<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Aaron,<br>
<br>
Your vision is not far-fetched at all. But I agree with John
Moehrke regarding it probably being out-of-scope for HEART.<br>
<br>
I am aware of a high-security use case in which the patient is
anonymous to the physician, and vice-versa. The underlying EHR is
also anonymized for the actors. Identity proofing is out-of-band in
the current implementation. But that is an extreme fringe example.
We need to exclude such cases from HEART, at least for now.<br>
<br>
More mainstream is the case of an unconscious John Doe arriving for
urgent care. Known-name registration, identity proofing, and
binding of PHR and EHR occur well after treatment. Default health
data disclosure policies need to be applied to John Doe upon an
initial anonymous registration, subject to later revision by the
patient or an authorized representative when the patient's identity
is established. Ignoring identity proofing for now, a HEART use
case needs to accommodate this scenario. It may be a break-glass
example. <br>
<br>
Glen <br>
<br>
<br>
<div class="moz-signature">
<p><b>Glen F. Marshall</b><br>
Consultant<br>
Security Risk Solutions, Inc.<br>
698 Fishermans Bend<br>
Mount Pleasant, SC 29464<br>
Tel: (610) 644-2452<br>
Mobile: (610) 613-3084<br>
<a class="moz-txt-link-abbreviated" href="mailto:gfm@securityrs.com">gfm@securityrs.com</a><br>
<a class="moz-txt-link-abbreviated" href="http://www.SecurityRiskSolutions.com">www.SecurityRiskSolutions.com</a></p>
</div>
<div class="moz-cite-prefix">On 8/12/15 09:40, Aaron Seib wrote:<br>
</div>
<blockquote
cite="mid:014601d0d504$6fa20920$4ee61b60$@nate-trust.org"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thank
you Adrian. Your perspective is informing.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">You
ask below this question that I pull up <o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in">‘What is the law
or regulation or moral imperative that causes this nebulous
"other provider" to doubt Alice's unverified assertion?<o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I
am probably the last person to argue that if the next
“provider” is a F2F encounter that there a need for the
provider to verify the consumers identity.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">For
those people that think care is always going to happen face
to face - I am sorry to inform you that the 19<sup>th</sup>
Century called and they want their care delivery model
back. <o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">As
we see the displacement of brick and mortar care delivery we
see the need for remotely ID proofing patients increasing.
I doubt think we will ever get to the point where all care
is delivered remotely – in fact I doubt it very much. What
I do see if the barrier to benefiting from the reuse and
upcycle of the F2F encounter as a means to increase the
level of assurance on the part of the relying party that
they are working with data related to the person that he or
she claims to be.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I
don’t think this is treating the patient as a criminal. It
is for their protection and a fraud prevention necessity. I
am not saying everyone has to subscribe to this notion for
it to work. You have your right to be unknown as much as I
do. I will argue with you about your rights effecting
mine. It isn’t a one size fits all universe and many of us
would be concerned if a remote provider trusted just anyone
claiming to be me and delivering care (not only from the
cost but also because of the data integrity issues that
could be introduced).<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Aaron
Seib, CEO<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">@CaptBlueButton
<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> (o)
301-540-2311<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">(m)
301-326-6843<o:p></o:p></span></p>
<p class="MsoNormal"><a moz-do-not-send="true"
href="nate-trust.org"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;text-decoration:none"><img
id="Picture_x0020_1"
src="cid:part1.00040908.00050606@securityrs.com"
border="0" height="48" width="205"></span></a><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a class="moz-txt-link-abbreviated" href="mailto:agropper@gmail.com">agropper@gmail.com</a> [<a class="moz-txt-link-freetext" href="mailto:agropper@gmail.com">mailto:agropper@gmail.com</a>] <b>On Behalf
Of </b>Adrian Gropper<br>
<b>Sent:</b> Tuesday, August 11, 2015 9:31 PM<br>
<b>To:</b> Aaron Seib<br>
<b>Cc:</b> Kinsley, William;
<a class="moz-txt-link-abbreviated" href="mailto:openid-specs-heart@lists.openid.net">openid-specs-heart@lists.openid.net</a><br>
<b>Subject:</b> Re: [Openid-specs-heart] Draft HEART Meeting
Notes 2015-08-10<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">inline...<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Tue, Aug 11, 2015 at 2:30 PM,
Aaron Seib <<a moz-do-not-send="true"
href="mailto:aaron.seib@nate-trust.org"
target="_blank">aaron.seib@nate-trust.org</a>>
wrote:<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">IDESG
has been working on this since the start of the
Obama administration, right? Do we know if they
have anything useful in this regard so far? </span><o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">IDESG is doing the best job of
anyone I know here or in the EU in this respect.
Useful is a loaded term. Until the cost of
cybersecurity breaches becomes noticeable in the
competitive marketplace or very strong data protection
laws (like EU is trying to mandate) are passed, the
industry will continue to ignore this. We have a very
hard time getting data holders (big hospital networks,
insurers, and their vendors) to participate in IDESG.
Why would we expect "anything useful" as long as they
see human-centered identity federation as not worthy
of their attention. <o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC
1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">The
use case that I am hearing – whether it belongs
in HEART or has already been solved for by the
funded work of the NSTIC pilots (I think they
have graduated some vendors from the program who
address these issues already, right?) is the
following:</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p><span
style="font-size:11.0pt;font-family:Symbol;color:#1F497D">·</span><span
style="font-size:7.0pt;color:#1F497D"> </span><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Alice
is unknown to the PCP practice. She becomes
known by providing the PCP with her AS URL and
related identifier information. The PCP uses
that AS to make disclosure decisions because he
trust the binding of her identity to the AS.</span><o:p></o:p></p>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal">Alice has an in-person relationship
with the PCP practice. Except for the case of
controlled substance prescriptions, there is
absolutely no need for identity proofing. If
controlled substances are to be prescribed, identity
proofing needs to be an escalation over the default
practice. Why would we want our healthcare system to
treat everyone as a criminal by default? <o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC
1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p><span
style="font-size:11.0pt;font-family:Symbol;color:#1F497D">·</span><span
style="font-size:7.0pt;color:#1F497D"> </span><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Another
provider wants to communicate with Alice. She
remotely sends him her AS URL and related
identifier information. Is there more
information in the universe that the new
provider can use to increase his level of
assurance that Alice is who she says she is
without a F2F meeting? </span><o:p></o:p></p>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal">What is the law or regulation or
moral imperative that causes this nebulous "other
provider" to doubt Alice's unverified assertion? Or is
it just a barrier to patient and caregiver access like
so much of HIPAA has been interpreted to be. We are
all aware of the Office of Civil Rights memos and the
ONC data blocking reports. That is the reality. <o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC
1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p><span
style="font-size:11.0pt;font-family:Symbol;color:#1F497D">·</span><span
style="font-size:7.0pt;color:#1F497D"> </span><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I.e.,
is there any way to discover that the PCP trust
the assertion that Alice is who she says she is
and uses this AS and related identifier
improving confidence in reliance on this
information shared remotely by Alice?</span><o:p></o:p></p>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal">Yes and this is what IDESG is
trying to solve. As long as the large data holders
compete on the basis of my silo is larger than their
silo, progress will continue to be slow. From the
perspective of the individual patient and physician,
it could get worse than it is today. <o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC
1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">If
the NSTIC projects already considered this and
determined that it was a dead end that would be
informative. </span><o:p></o:p></p>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">I
assume that you mean the NSTIC pilots. For the most
part, the NSTIC pilots are based on startups and
companies outside of healthcare trying to get their
spoon into the $3 T firehose. Under these
circumstances, NSTIC is doing better than could be
expected. The EU seems to be headed toward a more
heavy-handed governance mechanism that goes after the
largest institutions first. Both approaches have their
merits.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Adrian <o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC
1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Aaron
Seib, CEO</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">@CaptBlueButton
</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> (o)
<a moz-do-not-send="true"
href="tel:301-540-2311" target="_blank">301-540-2311</a></span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">(m)
<a moz-do-not-send="true"
href="tel:301-326-6843" target="_blank">301-326-6843</a></span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><a
moz-do-not-send="true"
href="http://nate-trust.org" target="_blank"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;text-decoration:none"><img
id="_x0000_i1025"
src="cid:part6.07090005.00060402@securityrs.com"
border="0" height="48" width="205"></span></a><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a moz-do-not-send="true"
href="mailto:agropper@gmail.com"
target="_blank">agropper@gmail.com</a>
[mailto:<a moz-do-not-send="true"
href="mailto:agropper@gmail.com"
target="_blank">agropper@gmail.com</a>] <b>On
Behalf Of </b>Adrian Gropper<br>
<b>Sent:</b> Tuesday, August 11, 2015 1:39 PM<br>
<b>To:</b> Aaron Seib<br>
<b>Cc:</b> Kinsley, William; <a
moz-do-not-send="true"
href="mailto:openid-specs-heart@lists.openid.net"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:openid-specs-heart@lists.openid.net">openid-specs-heart@lists.openid.net</a></a><br>
<b>Subject:</b> [Openid-specs-heart] Draft HEART
Meeting Notes 2015-08-10</span><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Aaron,<o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt">Digital
identity is being worked on in IDESG. The
verification of attributes is one aspect
of identity proofing. Privacy is the major
issue with identity proofing. In setting
up IDESG, NIST tried to be careful to make
privacy a "supercommittee" in the
governance process.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">If
we wanted to get into this in HEART, we
would probably need to start with a use
case.<o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Adrian<o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><br>
On Tuesday, August 11, 2015, Aaron Seib
<<a moz-do-not-send="true"
href="mailto:aaron.seib@nate-trust.org"
target="_blank">aaron.seib@nate-trust.org</a>>
wrote:<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I
am confused or might have a
friendly amendment for what you
are trying to communicate.</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Are
you positing to the group that
item (3) is out of scope because
it is an Identity Federation
feature and by definition not part
of the charter of the HEART
project?</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">If
that is what you are saying could
you please tell me who is working
on enabling the inclusion of the
PCP’s Identity Proofing of Alice
in determining the level of
assurance associated with her
accounts (in any system – PHR, EMR
or the portals thereof)?</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">This
is what I am trying to discover.
When the PCP has a
patient-provider relationship
established with Alice and he is
provide with Alice’s URL to her AS
I am very interested in how we can
reuse this ID proofing event to
increase the level of assurance
associated with Alice’s AS. There
are many ways to remote Identity
proof Alice that have cost
associated with them. If we can
capture the ID Proofing event (I
assume that a URL and some unique
Identifier related to Alice is
required in the HEART transactions
when Alice has her privacy
preferences configured in an AS
that has multiple users) from when
the PCP trust the URL/GUID
associated with Alice for an AS it
would create value too.</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">In
other words – how do we make it
possible for relying parties other
than Alice’s PCP to discover that
her PCP has come to trust the
binding of Alice’s Identity to a
specific URL/ID for her AS?</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Is
that being discussed anywhere
other than the HEART project? </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Aaron
Seib, CEO</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">@CaptBlueButton
</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> (o)
<a moz-do-not-send="true"
href="tel:301-540-2311"
target="_blank">301-540-2311</a></span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">(m)
<a moz-do-not-send="true"
href="tel:301-326-6843"
target="_blank">301-326-6843</a></span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><a
moz-do-not-send="true"
href="http://nate-trust.org"
target="_blank"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;text-decoration:none"><img
moz-do-not-send="true"
id="_x0000_i1026"
src="imap://gfm%40securityrs%2Ecom@outlook.office365.com:993/fetch%3EUID%3E/Drafts%3E1851?view=att&th=14f1d564d8a988e7&attid=0.1&disp=emb&realattid=cea212b74cdc1b4b_0.1&zw&atsh=1"
border="0" height="48"
width="205"></span></a><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Openid-specs-heart [<a
moz-do-not-send="true"
href="mailto:openid-specs-heart-bounces@lists.openid.net"
target="_blank"><a class="moz-txt-link-freetext" href="mailto:openid-specs-heart-bounces@lists.openid.net">mailto:openid-specs-heart-bounces@lists.openid.net</a></a>]
<b>On Behalf Of </b>Adrian
Gropper<br>
<b>Sent:</b> Monday, August 10,
2015 7:33 PM<br>
<b>To:</b> Kinsley, William<br>
<b>Cc:</b> <a
moz-do-not-send="true"
href="mailto:openid-specs-heart@lists.openid.net"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:openid-specs-heart@lists.openid.net">openid-specs-heart@lists.openid.net</a></a><br>
<b>Subject:</b> Re:
[Openid-specs-heart] Draft HEART
Meeting Notes 2015-08-10</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt">(Proposed)
<b>Problem Statement</b>
(for HEART EHR-PHR Use
Case:<o:p></o:p></p>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt">This
use-case is designed to
(1) enable automated
update of Alice's PHR when
new findings or orders are
entered by the physician
or practice staff into the
practice's EHR; (2) to
enable messaging with
attached documents from
the practice's EHR via
Alice's PHR; and (3) to
enable _________ by
allowing the practice to
identity proof Alice's
persona as authenticated
by Alice's PHR.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt">Discussion
of proposed problem
statement:<o:p></o:p></p>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt">I
think I understand the
intent, but I'm having a
difficult time coming up
with a transaction that
would be enabled or even
enhanced by (3). The intent
could be to enhance an
un-tethered PHR like
Microsoft HealthVault or a
health information exchange
that don't have an in-person
relationship with Alice in
case Alice loses her
password and forgets her
secret questions. In that
case, Alice could presumably
go to her PCP's office or
any other practice that is
federated with the PHR or
HIE and present a verified
ID to reclaim control of her
PHR account. As Sarah points
out in her comment, this is
a federation use-case
outside the scope of HEART.
<o:p></o:p></p>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt">Another
possible intent could be to
enhance the ability for
another practice, for example
the Quest Lab used by the PCP,
to share results with Alice or
Alice's PHR through the lab's
portal or FHIR interface. This
is another situation where the
other practice, the Lab, has
no in-person relationship with
Alice. It's another example of
federation because the Lab
would have to be federated
with the PHR host in order to
trust that indeed, the
identity proofing was done.
I'm not sure how this would
work. There's obviously trust
between the PCP and the Lab
because the PCP sent the order
to the Lab directly under the
HIPAA TPO exemption but the
PHR is another matter.<br>
<br>
It would be nice if the PCP
could send the order to the
Lab via the PHR. This would be
even more valuable in the case
of e-prescribing because Alice
would then have the
opportunity to shop various
pharmacies using, for example
GoodRX. With today's EHRs,
Alice has lost this ability to
shop around except if the EHR
prints a paper prescription or
lab order. The value of
shopping around, in the case
of orders for an expensive
test such as an MRI can be
over $1,000. To enable this
benefit, the EHR would have to
(a) digitally sign the order
and optionally (b) in the case
of a controlled substance
prescription, identity proof
Alice so that the pharmacy can
check her ID when she comes to
pick up her prescription.
Digitally signing the order or
prescription (a) before
sending it to the PHR under
case (1) or (2) above has
nothing to do with HEART and
may be considered a federation
or trust framework issue
anyway.<o:p></o:p></p>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt">Although
identity proofing could be
valuable for giving Alice access
to the portals of labs,
pharmacies, and health
information exchanges this is
purely a matter of federation
and doesn't have directly to do
with FHIR, OAuth, or UMA. <b>I
suggest there is no Problem
(3).</b><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">The
relationship between FHIR and
Problem (1) and Problem (2) is
yet another matter. I suggest we
take that up as part of the
scopes discussion once we have
finalized the Problem Statement.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Adrian<o:p></o:p></p>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">On
Mon, Aug 10, 2015 at 5:21 PM,
Sarah Squire <<a
moz-do-not-send="true"
href="mailto:sarah@engageidentity.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:sarah@engageidentity.com">sarah@engageidentity.com</a></a>>
wrote:<o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Most
of the discussion was captured
in the use case document
itself, but I noted the
discussion topics here as well
just for future reference.<o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p
style="margin:0in;margin-bottom:.0001pt"><b><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Attending:</span></b><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Debbie
Bucci</span><o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Sarah
Squire</span><o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Danny
van Leeuwen</span><o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Andy
Oram</span><o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Robert
Horn</span><o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Mark
Russell</span><o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">William
Kinsley</span><o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Eve
Maler</span><o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Adrian
Gropper</span><o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Glen
Marshall</span><o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Andrew
Hughes</span><o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Corey
Spears</span><o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Tom
Sullivan</span><o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Abbie
Barbir</span><o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Thomas
Hardjono</span><o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Justin
Richer</span><o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Edmund
Jay</span><o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Catherine
Schulten</span><o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Chad
Evans</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><b><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Next
steps:</span></b><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">We
will continue to address
this use case next week.</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><b><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Notes:</span></b><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">We
worked on closing out
issues on the enrollment
use case document:</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><a
moz-do-not-send="true"
href="https://docs.google.com/document/d/1IvbdWerdvMuA1dQ-KQvVKqIBrAas7FoenNVUtgpqYrw/edit"
target="_blank"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif""><a class="moz-txt-link-freetext" href="https://docs.google.com/document/d/1IvbdWerdvMuA1dQ-KQvVKqIBrAas7FoenNVUtgpqYrw/edit">https://docs.google.com/document/d/1IvbdWerdvMuA1dQ-KQvVKqIBrAas7FoenNVUtgpqYrw/edit</a></span></a><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Are
registration and
enrollment
interchangeable?</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Registration
is being used for Alice to
enroll with both her
doctor’s practice and the
practice’s patient portal.
We could use registration
to mean practice
registration and
enrollment to mean EHR
enrollment. When we use
the term “known to the
practice” it means that
the practice has seen or
heard from the patient and
the practice has checked
for insurance eligibility.
A patient can be enrolled
into an EHR by a staff
member or they can enroll
themselves. We decided to
use the term “register” in
the title rather than
enroll since we are
referring to the practice.</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">The
PHR and EHR already have
an established
relationship in this use
case so that we do not
have to address dynamic
registration or service
discovery. We have made
the decision not to
address this problem so
that we can focus on other
technical questions.</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Acknowledgement
of receipt of privacy
practices is peripheral.</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">We
have removed the waiting
room step since it has
been captured in previous
steps.</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">We
confirmed that the doctor
does record the results of
the physical examination
directly into the EHR
without any sort of later
transcription.</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">We
should not use the word
“results” with regard to a
physical exam. We should
use the phrase “clinical
findings.”</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">The
lab results are peripheral
but have been included so
that we can come back to
them later.</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">The
lab results should also
include patient
instructions such as
fasting - this is also
peripheral.</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p
style="margin:0in;margin-bottom:.0001pt"><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">The
problem statement is to
autoupdate through the PHR
and message through the
PHR.</span><o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="color:#888888"> </span><o:p></o:p></p>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="color:#888888">Sarah Squire</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="color:#888888">Engage Identity</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="color:#888888"><a moz-do-not-send="true"
href="http://engageidentity.com/"
target="_blank"><span
style="color:#1155CC">http://engageidentity.com</span></a></span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><br>
_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a moz-do-not-send="true"
href="mailto:Openid-specs-heart@lists.openid.net"
target="_blank">Openid-specs-heart@lists.openid.net</a><br>
<a moz-do-not-send="true"
href="http://lists.openid.net/mailman/listinfo/openid-specs-heart"
target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><o:p></o:p></p>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><br>
<br clear="all">
<br>
-- <o:p></o:p></p>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Adrian
Gropper MD<br>
<br>
<span
style="font-family:"Arial","sans-serif";color:#1F497D">RESTORE
Health Privacy!<br>
HELP us fight for
the right to control
personal health
data.<br>
DONATE: <a
moz-do-not-send="true"
href="http://patientprivacyrights.org/donate-2/" target="_blank"><span
style="color:#0563C1"><a class="moz-txt-link-freetext" href="http://patientprivacyrights.org/donate-2/">http://patientprivacyrights.org/donate-2/</a></span></a></span>
<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><br>
<br clear="all">
<br>
-- <o:p></o:p></p>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Adrian Gropper MD<br>
<br>
<span
style="font-family:"Arial","sans-serif";color:#1F497D">RESTORE
Health Privacy!<br>
HELP us fight for the right to control
personal health data.<br>
DONATE: <a moz-do-not-send="true"
href="http://patientprivacyrights.org/donate-2/"
target="_blank"><span
style="color:#0563C1">http://patientprivacyrights.org/donate-2/</span></a></span>
<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Openid-specs-heart mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-heart">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a>
</pre>
</blockquote>
<br>
</body>
</html>