<div dir="ltr"><div><div><div>The BLT (Business / Legal / Technical) discussion that is implied in this thread depends on your perspective. EHRs and PHRs are an invention of institutions that see patients as a source of revenue and their information technology as a Materials Resource Planning (MRP) function designed to efficiently and profitably schedule what the patients, clinicians, and staff do. That the EHR systems help with billing and regulatory issues is a bonus. The interoperability aspect of the EHR is all about MRP as well. The PHR (tethered or not) is, from the institutional perspective, just another kind of interoperability and needs to be managed for efficiency and profit.<br><br></div>From the patient perspective, the EHR / PHR model is, IMHO, a disaster. It introduces barriers to second opinions and access to innovative services, makes outcomes measures procedural and institutional instead of personal, supports secret contracts between provider institutions and payers, and makes us doubt whether our doctor is working for us or for "them".<br><br></div>HEART does not need to take sides in the institutional vs. patient-centered information technology struggle. We can hope that HEART supports the patient-centered model as much as it does the institution-centered model. This is not a philosophical distinction. Our standards and profiling decisions will determine whether an institution can block access to your personal data by other people, systems, or apps that the institution decides are "insecure" or "unsafe".<br><br></div><div>What is "insecure" or "unsafe" is debatable. What is data about me and only me is clear, as is my right to a convenient and effective connected FHIR copy of my own data. The way for HEART profiles to serve both the patient and institutional perspectives is to:<br><ul><li>allow for the institutions to put up "black box" warnings if they disagree with our choice of people, systems, or apps, and</li><li>allow the patient or their agent to connect anyway after they have seen the "black box" warning.</li></ul>The HEART profiles will support this by providing for: <br><ul><li>unrestricted patient-specified Authorization Servers, <br></li><li>Dynamic Registration of connected systems, and</li><li>ways for the FHIR interface to bypass information delays (allowed by HIPAA)
when the patient has delegated access to a licensed clinician or a physician says the delays are not appropriate, and<br></li><li>strong "safe harbor" protections for the institutions when they release the FHIR interface under this "patient's right of access".</li></ul><p>This is the minimum for enabling HEART to support both patient and institutional perspectives and it's the essential enabler for the next generation of practice and payment reform. <br></p><p>Adrian<br></p></div><div><div><div><div><br> <br></div></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Nov 17, 2015 at 10:20 PM, Glen Marshall [SRS] <span dir="ltr"><<a href="mailto:gfm@securityrs.com" target="_blank">gfm@securityrs.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Aaron,<br>
<br>
Thanks for the clarification. I thought it was systems that were
tied to one another, not the patient being tethered. <br>
<br>
At latest count I have 7 "tethered" patient portal accounts, none of
which communicate with each other nor with my PHR account. Quest is
a happy exception.<span class=""><br>
<br>
Glen<br>
<br>
<br>
<div>
<p><b>Glen F. Marshall</b><br>
Consultant<br>
Security Risk Solutions, Inc.<br>
698 Fishermans Bend<br>
Mount Pleasant, SC 29464<br>
Tel: <a href="tel:%28610%29%20644-2452" value="+16106442452" target="_blank">(610) 644-2452</a><br>
Mobile: <a href="tel:%28610%29%20613-3084" value="+16106133084" target="_blank">(610) 613-3084</a><br>
<a href="mailto:gfm@securityrs.com" target="_blank">gfm@securityrs.com</a><br>
<a href="http://www.SecurityRiskSolutions.com" target="_blank">www.SecurityRiskSolutions.com</a></p>
</div>
</span><div><div class="h5"><div>On 11/17/15 21:15, Aaron Seib wrote:<br>
</div>
<blockquote type="cite">
<div>
<p class="MsoNormal"><a name="151189ba2a336a9f__MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Hi
Glen – I like your definition but in the domain of
Consumer Facing Applications that includes both tethered
and untethered PHRs and other apps controlled by the
consumer we use the term tethered in a much more narrow
way.<u></u><u></u></span></a></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">A
tethered PHR is what is typically encountered as a Patient
Portal of an EMR. The only data that is viewable via such a
portal is what is created within the EMR and made viewable
to the consumers’ accounts. MicroSoft HealthVault on the
other hand is not “tethered” to a single source of data but
is untethered and may receive data from multiple data
providers including for example data from the different EMRs
used by your Doctors, the several labs and yes – even the
Patient Generated Health Data entered by you.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Like
most things in the sphere of language the usage changes the
meaning but I have found constraining the use of tethered to
mean a portal that is a view into a single enterprises view
very useful from a policy discussion perspective. <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Essentially
if you offer your patients a portal that is a Tethered PHR
and the operator of that Tethered PHR signs a BAA with you
then the system should be treated as you would any HIPAA
covered system. <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">An
untethered Portal, where the consumer has control over what
data is added (via different modes of exchange) is not a
HIPAA covered system but falls under the regulatory
requirements of the FTC.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">The
distinction is often important. <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">As
time goes by we are seeing these lines blur but at least for
now they are useful in my little slice of the world. In
your example below I would say that Quest is sharing your
Lab results by one of the modes of exchange supported by
MSHV – guessing Direct?<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Aaron
Seib<u></u><u></u></span></p>
<p class="MsoNormal"><a href="http://www.nate-trust.org/" target="_blank"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">NATE</span></a><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">,
CEO<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">@CaptBlueButton</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">(o)
<a href="tel:301-540-2311" value="+13015402311" target="_blank">301-540-2311</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">(m)
<a href="tel:301-326-6843" value="+13013266843" target="_blank">301-326-6843</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">
Openid-specs-heart
[<a href="mailto:openid-specs-heart-bounces@lists.openid.net" target="_blank">mailto:openid-specs-heart-bounces@lists.openid.net</a>] <b>On
Behalf Of </b>Glen Marshall [SRS]<br>
<b>Sent:</b> Tuesday, November 17, 2015 7:38 PM<br>
<b>To:</b> <a href="mailto:openid-specs-heart@lists.openid.net" target="_blank">openid-specs-heart@lists.openid.net</a><br>
<b>Subject:</b> Re: [Openid-specs-heart] EHR, PHR, FHIR
resources.<u></u><u></u></span></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Dale,<br>
<br>
A personal example may suffice...<br>
<br>
I have a Microsoft Health Vault account. It is my PHR. It
includes data that I have entered and maintain, e.g., current
demographics, medications, allergies, health events, visits,
etc. It also automatically obtains lab results from Quest
Diagnostics, which is "tethered" to it. I am hoping that my
personal physician's EHR will soon be able to be tethered so I
don't have to keep manual track of it. In lieu of automatic
tethering, though, I can import data from patient portals to
my regular family doctor, my urologist, radiological images,
blood glucose meter, etc.<br>
<br>
Glen<u></u><u></u></p>
<div>
<p><b>Glen F. Marshall</b><br>
Consultant<br>
Security Risk Solutions, Inc.<br>
698 Fishermans Bend<br>
Mount Pleasant, SC 29464<br>
Tel: <a href="tel:%28610%29%20644-2452" value="+16106442452" target="_blank">(610) 644-2452</a><br>
Mobile: <a href="tel:%28610%29%20613-3084" value="+16106133084" target="_blank">(610) 613-3084</a><br>
<a href="mailto:gfm@securityrs.com" target="_blank">gfm@securityrs.com</a><br>
<a href="http://www.SecurityRiskSolutions.com" target="_blank">www.SecurityRiskSolutions.com</a><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">On 11/17/15 17:52, Dale Moberg wrote:<u></u><u></u></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">Hi<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">I am still refining my grip on assorted
terminology that reveals aspects of the “business model”
contexts for discussing our use cases.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">I just read the wikipedia entries for
PHR and EhR (I know, but you have to start somewhere), at<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><a href="https://en.wikipedia.org/wiki/Personal_health_record" target="_blank">https://en.wikipedia.org/wiki/Personal_health_record</a>
and<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><a href="https://en.wikipedia.org/wiki/Electronic_health_record" target="_blank">https://en.wikipedia.org/wiki/Electronic_health_record</a><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Nominally viewed, there appears to be
substantial intersections of the resource types (in a
loose FHIR usage) found in these EhR and PHR records.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">At <a href="https://en.wikipedia.org/wiki/Personal_health_record#EHRs.2C_PHRs.2C_patient_portals_and_UHRs" target="_blank">https://en.wikipedia.org/wiki/Personal_health_record#EHRs.2C_PHRs.2C_patient_portals_and_UHRs</a> it
is maintained that the “ownership” of the records is the
primary semantic contrast between the terms. Interesting.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">I am particularly even more motivated
in getting some information about the following statement:<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">"There are two methods by which data
can arrive in a PHR.<sup><a href="https://en.wikipedia.org/wiki/Personal_health_record#cite_note-Tang-1" target="_blank">[1]</a></sup>
A patient may enter it directly, either by typing into
fields or uploading/transmitting data from a file or
another website. The second is when the PHR is tethered to
an electronic health record, which automatically updates
the PHR.” <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Does anyone know the “BLT” pertaining
to the “tethering” process? Is this tethering something
that is currently actually in operation, or is it mainly
imagined as emerging once FHIR dstu-X is completed? (And
maybe UMA and HEART completed also?) <u></u><u></u></p>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal"> (Adrian offered to help some of us
with the terminology, so I am taking him ( and anyone
else) up on the offer!)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Dale Moberg<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<p class="MsoNormal"><br>
<br>
<br>
<br>
<u></u><u></u></p>
<pre>_______________________________________________<u></u><u></u></pre>
<pre>Openid-specs-heart mailing list<u></u><u></u></pre>
<pre><a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.openid.net</a><u></u><u></u></pre>
<pre><a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><u></u><u></u></pre>
</blockquote>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</blockquote>
<br>
</div></div></div>
<br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><br><div dir="ltr">Adrian Gropper MD<span style="font-size:11pt"></span><br><br><span style="font-family:"Arial",sans-serif;color:#1f497d">PROTECT YOUR FUTURE - RESTORE Health Privacy!</span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>HELP us fight for the right to control personal health data.</span><span style="font-family:"Arial",sans-serif;color:#1f497d"></span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>DONATE:
<a href="http://patientprivacyrights.org/donate-2/" target="_blank"><span style="color:#0563c1">http://patientprivacyrights.org/donate-2/</span></a></span><span style="color:#1f497d"></span>
</div></div></div></div></div></div></div></div>
</div>