<div dir="ltr"><div><div><div><div><div>The Argonaut use-cases are based on OAuth, not UMA and they are centered on the institutions. HEART is chartered to enable a patient-centered interoperability model which, for all practical purposes, requires UMA. <br><br>If I understand the charter as above, I find it very confusing to start from an OAuth perspective. It's much easier to start from an Authorization Server perspective. For example, in the UMA Legal Subgroup discussion, it has been suggested that all use-cases are in one of the following three legal categories:<br><br></div>- The AS legal entity <b>can see the patient's data</b> (this is the typical case when the RS operates the AS)<br></div>- The AS legal entity <b>cannot see the patient's data</b> (this is being championed by Apple HealthKit and ResearchKit, minus the standards, of course.)<br></div>- The AS legal entity <b>is one and the same as the patient</b>, a "built or owned" AS (this is like Bitcoin, where the subject is always allowed to build or own the wallet even if, in some cases, an exchange is allowed to act as authorization agent.)<br><br></div>The AS perspective will help us to understand what aspects of the AS-RS communications, if any, need to be standardized by HL7 or other specific verticals. To the extent we can avoid health-specific MUSTs in the AS-RS transactions, authorization servers will serve all aspects of healthcare including HIPPA, 42 CFR Part 2, payment, wearables, patient-generated data, and research.<br><br></div>Adrian<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Oct 6, 2015 at 11:37 AM, Josh Mandel <span dir="ltr"><<a href="mailto:Joshua.Mandel@childrens.harvard.edu" target="_blank">Joshua.Mandel@childrens.harvard.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">For background, Argonaut did not invent the approach. Argonaut has reviewed and adopted an approach that SMART produced from 2013-2015, with a focus on clinician- and patient-facing third-party apps. The key use cases are for apps that plug into the EHR/portal, as well as apps that can launch independently of the EHR/portal but which have access to the data in those systems.<div><br></div><div>Details are at: <a href="http://docs.smarthealthit.org/authorization/" target="_blank">http://docs.smarthealthit.org/authorization/</a></div><div><br></div><div>Justin and I have a pretty solid understanding of where SMART's specs differ from HEART's today, and are very interested in alignment where practical. There are areas where we'll pretty clearly converge (e.g. supporting JWT-based client authentication), and other areas where project scope differs (e.g. to what extend we need to standardize the way an authorization server communicates with a resource server).</div><div><br></div><div>Best,</div><div><br></div><div> Josh</div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On Tue, Oct 6, 2015 at 11:26 AM, Kinsley, William <span dir="ltr"><<a href="mailto:BKinsley@nextgen.com" target="_blank">BKinsley@nextgen.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
<div link="blue" vlink="purple" lang="EN-US">
<div>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a">I am more concerned with what I interpret as Argonaut’s hard coding specific security roles and that they
are not representative of the OAuth and UMA approach. This is serving as a wake call to us (the HEART WG) that without any guidance from us, they are going to create a de facto security/privacy standard that will be difficult to unwind once it is adopted by
other projects in the industry.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a"> Bill</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <a href="mailto:agropper@gmail.com" target="_blank">agropper@gmail.com</a> [mailto:<a href="mailto:agropper@gmail.com" target="_blank">agropper@gmail.com</a>]
<b>On Behalf Of </b>Adrian Gropper<br>
<b>Sent:</b> Tuesday, October 06, 2015 11:19 AM<br>
<b>To:</b> Kinsley, William <<a href="mailto:BKinsley@nextgen.com" target="_blank">BKinsley@nextgen.com</a>><br>
<b>Cc:</b> Justin Richer <<a href="mailto:jricher@mit.edu" target="_blank">jricher@mit.edu</a>>; <a href="mailto:openid-specs-heart@lists.openid.net" target="_blank">openid-specs-heart@lists.openid.net</a></span></p><div><div><br>
<b>Subject:</b> Re: [Openid-specs-heart] Health Relationship Trust Profile for Fast Healthcare Interoperability Resources (FHIR) OAuth 2.0 Scopes<u></u><u></u></div></div><p></p><div><div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">To begin the discussion, I would suggest three terms with healthcare / generic names:<u></u><u></u></p>
<ul type="disc">
<li class="MsoNormal">
Patient / Subject<u></u><u></u></li></ul>
<ul type="disc">
<ul type="circle">
<li class="MsoNormal">
The Subject of the resource when the resource refers to only one person. The Subject is also the Principal when they register their resource with the Authorization Server.<u></u><u></u></li></ul>
</ul>
<ul type="disc">
<li class="MsoNormal">
Custodian / Principal<u></u><u></u></li></ul>
<ul type="disc">
<ul type="circle">
<li class="MsoNormal">
The person that registers a resource with an Authorization Server. This is typically the Resource Owner (RO).
<u></u><u></u></li><li class="MsoNormal">
When a Custodian is in control of multiple Subjects, they are able to identify (name) the separate Subjects any way they choose.
<u></u><u></u></li><li class="MsoNormal">
A Custodian can access resources for multiple Subjects in a single transaction including, for example, a Patient List.<u></u><u></u></li></ul>
</ul>
<ul type="disc">
<li class="MsoNormal">
User<u></u><u></u></li></ul>
<ul type="disc">
<ul type="circle">
<li class="MsoNormal">
Anyone or anything that is not a Subject or a Custodian.<u></u><u></u></li><li class="MsoNormal">
A User can access resources for multiple Subjects in a single transaction including, for example, a Patient List.<u></u><u></u></li></ul>
</ul>
<p>I hope we can map this to FHIR:<u></u><u></u></p>
<ul type="disc">
<li class="MsoNormal">
Pseudonymous Subject Resource<u></u><u></u></li></ul>
<ul type="disc">
<ul type="circle">
<li class="MsoNormal">
A resource for a single Subject identified by an opaque pseudonym as registered with the Authorization Server.<u></u><u></u></li><li class="MsoNormal">
The resource may contain Subject identity information or not.<u></u><u></u></li><li class="MsoNormal">
When the resource does not contain Subject identity information, the Authorization Server is responsible for associating the pseudonyms with an identity.<u></u><u></u></li></ul>
</ul>
<ul type="disc">
<li class="MsoNormal">
Multi-Subject Resource<u></u><u></u></li></ul>
<ul type="disc">
<ul type="circle">
<li class="MsoNormal">
A resource for multiple Subjects registered with the Authorization Server by a Custodian or a User.<u></u><u></u></li></ul>
</ul>
<ul type="disc">
<li class="MsoNormal">
Identified Subject Resource<u></u><u></u></li></ul>
<ul type="disc">
<ul type="circle">
<li class="MsoNormal">
A resource for a single Subject that includes Subject identifying information in the resource URI as registered with the Authorization Server.
<u></u><u></u></li><li class="MsoNormal">
An identified subject resource must be protected as personally identified information (PII).<u></u><u></u></li></ul>
</ul>
<p class="MsoNormal">Adrian<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On Tue, Oct 6, 2015 at 10:05 AM, Kinsley, William <<a href="mailto:BKinsley@nextgen.com" target="_blank">BKinsley@nextgen.com</a>> wrote:<u></u><u></u></p>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a">This is very informative detail of what the Argonaut project is doing and I don’t want to deter the information
sharing process. I also think this is a reminder that these groups are proceeding without our guidance and that we need to discuss what is our timeline to produce some type of guidance to help them implement a process that is aligned with the finial product
the HEART workgroup delivers. </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a">Bill </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546a"> </span><u></u><u></u></p>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Justin Richer [mailto:<a href="mailto:jricher@mit.edu" target="_blank">jricher@mit.edu</a>]
<br>
<b>Sent:</b> Tuesday, October 06, 2015 8:12 AM<br>
<b>To:</b> Kinsley, William <<a href="mailto:BKinsley@nextgen.com" target="_blank">BKinsley@nextgen.com</a>><br>
<b>Cc:</b> <a href="mailto:openid-specs-heart@lists.openid.net" target="_blank">openid-specs-heart@lists.openid.net</a><br>
<b>Subject:</b> Re: [Openid-specs-heart] Health Relationship Trust Profile for Fast Healthcare Interoperability Resources (FHIR) OAuth 2.0 Scopes</span><u></u><u></u></p>
</div>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">To clarify the objective, we were presenting the first draft of one of the outputs of this working group.<u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">The HEART working group exists specifically to create these technical specifications. All of the discussions on use cases are intended to drive work on these specifications. <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Also, the group should note that the terms “patient” and “user” were imported directly from the Argonauts projects. <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> — Justin<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">On Oct 5, 2015, at 11:31 PM, Kinsley, William <<a href="mailto:BKinsley@nextgen.com" target="_blank">BKinsley@nextgen.com</a>> wrote:<u></u><u></u></p>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif">This document was presented quickly during the last few minutes of our call and I am not sure what the objective was.
However, it did raise some questions that could not be addressed at the time, specifically paragraph 2.1 “Permission type” raised some questions which I broke out below:
</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif">1.</span><span style="font-size:7.0pt">
</span><span style="font-size:14.0pt;font-family:"Cambria",serif">The term “Patient” and “User” seem misleading and the purpose is not clear.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif">a.</span><span style="font-size:7.0pt">
</span><span style="font-size:14.0pt;font-family:"Cambria",serif">A patient can have access to multiple patient records. For example, a parent who has five children at the same pediatrician would be a patient that can access multiple patient records.
</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif">b.</span><span style="font-size:7.0pt">
</span><span style="font-size:14.0pt;font-family:"Cambria",serif">It also sounds like we are hardcoding two specific security roles, which would seem to contradict what we are trying to support in HEART (i.e. RBAC vs ABAC).
</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif">c.</span><span style="font-size:7.0pt">
</span><span style="font-size:14.0pt;font-family:"Cambria",serif">There can be resource that are not related to specific patient or patients in general such as “Organization”, “HealthcareService”, “Practitioner”, etc.</span><u></u><u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif">Bill</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif"> </span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><u></u><u></u></p>
</div>
<table style="width:448.2pt" border="0" cellpadding="0" width="598">
<tbody>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt"></td>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"><img border="0" width="145" height="40"><u></u><u></u></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif"> </span><u></u><u></u></p>
<table style="width:448.2pt" border="0" cellpadding="0" width="598">
<tbody>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"><u> ________________________________ </u>
<u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif"> </span><u></u><u></u></p>
<table style="width:448.2pt" border="0" cellpadding="0" width="598">
<tbody>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Calibri",sans-serif">William Kinsley , CISSP<br>
Enterprise Architect, Ambulatory<br>
<b>NEXTGEN HEALTHCARE<br>
</b>Solutions for: Ambulatory, Inpatient and Community Connectivity<br>
795 Horsham Road, Horsham, PA 19044<br>
<a href="tel:%28215%29%20657-7010%20x21128" target="_blank">(215) 657-7010 x21128</a>
<br>
<a href="mailto:BKinsley@nextgen.com" target="_blank">BKinsley@nextgen.com</a></span><u></u><u></u></p>
</td>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__www.oneugm.com_&d=BQMGaQ&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=c7b1QeR755-dBx2b0xnlepDTylromoEzcLl-6ixmBL3TpXSxSvtAvT553fzSgLpm&m=-TFpEmb8jp7rDIYs7vz5YCL0oiTcqI3GGU3GvKCMiEg&s=2fNmu4AILzHp1X_2L7YFNgMqKmXVQrGo8hwZZubL5kY&e=" target="_blank"><span style="text-decoration:none"><img border="0"></span></a><u></u><u></u></p>
</td>
</tr>
</tbody>
</table>
<div>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif"> </span><u></u><u></u></p>
</div>
<table style="width:448.2pt" border="0" cellpadding="0" width="598">
<tbody>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#e46c0a">Be ready for MU and ICD-10 in 2015. Start your EHR version 5.8 and KBM version 8.3 upgrade today. Get
the resources you need at <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__www.nextgen.com_upgradecentral&d=BQMGaQ&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=c7b1QeR755-dBx2b0xnlepDTylromoEzcLl-6ixmBL3TpXSxSvtAvT553fzSgLpm&m=-TFpEmb8jp7rDIYs7vz5YCL0oiTcqI3GGU3GvKCMiEg&s=7aDRpk7MMsCMG5hxHJ_NDTs5fdYemgOdYcDPXa51HOM&e=" target="_blank">
<b><i><span style="color:#007cb9">www.nextgen.com/upgradecentral</span></i></b></a></span><u></u><u></u></p>
</td>
</tr>
</tbody>
</table>
<div>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif"> </span><u></u><u></u></p>
</div>
<table style="width:448.2pt" border="0" cellpadding="0" width="598">
<tbody>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"><span style="font-size:7.5pt;font-family:"Arial",sans-serif">This message, and any documents attached hereto, may contain confidential or proprietary information intended only for
the use of the addressee(s) named above or may contain information that is legally privileged. If you are not the intended addressee, or the person responsible for delivering it to the intended addressee, you are hereby notified that reading, disseminating,
distributing or copying this message is strictly prohibited. If you have received this message by mistake, please immediately notify us by replying to the message and delete the original message and any copies immediately thereafter. Thank you for your cooperation.</span><u></u><u></u></p>
</td>
</tr>
</tbody>
</table>
</div>
<p class="MsoNormal">_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.openid.net</a><br>
<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dheart&d=BQMGaQ&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=c7b1QeR755-dBx2b0xnlepDTylromoEzcLl-6ixmBL3TpXSxSvtAvT553fzSgLpm&m=-TFpEmb8jp7rDIYs7vz5YCL0oiTcqI3GGU3GvKCMiEg&s=J3lf7899oPLMp8gguWQAPZ7Hq-i-m78XbVNOephie5E&e=" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><u></u><u></u></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.openid.net</a><br>
<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dheart&d=BQMGaQ&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=c7b1QeR755-dBx2b0xnlepDTylromoEzcLl-6ixmBL3TpXSxSvtAvT553fzSgLpm&m=-TFpEmb8jp7rDIYs7vz5YCL0oiTcqI3GGU3GvKCMiEg&s=J3lf7899oPLMp8gguWQAPZ7Hq-i-m78XbVNOephie5E&e=" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><u></u><u></u></p>
</blockquote>
</div>
<p class="MsoNormal"><br>
<br clear="all">
<br>
-- <u></u><u></u></p>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">Adrian Gropper MD<br>
<br>
<span style="font-family:"Arial",sans-serif;color:#1f497d">PROTECT YOUR FUTURE - RESTORE Health Privacy!<br>
HELP us fight for the right to control personal health data.<br>
DONATE: <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__patientprivacyrights.org_donate-2D2_&d=BQMGaQ&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=c7b1QeR755-dBx2b0xnlepDTylromoEzcLl-6ixmBL3TpXSxSvtAvT553fzSgLpm&m=-TFpEmb8jp7rDIYs7vz5YCL0oiTcqI3GGU3GvKCMiEg&s=kZ6-78Zz25X6UB-iq3gG-Am55mlXfCkCO6-YeD4Q0OQ&e=" target="_blank"><span style="color:#0563c1">http://patientprivacyrights.org/donate-2/</span></a></span>
<u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div></div></div>
</div>
<br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.openid.net</a><br>
</div></div><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dheart&d=BQICAg&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=c7b1QeR755-dBx2b0xnlepDTylromoEzcLl-6ixmBL3TpXSxSvtAvT553fzSgLpm&m=-TFpEmb8jp7rDIYs7vz5YCL0oiTcqI3GGU3GvKCMiEg&s=J3lf7899oPLMp8gguWQAPZ7Hq-i-m78XbVNOephie5E&e=" rel="noreferrer" target="_blank">https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dheart&d=BQICAg&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=c7b1QeR755-dBx2b0xnlepDTylromoEzcLl-6ixmBL3TpXSxSvtAvT553fzSgLpm&m=-TFpEmb8jp7rDIYs7vz5YCL0oiTcqI3GGU3GvKCMiEg&s=J3lf7899oPLMp8gguWQAPZ7Hq-i-m78XbVNOephie5E&e=</a><br>
<br>
<br></blockquote></div><br></div>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><br><div dir="ltr">Adrian Gropper MD<span style="font-size:11pt"></span><br><br><span style="font-family:"Arial",sans-serif;color:#1f497d">PROTECT YOUR FUTURE - RESTORE Health Privacy!</span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>HELP us fight for the right to control personal health data.</span><span style="font-family:"Arial",sans-serif;color:#1f497d"></span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>DONATE:
<a href="http://patientprivacyrights.org/donate-2/" target="_blank"><span style="color:#0563c1">http://patientprivacyrights.org/donate-2/</span></a></span><span style="color:#1f497d"></span>
</div></div></div></div></div></div></div></div>
</div>