>
<br>
<span
style="font-family:"Arial","sans-serif";color:#1f497d">RESTORE
Health Privacy!<br>
HELP us fight for the right to
control personal health data.<br>
DONATE: <a moz-do-not-send="true"
href="https://urldefense.proofpoint.com/v2/url?u=http-3A__patientprivacyrights.org_donate-2D2_&d=AwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=QPfpP6tNPhNn0uCYFnfBuRqSH5IVEwKw_Jqp3j4NGRQ&s=5EO5dh5y1O7CjbbjqdwxTBcdii8ABtLHO2waj3VDYfw&e="
target="_blank"><span
style="color:#0563c1">http://patientprivacyrights.org/donate-2/</span></a></span>
</p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div class="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div><br>
<div dir="ltr">Adrian Gropper MD<span
style="font-size:11pt"></span><br>
<br>
<span
style="font-family:"Arial",sans-serif;color:#1f497d">RESTORE
Health Privacy!</span><span
style="font-family:"Arial",sans-serif;color:#1f497d"><br>
HELP us fight for the right to control personal
health data.</span><span
style="font-family:"Arial",sans-serif;color:#1f497d"></span><span
style="font-family:"Arial",sans-serif;color:#1f497d"><br>
DONATE:
<a moz-do-not-send="true"
href="http://patientprivacyrights.org/donate-2/"
target="_blank"><span style="color:#0563c1">http://patientprivacyrights.org/donate-2/</span></a></span><span
style="color:#1f497d"></span>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
@commonaccord
</pre>
</body>
</html>