<div dir="ltr"><div><div><div><div><div><div>Aaron - please post all compliments to the public blog:-)<br><br></div>As for your question, I have no idea how the Virtual Clipboard is different from any other resource server. Is the thing that makes the Virtual Clipboard different that it allows the patient to add information to it? I can do that with MyHealtheVet today even if I'm not a veteran.<br><br></div>Your example says that the Virtual Clipboard can gather info about me from, for example, the health insurer. It also says that I give the Virtual Clipboard my user ID for my insurer. What protects the insurer from anyone that knows my user ID at the insurer asking for my information? It seems like you're using a GUID /Voluntary Identifier as a password into my insurer account. This would certainly not be a good idea because anyone that had my GUID and happened to know my userID (usually my email) would be able to impersonate me and my Virtual Clipboard. <br><br></div>In other words, the GUID Voluntary Identifier is not required in order for my Virtual Clipboard or MyHealtheVet to get the insurer info from a FHIR API. All that's needed is OAuth2. That's exactly what OAuth2 was designed to do.<br><br></div>I think you're missing the point of my THCB posting - surveillance. There's nothing about your question that implies surveillance and therefore there is nothing in your question that actually has anything to do with Unique Patient Identifiers. Everything you want can be done with UMA and with HEART.<br><br></div>It would be nice if you would post this question or the next one to THCB. There are going to be many people who would appreciate the discussion.<br><br></div>Adrian<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Sep 1, 2015 at 6:10 PM, Aaron Seib <span dir="ltr"><<a href="mailto:aaron.seib@nate-trust.org" target="_blank">aaron.seib@nate-trust.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div link="blue" vlink="purple" lang="EN-US"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Adrian,<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I think this is the best thing you have ever written. Bravo.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Thanks for sharing. Is it sufficient to give the consumer the option to decline having a voluntary universal identifier assigned and to always get their permission before sharing it with a relying party?<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Let’s say someone provides the Virtual Clipboard. For arguments sake let’s say it is a benefite of membership for being a member of some benevolent fraternity.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">You pay your membership dues and they send you a URL that takes you to a data capture screen where they collect some PII attributes – say the following:<u></u><u></u></span></p><p><u></u><span style="font-size:11.0pt;font-family:Symbol;color:#1f497d"><span>·<span style="font:7.0pt "Times New Roman""> </span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">First Name <u></u><u></u></span></p><p><u></u><span style="font-size:11.0pt;font-family:Symbol;color:#1f497d"><span>·<span style="font:7.0pt "Times New Roman""> </span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Middle Initial<u></u><u></u></span></p><p><u></u><span style="font-size:11.0pt;font-family:Symbol;color:#1f497d"><span>·<span style="font:7.0pt "Times New Roman""> </span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Last Name<u></u><u></u></span></p><p><u></u><span style="font-size:11.0pt;font-family:Symbol;color:#1f497d"><span>·<span style="font:7.0pt "Times New Roman""> </span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Suffix <u></u><u></u></span></p><p><u></u><span style="font-size:11.0pt;font-family:Symbol;color:#1f497d"><span>·<span style="font:7.0pt "Times New Roman""> </span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Date of Birth <u></u><u></u></span></p><p><u></u><span style="font-size:11.0pt;font-family:Symbol;color:#1f497d"><span>·<span style="font:7.0pt "Times New Roman""> </span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Gender<u></u><u></u></span></p><p><u></u><span style="font-size:11.0pt;font-family:Symbol;color:#1f497d"><span>·<span style="font:7.0pt "Times New Roman""> </span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">SSN – Last 4 digits<u></u><u></u></span></p><p><u></u><span style="font-size:11.0pt;font-family:Symbol;color:#1f497d"><span>·<span style="font:7.0pt "Times New Roman""> </span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Address 1 & Address 2<u></u><u></u></span></p><p><u></u><span style="font-size:11.0pt;font-family:Symbol;color:#1f497d"><span>·<span style="font:7.0pt "Times New Roman""> </span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">City, State, Zip <u></u><u></u></span></p><p><u></u><span style="font-size:11.0pt;font-family:Symbol;color:#1f497d"><span>·<span style="font:7.0pt "Times New Roman""> </span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Home & Mobile Phones<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">At the bottom of the screen there is a save and continue button. When you click the button a pop-up window appears and says – would you like us to add a voluntary unique health identifier to your Virtual Clipboard? If the consumer says no – the data is captured and the field for the Voluntary Identifier is left null. If they say an API is called to get a GUID and that is stored in the Voluntary identifier field. <u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">The user is then presented with an action that he can take. Would you like us to gather your health insurance information? The user decides, yeah – it would be a good thing to have this in my Virtual Clipboard and clicks yes. Before making an Eligibility Request (equivalent to an X12n 270) to the payer we ask the user for the name of their insurer and their membership id. We also ask the consumer if they would like us to share their Voluntary Identifier with their health insurer. If the consumer says yes we send it along with the call to the insurers FHIR API which returns the EligibilityResponse resource which includes all the details about your health insurance plan that gets stored in your virtual clipboard.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">A few weeks go by and the consumer need to schedule an appointment with a doctor. Via FHIR the user is able to share the Patient Resource and the Eligibility resource with the docs EMR system. Before we include the voluntary identifier we ask the consumer if they would like to have their voluntary id shared with this EMR. If they say yes it is passed along to the EMR which incorporates it into their patient record along with the insurance card information needed to check if the patient has active coverage.- <u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Is that essentially what you are recommending in the blog post?<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Aaron Seib, CEO<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">@CaptBlueButton <u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> (o) <a href="tel:301-540-2311" value="+13015402311" target="_blank">301-540-2311</a><u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">(m) <a href="tel:301-326-6843" value="+13013266843" target="_blank">301-326-6843</a><u></u><u></u></span></p><p class="MsoNormal"><a href="http://nate-trust.org" target="_blank"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d;text-decoration:none"><img src="cid:image002.jpg@01D0E4E1.6F96E940" border="0" width="205" height="48"></span></a><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Openid-specs-heart [mailto:<a href="mailto:openid-specs-heart-bounces@lists.openid.net" target="_blank">openid-specs-heart-bounces@lists.openid.net</a>] <b>On Behalf Of </b>Adrian Gropper<br><b>Sent:</b> Tuesday, September 01, 2015 5:00 PM<br><b>To:</b> <a href="mailto:openid-specs-heart@lists.openid.net" target="_blank">openid-specs-heart@lists.openid.net</a><br><b>Subject:</b> [Openid-specs-heart] Universal Patient Identifiers for the 21st Century<u></u><u></u></span></p><div><div class="h5"><p class="MsoNormal"><u></u> <u></u></p><div><div><p class="MsoNormal" style="margin-bottom:12.0pt">I think this blog posting is relevant to some of our conversations. <a href="http://thehealthcareblog.com/blog/2015/09/01/universal-patient-identifiers-for-the-21st-century/" target="_blank">http://thehealthcareblog.com/blog/2015/09/01/universal-patient-identifiers-for-the-21st-century/</a><u></u><u></u></p></div><p class="MsoNormal">Adrian<br clear="all"><u></u><u></u></p><div><div><div><p class="MsoNormal"><br>-- <u></u><u></u></p><div><div><div><div><div><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal">Adrian Gropper MD<br><br><span style="font-family:"Arial","sans-serif";color:#1f497d">RESTORE Health Privacy!<br>HELP us fight for the right to control personal health data.<br>DONATE: <a href="http://patientprivacyrights.org/donate-2/" target="_blank"><span style="color:#0563c1">http://patientprivacyrights.org/donate-2/</span></a></span> <u></u><u></u></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><br><div dir="ltr">Adrian Gropper MD<span style="font-size:11pt"></span><br><br><span style="font-family:"Arial",sans-serif;color:#1f497d">RESTORE Health Privacy!</span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>HELP us fight for the right to control personal health data.</span><span style="font-family:"Arial",sans-serif;color:#1f497d"></span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>DONATE:
<a href="http://patientprivacyrights.org/donate-2/" target="_blank"><span style="color:#0563c1">http://patientprivacyrights.org/donate-2/</span></a></span><span style="color:#1f497d"></span>
</div></div></div></div></div></div>
</div>