<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Aaron,<br>
<br>
In response to your comments on the use case narrative:<br>
<ul>
<li>All of the data including the genomic data? It will be made
available to whom?</li>
<ul>
<li>The use case is for clinical data collected and made
available to the clinical researchers for the study. The
nature of the data, e.g., genomics and other clinical results,
is peripheral. <br>
</li>
</ul>
<li>How will her genome be pseudonymized?</li>
<ul>
<li>The specific pseudonymization (and re-identification)
algorithms are likely to be specific to the clinical research
study, informed by the cited standards. <br>
</li>
</ul>
<li>If they can access her PHR why do they need to access the EMR
as well? Isn't the point of HEART that she have a complete
record of all of her data in the PHR. What is in the EHR that
is missing from the PHR? Why?</li>
<ul>
<li>I have assumed the current state of data sharing among EHRs
and PHRs. It is peripheral to the use case.</li>
</ul>
<li>This is a transitional use case that will hopefully go away
one day. It may be necessary for now if there is data in the
EHR that isn't transportable to the PHR but I would hope that
the day will come when we aren't treating the Clinical
Operations software as the only source that inputs to the
researchers data warehouse can be populated. I would argue that
PHR's will have more complete data then the two EMRs as the EMRs
will lack the PGHD that could more readily be gathered via the
PHR in comparison to forcing it to fit into the EMR of the
Oncologist.</li>
<ul>
<li>There are multiple EHRs in this use case and, while I'd like
all EHRs and PHRs to be interoperable, they are not
presently. This is peripheral to the use case.</li>
</ul>
<li>Am I missing something important. Why is the patient only
able to get a summary of the data?</li>
<ul>
<li>This references reports of disclosures from the EHRs to the
CDRN. A disclosure report for each transmission to the CDRN
is assumed, and that may reference multiple data sets in
summary. The actual content and frequency of reports is not
standardized, and is influenced by policy outside of the use
case. This is peripheral to the use case.</li>
</ul>
<li>[In reference to pharma's offer of a continuing access
agreement and profit-sharing.] Has this ever happened? Is
there anyone (from Pharma) proposing that they will do this?</li>
<ul>
<li>That is my hypothetical resolution to the issue of
subsequent re-use of Alice's data. That might have been a
more satisfying resolution to the Henrietta Lacks case. The
actual resolution is peripheral to the use case.</li>
</ul>
</ul>
Best,<br>
Glen<br>
<div class="moz-signature">
<p><b>Glen F. Marshall</b><br>
Consultant<br>
Security Risk Solutions, Inc.<br>
698 Fishermans Bend<br>
Mount Pleasant, SC 29464<br>
Tel: (610) 644-2452<br>
Mobile: (610) 613-3084<br>
<a class="moz-txt-link-abbreviated" href="mailto:gfm@securityrs.com">gfm@securityrs.com</a><br>
<a class="moz-txt-link-abbreviated" href="http://www.SecurityRiskSolutions.com">www.SecurityRiskSolutions.com</a></p>
</div>
<div class="moz-cite-prefix">On 1/23/16 18:39, Aaron Seib, NATE
wrote:<br>
</div>
<blockquote
cite="mid:015c01d15637$55a87b30$00f97190$@nate-trust.org"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";
color:black;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><a moz-do-not-send="true"
name="_MailEndCompose"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Glen
– I had a lot of questions that I captured as comments in
the attached.<o:p></o:p></span></a></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Aaron
Seib, CEO<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">@CaptBlueButton
<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> (o)
301-540-2311<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">(m)
301-326-6843<o:p></o:p></span></p>
<p class="MsoNormal"><a moz-do-not-send="true"
href="nate-trust.org"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;text-decoration:none"><img
id="Picture_x0020_1"
src="cid:part2.03040103.08080008@securityrs.com"
alt="cid:image001.jpg@01D10761.5BE2FE00" border="0"
height="48" width="205"></span></a><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">
Openid-specs-heart
[<a class="moz-txt-link-freetext" href="mailto:openid-specs-heart-bounces@lists.openid.net">mailto:openid-specs-heart-bounces@lists.openid.net</a>] <b>On
Behalf Of </b>Glen Marshall [SRS]<br>
<b>Sent:</b> Saturday, January 23, 2016 12:58 PM<br>
<b>To:</b> Sarah Squire<br>
<b>Cc:</b> HEART List<br>
<b>Subject:</b> Re: [Openid-specs-heart] HEART Clinical
Research UMA<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Gladly! See attached PDF.<o:p></o:p></p>
<div>
<p><b>Glen F. Marshall</b><br>
Consultant<br>
Security Risk Solutions, Inc.<br>
698 Fishermans Bend<br>
Mount Pleasant, SC 29464<br>
Tel: (610) 644-2452<br>
Mobile: (610) 613-3084<br>
<a moz-do-not-send="true" href="mailto:gfm@securityrs.com">gfm@securityrs.com</a><br>
<a moz-do-not-send="true"
href="http://www.SecurityRiskSolutions.com">www.SecurityRiskSolutions.com</a><o:p></o:p></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 1/23/16 12:53, Sarah Squire wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">Hi Glen, <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Your sharepoint link isn't working.
Could you send a pdf to the list please?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Thanks,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Sarah<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><br clear="all">
<o:p></o:p></p>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="color:#888888">Sarah
Squire<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#888888">Engage
Identity<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#888888"><a
moz-do-not-send="true"
href="http://engageidentity.com"><a class="moz-txt-link-freetext" href="http://engageidentity.com">http://engageidentity.com</a></a><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Fri, Jan 22, 2016 at 2:55 PM, Glen
F. Marshall <<a moz-do-not-send="true"
href="mailto:glen.f.marshall@gmail.com"
target="_blank">glen.f.marshall@gmail.com</a>>
wrote:<o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Team,<br>
<br>
Here is a <b><a moz-do-not-send="true"
href="https://srsmail-my.sharepoint.com/personal/gfm_securityrs_com/_layouts/15/guestaccess.aspx?guestaccesstoken=2QxXSnxuijrIbiElNuU%2bCJIV0G6FBK5uWbdt0FvvVFg%3d&docid=2_1c5c33062f8ee4dbe9dbf61ba9524ca39"
target="_blank">link</a></b> to a read-only shared
copy of the updated Clinical Research (UMA) use case.
It now contains fleshed-out business prerequisites,
sequence diagrams, and some minor corrections.<br>
<br>
Please respond with your suggestions, corrections,
etc. But please do not alter the document itself, as
the master Word copy and Visio graphics are all in my
personal cloud storage.<br>
<br>
Note I have not included the final sequence diagram --
review of disclosures and modification of UMA
permissions -- as I'd like to discuss the proper UMA
mechanisms and flow to accomplish the modifications.<br>
<br>
Also note I have specifically made the AS a singular
IRB-selected element within the use case. All access
control policies are determined by the IRB for ongoing
access, with the patient consenting to them. This
also keeps HEART away from ongoing political,
regulatory, and policy matters that are properly out
of scope for our technical work.<br>
<br>
Since I will be at the IHE Connectathon next week, I
won't be on our schedule 1/25 call. Looking forward
to discussions on-list and in February meetings.<br>
<br>
Best,<br>
Glen<br>
<br>
<o:p></o:p></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a moz-do-not-send="true"
href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.openid.net</a><br>
<a moz-do-not-send="true"
href="http://lists.openid.net/mailman/listinfo/openid-specs-heart"
target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</blockquote>
<br>
</body>
</html>