<div dir="ltr"><div><div><div><p style="line-height:1.656;margin-top:0pt;margin-bottom:0pt" id="docs-internal-guid-3313518b-2469-50db-ee1f-c83c43e1e37f"><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><i>(Apologies for cross-posting in the hope that the groups will communicate via comments in the shared <a href="http://bit.ly/HEARTfromHIPAA">document</a>. If you want edit access, please contact me directly)</i><br></p><p dir="ltr" style="line-height:1.656;margin-top:0pt;margin-bottom:0pt"><br></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" id="docs-internal-guid-3313518b-247f-ddaf-6799-832296209586"><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">Can we expedite a consensus on the HEART profiles directly from HIPAA rather than just use-cases? The recent release of detailed and up-to-date guidance from the Office for Civil Rights. </span><a href="http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html" style="text-decoration:none"><span style="font-size:14.6667px;font-family:Arial;color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline">http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html</span></a></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">makes this relatively easy. Although it doesn’t answer every question, this approach, like HIPAA itself, establishes a baseline of functionality for HEART and can clarify the remaining technical and policy issues. In addition, deriving the baseline of functionality from HIPAA also helps to inform the HL7-FHIR standards and their relationship to HEART.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">To begin this process, I’ve copied out a few relevant sections of the OCR guidance </span><a href="http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html" style="text-decoration:none"><span style="font-size:14.6667px;font-family:Arial;color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline">document</span></a><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"> below and have added initial comments that relate to HEART. If we can reach consensus on interpretation of these comments in HEART, then consensus on the scope and content of the HEART profiles should be relatively easy. Furthermore, this approach makes it much easier to inform FHIR, Argonaut, and SMART to the extent that optionality will be constrained by linking FHIR to the HIPAA privacy rule.</span></p><br><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">The initial comments in the Google doc are classified (1-9) according to what particular aspect of patient-directed interface is being addressed. I hope we can use the following weeks to resolve any objections to the interpretations of HIPAA in terms of FHIR and HEART. If we succeed, I believe the baseline HEART profiles will then become a straightforward technical exercise. Beyond this baseline, we can then revisit the use-cases to see what additional features or issues need to be addressed.</span><br></div><font size="2"><br></font></div><font size="2"></font><font size="2">Happy New Year and thank you OCR!</font></div><div><font size="2"><br></font></div><font size="2">Adrian<br></font><div><div><font size="2"><br><br clear="all"></font><div><br>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><br><div dir="ltr">Adrian Gropper MD<span style="font-size:11pt"></span><br><br><span style="font-family:"Arial",sans-serif;color:rgb(31,73,125)">PROTECT YOUR FUTURE - RESTORE Health Privacy!</span><span style="font-family:"Arial",sans-serif;color:rgb(31,73,125)"><br>HELP us fight for the right to control personal health data.</span><span style="font-family:"Arial",sans-serif;color:rgb(31,73,125)"></span><span style="font-family:"Arial",sans-serif;color:rgb(31,73,125)"><br>DONATE:
<a href="http://patientprivacyrights.org/donate-2/" target="_blank"><span style="color:rgb(5,99,193)">http://patientprivacyrights.org/donate-2/</span></a></span><span style="color:rgb(31,73,125)"></span>
</div></div></div></div></div></div></div></div>
</div></div></div></div>