<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
I would prefer we not tie HEART to a US regulatory guidance
document. Such things change based on the political winds and on
whoever is interpreting the documents. In addition, OCR's view
represents a minimum, with stronger state regulations -- and there
are many of those -- taking precedence. And patients may opt for
lesser privacy restrictions. Additionally, it is not clear to me
that HEART is US-domain only, at least in the longer term. Other
nations may want to use the profiles. A much more stable basis is
needed.<br>
<br>
What is needed, IMHO, is a clear way to populate the profiles with
policies and patient preferences and to keep them up-to-date as
things change. We need to profile that dynamic environment. <br>
<div class="moz-signature">
<p><b>Glen F. Marshall</b><br>
Consultant<br>
Security Risk Solutions, Inc.<br>
698 Fishermans Bend<br>
Mount Pleasant, SC 29464<br>
Tel: (610) 644-2452<br>
Mobile: (610) 613-3084<br>
<a class="moz-txt-link-abbreviated" href="mailto:gfm@securityrs.com">gfm@securityrs.com</a><br>
<a class="moz-txt-link-abbreviated" href="http://www.SecurityRiskSolutions.com">www.SecurityRiskSolutions.com</a></p>
</div>
<div class="moz-cite-prefix">On 1/8/16 22:49, Adrian Gropper wrote:<br>
</div>
<blockquote
cite="mid:CANYRo8gthcLJF-eN=HhCR30kE2yrkj5XWLpvOM32XKA_R0qvyg@mail.gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<div dir="ltr">
<div>
<div>
<div>
<p
style="line-height:1.656;margin-top:0pt;margin-bottom:0pt"
id="docs-internal-guid-3313518b-2469-50db-ee1f-c83c43e1e37f"><span
style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><i>(Apologies
for cross-posting in the hope that the groups will
communicate via comments in the shared <a
moz-do-not-send="true"
href="http://bit.ly/HEARTfromHIPAA">document</a>. If
you want edit access, please contact me directly)</i><br>
</p>
<p dir="ltr"
style="line-height:1.656;margin-top:0pt;margin-bottom:0pt"><br>
</p>
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"
id="docs-internal-guid-3313518b-247f-ddaf-6799-832296209586"><span
style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">Can
we expedite a consensus on the HEART profiles directly
from HIPAA rather than just use-cases? The recent
release of detailed and up-to-date guidance from the
Office for Civil Rights. </span><a
moz-do-not-send="true"
href="http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html"
style="text-decoration:none"><span
style="font-size:14.6667px;font-family:Arial;color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline"><a class="moz-txt-link-freetext" href="http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html">http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html</a></span></a></p>
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span
style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">makes
this relatively easy. Although it doesn’t answer every
question, this approach, like HIPAA itself,
establishes a baseline of functionality for HEART and
can clarify the remaining technical and policy issues.
In addition, deriving the baseline of functionality
from HIPAA also helps to inform the HL7-FHIR standards
and their relationship to HEART.</span></p>
<br>
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span
style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">To
begin this process, I’ve copied out a few relevant
sections of the OCR guidance </span><a
moz-do-not-send="true"
href="http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html"
style="text-decoration:none"><span
style="font-size:14.6667px;font-family:Arial;color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline">document</span></a><span
style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">
below and have added initial comments that relate to
HEART. If we can reach consensus on interpretation of
these comments in HEART, then consensus on the scope
and content of the HEART profiles should be relatively
easy. Furthermore, this approach makes it much easier
to inform FHIR, Argonaut, and SMART to the extent that
optionality will be constrained by linking FHIR to the
HIPAA privacy rule.</span></p>
<br>
<span
style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">The
initial comments in the Google doc are classified (1-9)
according to what particular aspect of patient-directed
interface is being addressed. I hope we can use the
following weeks to resolve any objections to the
interpretations of HIPAA in terms of FHIR and HEART. If
we succeed, I believe the baseline HEART profiles will
then become a straightforward technical exercise. Beyond
this baseline, we can then revisit the use-cases to see
what additional features or issues need to be addressed.</span><br>
</div>
<font size="2"><br>
</font></div>
<font size="2">Happy New Year and thank you OCR!</font></div>
<div><font size="2"><br>
</font></div>
<font size="2">Adrian<br>
</font>
<div>
<div><font size="2"><br>
<br clear="all">
</font>
<div><br>
-- <br>
<div class="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div><br>
<div dir="ltr">Adrian Gropper MD<span
style="font-size:11pt"></span><br>
<br>
<span
style="font-family:"Arial",sans-serif;color:rgb(31,73,125)">PROTECT
YOUR FUTURE - RESTORE Health Privacy!</span><span
style="font-family:"Arial",sans-serif;color:rgb(31,73,125)"><br>
HELP us fight for the right to control
personal health data.</span><span
style="font-family:"Arial",sans-serif;color:rgb(31,73,125)"></span><span
style="font-family:"Arial",sans-serif;color:rgb(31,73,125)"><br>
DONATE:
<a moz-do-not-send="true"
href="http://patientprivacyrights.org/donate-2/"
target="_blank"><span
style="color:rgb(5,99,193)">http://patientprivacyrights.org/donate-2/</span></a></span><span
style="color:rgb(31,73,125)"></span>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Openid-specs-heart mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-heart">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a>
</pre>
</blockquote>
<br>
</body>
</html>