<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Aaron,<div class=""><br class=""></div><div class="">Within this working group we’ve got a method of marking certain items “core” vs. “peripheral”, which is to say that some things absolutely must be solved in a particular way (“Alice must log in”) vs. things that are used to string the narrative together (“Alice checks her email on her smartphone”). </div><div class=""><br class=""></div><div class=""> — Justin</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Jan 23, 2016, at 8:07 PM, Aaron Seib, NATE <<a href="mailto:aaron.seib@nate-trust.org" class="">aaron.seib@nate-trust.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><meta name="Generator" content="Microsoft Word 14 (filtered medium)" class=""><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style class=""><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";
color:black;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:915164099;
mso-list-template-ids:1542876318;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--><div bgcolor="white" lang="EN-US" link="blue" vlink="purple" class=""><div class="WordSection1"><div class="MsoNormal"><a name="_MailEndCompose" class=""><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class="">What does peripheral mean? For decoration purposes only? Seems to introduce noise and take away from what you are trying to convey is my point.<o:p class=""></o:p></span></a></div><div class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class=""> </span></div><div class=""><div class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class=""> </span></div><div class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class="">Aaron Seib, CEO<o:p class=""></o:p></span></div><div class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class="">@CaptBlueButton <o:p class=""></o:p></span></div><div class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class=""> (o) 301-540-2311<o:p class=""></o:p></span></div><div class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class="">(m) 301-326-6843<o:p class=""></o:p></span></div><div class="MsoNormal"><a href="x-msg://125/nate-trust.org" class=""><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;text-decoration:none" class=""><image001.jpg></span></a><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class=""><o:p class=""></o:p></span></div></div><div class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class=""> </span></div><div class=""><div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in" class=""><div class="MsoNormal"><b class=""><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext" class="">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext" class=""> Glen Marshall [SRS] [<a href="mailto:gfm@securityrs.com" class="">mailto:gfm@securityrs.com</a>] <br class=""><b class="">Sent:</b> Saturday, January 23, 2016 8:03 PM<br class=""><b class="">To:</b> Aaron Seib, NATE; HEART List<br class=""><b class="">Subject:</b> Re: [Openid-specs-heart] HEART Clinical Research UMA<o:p class=""></o:p></span></div></div></div><div class="MsoNormal"><o:p class=""> </o:p></div><div class="MsoNormal">Aaron,<br class=""><br class="">In response to your comments on the use case narrative:<o:p class=""></o:p></div><ul type="disc" class=""><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">All of the data including the genomic data? It will be made available to whom?<o:p class=""></o:p></li><ul type="circle" class=""><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level2 lfo1">The use case is for clinical data collected and made available to the clinical researchers for the study. The nature of the data, e.g., genomics and other clinical results, is peripheral. <o:p class=""></o:p></li></ul></ul><p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class="">I don’t know that there is a way to pseudonymize Genomic data is the point I was trying to make. It is a real issue – I was trying to suggest it is not peripheral as a result. If it is peripheral I would remove the reference to gemonics all together.<o:p class=""></o:p></span></p><ul type="disc" class=""><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">How will her genome be pseudonymized?<o:p class=""></o:p></li><ul type="circle" class=""><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level2 lfo1">The specific pseudonymization (and re-identification) algorithms are likely to be specific to the clinical research study, informed by the cited standards. <o:p class=""></o:p></li></ul><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">If they can access her PHR why do they need to access the EMR as well? Isn't the point of HEART that she have a complete record of all of her data in the PHR. What is in the EHR that is missing from the PHR? Why?<o:p class=""></o:p></li><ul type="circle" class=""><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level2 lfo1">I have assumed the current state of data sharing among EHRs and PHRs. It is peripheral to the use case.<o:p class=""></o:p></li></ul><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">This is a transitional use case that will hopefully go away one day. It may be necessary for now if there is data in the EHR that isn't transportable to the PHR but I would hope that the day will come when we aren't treating the Clinical Operations software as the only source that inputs to the researchers data warehouse can be populated. I would argue that PHR's will have more complete data then the two EMRs as the EMRs will lack the PGHD that could more readily be gathered via the PHR in comparison to forcing it to fit into the EMR of the Oncologist.<o:p class=""></o:p></li><ul type="circle" class=""><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level2 lfo1">There are multiple EHRs in this use case and, while I'd like all EHRs and PHRs to be interoperable, they are not presently. This is peripheral to the use case.<o:p class=""></o:p></li></ul><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">Am I missing something important. Why is the patient only able to get a summary of the data?<o:p class=""></o:p></li><ul type="circle" class=""><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level2 lfo1">This references reports of disclosures from the EHRs to the CDRN. A disclosure report for each transmission to the CDRN is assumed, and that may reference multiple data sets in summary. The actual content and frequency of reports is not standardized, and is influenced by policy outside of the use case. This is peripheral to the use case.<o:p class=""></o:p></li></ul><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">[In reference to pharma's offer of a continuing access agreement and profit-sharing.] Has this ever happened? Is there anyone (from Pharma) proposing that they will do this?<o:p class=""></o:p></li><ul type="circle" class=""><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level2 lfo1">That is my hypothetical resolution to the issue of subsequent re-use of Alice's data. That might have been a more satisfying resolution to the Henrietta Lacks case. The actual resolution is peripheral to the use case.<o:p class=""></o:p></li></ul></ul><div class="MsoNormal">Best,<br class="">Glen<o:p class=""></o:p></div><div class=""><div class=""><b class="">Glen F. Marshall</b><br class="">Consultant<br class="">Security Risk Solutions, Inc.<br class="">698 Fishermans Bend<br class="">Mount Pleasant, SC 29464<br class="">Tel: (610) 644-2452<br class="">Mobile: (610) 613-3084<br class=""><a href="mailto:gfm@securityrs.com" class="">gfm@securityrs.com</a><br class=""><a href="http://www.securityrisksolutions.com/" class="">www.SecurityRiskSolutions.com</a><o:p class=""></o:p></div></div><div class=""><div class="MsoNormal">On 1/23/16 18:39, Aaron Seib, NATE wrote:<o:p class=""></o:p></div></div><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt" class="" type="cite"><div class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class="">Glen – I had a lot of questions that I captured as comments in the attached.</span><o:p class=""></o:p></div><div class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class=""> </span><o:p class=""></o:p></div><div class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class=""> </span><o:p class=""></o:p></div><div class=""><div class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class=""> </span><o:p class=""></o:p></div><div class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class="">Aaron Seib, CEO</span><o:p class=""></o:p></div><div class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class="">@CaptBlueButton </span><o:p class=""></o:p></div><div class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class=""> (o) 301-540-2311</span><o:p class=""></o:p></div><div class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class="">(m) 301-326-6843</span><o:p class=""></o:p></div><div class="MsoNormal"><a href="x-msg://125/nate-trust.org" class=""><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;text-decoration:none" class=""><image001.jpg></span></a><o:p class=""></o:p></div></div><div class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class=""> </span><o:p class=""></o:p></div><div class=""><div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in" class=""><div class="MsoNormal"><b class=""><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext" class="">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext" class=""> Openid-specs-heart [<a href="mailto:openid-specs-heart-bounces@lists.openid.net" class="">mailto:openid-specs-heart-bounces@lists.openid.net</a>] <b class="">On Behalf Of </b>Glen Marshall [SRS]<br class=""><b class="">Sent:</b> Saturday, January 23, 2016 12:58 PM<br class=""><b class="">To:</b> Sarah Squire<br class=""><b class="">Cc:</b> HEART List<br class=""><b class="">Subject:</b> Re: [Openid-specs-heart] HEART Clinical Research UMA</span><o:p class=""></o:p></div></div></div><div class="MsoNormal"> <o:p class=""></o:p></div><div class="MsoNormal">Gladly! See attached PDF.<o:p class=""></o:p></div><div class=""><div class=""><b class="">Glen F. Marshall</b><br class="">Consultant<br class="">Security Risk Solutions, Inc.<br class="">698 Fishermans Bend<br class="">Mount Pleasant, SC 29464<br class="">Tel: (610) 644-2452<br class="">Mobile: (610) 613-3084<br class=""><a href="mailto:gfm@securityrs.com" class="">gfm@securityrs.com</a><br class=""><a href="http://www.securityrisksolutions.com/" class="">www.SecurityRiskSolutions.com</a><o:p class=""></o:p></div></div><p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p class=""></o:p></p><div class=""><div class="MsoNormal">On 1/23/16 12:53, Sarah Squire wrote:<o:p class=""></o:p></div></div><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt" class="" type="cite"><div class=""><div class="MsoNormal">Hi Glen, <o:p class=""></o:p></div><div class=""><div class="MsoNormal"> <o:p class=""></o:p></div></div><div class=""><div class="MsoNormal">Your sharepoint link isn't working. Could you send a pdf to the list please?<o:p class=""></o:p></div></div><div class=""><div class="MsoNormal"> <o:p class=""></o:p></div></div><div class=""><div class="MsoNormal">Thanks,<o:p class=""></o:p></div></div><div class=""><div class="MsoNormal"> <o:p class=""></o:p></div></div><div class=""><div class="MsoNormal">Sarah<o:p class=""></o:p></div></div></div><div class=""><div class="MsoNormal"><br clear="all" class=""><o:p class=""></o:p></div><div class=""><div class=""><div class=""><div class=""><div class="MsoNormal"><span style="color:#888888" class="">Sarah Squire</span><o:p class=""></o:p></div></div><div class=""><div class="MsoNormal"><span style="color:#888888" class="">Engage Identity</span><o:p class=""></o:p></div></div><div class=""><div class="MsoNormal"><span style="color:#888888" class=""><a href="http://engageidentity.com/" class="">http://engageidentity.com</a></span><o:p class=""></o:p></div></div></div></div></div><div class="MsoNormal"> <o:p class=""></o:p></div><div class=""><div class="MsoNormal">On Fri, Jan 22, 2016 at 2:55 PM, Glen F. Marshall <<a href="mailto:glen.f.marshall@gmail.com" target="_blank" class="">glen.f.marshall@gmail.com</a>> wrote:<o:p class=""></o:p></div><div class=""><p class="MsoNormal" style="margin-bottom:12.0pt">Team,<br class=""><br class="">Here is a <b class=""><a href="https://srsmail-my.sharepoint.com/personal/gfm_securityrs_com/_layouts/15/guestaccess.aspx?guestaccesstoken=2QxXSnxuijrIbiElNuU%2bCJIV0G6FBK5uWbdt0FvvVFg%3d&docid=2_1c5c33062f8ee4dbe9dbf61ba9524ca39" target="_blank" class="">link</a></b> to a read-only shared copy of the updated Clinical Research (UMA) use case. It now contains fleshed-out business prerequisites, sequence diagrams, and some minor corrections.<br class=""><br class="">Please respond with your suggestions, corrections, etc. But please do not alter the document itself, as the master Word copy and Visio graphics are all in my personal cloud storage.<br class=""><br class="">Note I have not included the final sequence diagram -- review of disclosures and modification of UMA permissions -- as I'd like to discuss the proper UMA mechanisms and flow to accomplish the modifications.<br class=""><br class="">Also note I have specifically made the AS a singular IRB-selected element within the use case. All access control policies are determined by the IRB for ongoing access, with the patient consenting to them. This also keeps HEART away from ongoing political, regulatory, and policy matters that are properly out of scope for our technical work.<br class=""><br class="">Since I will be at the IHE Connectathon next week, I won't be on our schedule 1/25 call. Looking forward to discussions on-list and in February meetings.<br class=""><br class="">Best,<br class="">Glen<br class=""><br class=""><br class=""><o:p class=""></o:p></p></div><p class="MsoNormal" style="margin-bottom:12.0pt"><br class="">_______________________________________________<br class="">Openid-specs-heart mailing list<br class=""><a href="mailto:Openid-specs-heart@lists.openid.net" class="">Openid-specs-heart@lists.openid.net</a><br class=""><a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" target="_blank" class="">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><o:p class=""></o:p></p></div><div class="MsoNormal"> <o:p class=""></o:p></div></div></blockquote><div class="MsoNormal"> <o:p class=""></o:p></div></blockquote><div class="MsoNormal"><o:p class=""> </o:p></div></div></div>_______________________________________________<br class="">Openid-specs-heart mailing list<br class=""><a href="mailto:Openid-specs-heart@lists.openid.net" class="">Openid-specs-heart@lists.openid.net</a><br class="">http://lists.openid.net/mailman/listinfo/openid-specs-heart<br class=""></div></blockquote></div><br class=""></div></body></html>