<div dir="ltr">It means that every patient record is associated with a separate jwks_uri for that patient's AS.<br> </div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jan 25, 2016 at 8:59 AM, Justin Richer <span dir="ltr"><<a href="mailto:jricher@mit.edu" target="_blank">jricher@mit.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Yes you did. Quote:<span class=""><br>
<br>
"The system is also much more resistant to data breaches as data
holders (UMA Resource Servers) must implement separate <b>encryption
keys </b>for each patient."<br>
<br></span>
So if you don't mean separately encrypting the data for each user,
what does that statement mean? The access token isn't an encryption
key. <br><span class="HOEnZb"><font color="#888888">
<br>
-- Justin</font></span><div><div class="h5"><br>
<br>
<div>On 1/25/2016 8:57 AM, Adrian Gropper
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>I never said anything about how the data is encrypted. I
only talk about how access to the FHIR API is controlled.<br>
<br>
</div>
Adrian<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Jan 25, 2016 at 8:55 AM, Justin
Richer <span dir="ltr"><<a href="mailto:jricher@mit.edu" target="_blank">jricher@mit.edu</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Adrian,<br>
<br>
I've asked this before and thought we'd settled it, but it
keeps coming up: where are you getting the idea of
encrypting the data to the patient using a patient's key?
That is not in scope for HEART, nor is it part of any of
the underlying protocols.<span><font color="#888888"><br>
<br>
-- Justin</font></span>
<div>
<div><br>
<br>
<div>On 1/25/2016 8:52 AM, Adrian Gropper wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div>Establishing a separate URI for each
patient is likely to be the only stable
solution to the patient ID problem. The
issue, however, is how many URIs will a
patient be allowed to have? If the URIs are
coercive, in the sense of a chip or tattoo
issued by government or an equivalent global
authority (Facebook?) or the URI is derived
from DNA or an iris scan. (Iris scans are a
good positive IDs and can be read from 30
feet away with modern technology.)<br>
<br>
</div>
Let's assume, for our purposes, that an iris
scanner costs about as much as a credit card
terminal, cheap enough for every front office,
ambulance, and police car. Is the patient ID
problem solved? I don't think so.<br>
<br>
</div>
Patients can have one or more separate URIs in
order to help manage their health records.
Today, we typically use email address for this
purpose, with WebFinger <a href="https://webfinger.net/" target="_blank"></a><a href="https://webfinger.net/" target="_blank">https://webfinger.net/</a>
as a standardized way to discover linked
attributes such as the patient's UMA
Authorization Server and the associated public
key. <br>
<br>
UMA for patient ID brings numerous benefits
including much greater transparency and
security. The patient now has a single portal
(their UMA AS) to view all current relationships
under that particular patient ID persona. The
system is also much more resistant to data
breaches as data holders (UMA Resource Servers)
must implement separate encryption keys for each
patient.<br>
<br>
</div>
<div>I think the HEART group is in a good position
to compete for the CHIME challenge on this basis
and I'd be happy for me and PPR to help organize
a submission.<br>
<br>
</div>
<div>Adrian<br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Sun, Jan 24, 2016 at
1:20 PM, Aaron Seib <span dir="ltr"><<a href="mailto:aaron.seib@nate-trust.org" target="_blank"></a><a href="mailto:aaron.seib@nate-trust.org" target="_blank">aaron.seib@nate-trust.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div>I appreciate your expertise and action.
</div>
<div><br>
</div>
<div>I don't necessarily agree with some of
your statements here but that is the
beauty of open processes. </div>
<div><br>
</div>
<div>Let's strive to do all we can -
together.</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><span style="font-size:15.4224px">Aaron
Seib</span>
<div><span style="font-size:17.489px">@CaptBlueButton<br>
</span>
<div dir="auto"><span style="font-size:15.4224px" dir="auto">(O) <a href="tel:301-540-9549" value="+13015409549" target="_blank">301-540-9549</a></span></div>
<div dir="auto"><span style="font-size:15.4224px" dir="auto">(M) <a href="tel:301-326-6843" value="+13013266843" target="_blank">301-326-6843</a></span></div>
<div dir="auto"><span style="font-size:15.4224px" dir="auto"><br>
</span></div>
<div dir="auto"><span style="font-size:15.4224px" dir="auto">"The trick to earning
trust is to avoid all tricks.
Including tricks on yourself."</span></div>
<div dir="auto"><br>
</div>
</div>
</div>
<div>
<div><br>
<br>
-------- Original message --------<br>
From: "Glen Marshall [SRS]" <<a href="mailto:gfm@securityrs.com" target="_blank"></a><a href="mailto:gfm@securityrs.com" target="_blank">gfm@securityrs.com</a>>
<br>
Date: 2016/01/24 7:07 AM (GMT-08:00) <br>
To: HEART List <<a href="mailto:openid-specs-heart@lists.openid.net" target="_blank"></a><a href="mailto:openid-specs-heart@lists.openid.net" target="_blank">openid-specs-heart@lists.openid.net</a>>
<br>
Subject: [Openid-specs-heart] CHIME
Launches $1M Challenge to Solve Patient
ID Problem <br>
<br>
This is pertinent to our data-sharing
use cases. There is no current solution
to accurately sharing/gathering
patients' clinical data stored among
various repositories. In turn, that
makes applying access controls across
all of a patient's data in those
repositories difficult. I'm happy to
see Chime's challenge.<br>
<br>
However, the related problem of
discovering where all of one's data
might be is computationally
intractable. It is equally intractable
to gather and combine all access
permissions and regulatory restrictions
on patients' data, even if there were a
useful means to do so. (Both are
equivalent to the <a href="https://en.wikipedia.org/wiki/Halting_problem" target="_blank">halting problem</a>.)<br>
<br>
Having a single "source of truth"
repository is one direction for a
solution, as is having a single access
permissions source. Keeping them
updated with new data and permissions is
possible, even if difficult in the short
run.<br>
<br>
However, establishing unique URIs for
each patient's data and permissions is
the same as having a universal patient
identifier. That might be subject to
current Congressional funding
restrictions. <br>
<br>
<br>
<i>The College of Healthcare Information
Management Executives on Tuesday
launched a $1 million National Patient
ID Challenge to develop solutions to
ensure 100 percent accuracy of every
patient’s identity to reduce
preventable medical errors.</i><i><br>
</i><i><br>
</i><i><a href="http://www.healthdatamanagement.com/news/chime-launches-1m-challenge-to-solve-patient-id-problem" target="_blank">http://www.healthdatamanagement.com/news/chime-launches-1m-challenge-to-solve-patient-id-problem</a></i><br>
<div>-- <br>
<p><b>Glen F. Marshall</b><br>
Consultant<br>
Security Risk Solutions, Inc.<br>
698 Fishermans Bend<br>
Mount Pleasant, SC 29464<br>
Tel: <a href="tel:%28610%29%20644-2452" value="+16106442452" target="_blank">(610) 644-2452</a><br>
Mobile: <a href="tel:%28610%29%20613-3084" value="+16106133084" target="_blank">(610) 613-3084</a><br>
<a href="mailto:gfm@securityrs.com" target="_blank">gfm@securityrs.com</a><br>
<a href="http://www.SecurityRiskSolutions.com" target="_blank">www.SecurityRiskSolutions.com</a></p>
</div>
</div>
</div>
</div>
<br>
_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div><br>
<div dir="ltr">Adrian Gropper MD<span style="font-size:11pt"></span><br>
<br>
<span style="font-family:"Arial",sans-serif;color:#1f497d">PROTECT
YOUR FUTURE - RESTORE Health
Privacy!</span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>
HELP us fight for the right to
control personal health data.</span><span style="font-family:"Arial",sans-serif;color:#1f497d"></span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>
DONATE: <a href="http://patientprivacyrights.org/donate-2/" target="_blank"><span style="color:#0563c1"></span></a><a href="http://patientprivacyrights.org/donate-2/" target="_blank">http://patientprivacyrights.org/donate-2/</a></span><span style="color:#1f497d"></span> </div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
Openid-specs-heart mailing list
<a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.openid.net</a>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div><br>
<div dir="ltr">Adrian Gropper MD<span style="font-size:11pt"></span><br>
<br>
<span style="font-family:"Arial",sans-serif;color:#1f497d">PROTECT
YOUR FUTURE - RESTORE Health Privacy!</span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>
HELP us fight for the right to control
personal health data.</span><span style="font-family:"Arial",sans-serif;color:#1f497d"></span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>
DONATE:
<a href="http://patientprivacyrights.org/donate-2/" target="_blank"><span style="color:#0563c1">http://patientprivacyrights.org/donate-2/</span></a></span><span style="color:#1f497d"></span>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</div></div></div>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><br><div dir="ltr">Adrian Gropper MD<span style="font-size:11pt"></span><br><br><span style="font-family:"Arial",sans-serif;color:#1f497d">PROTECT YOUR FUTURE - RESTORE Health Privacy!</span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>HELP us fight for the right to control personal health data.</span><span style="font-family:"Arial",sans-serif;color:#1f497d"></span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>DONATE:
<a href="http://patientprivacyrights.org/donate-2/" target="_blank"><span style="color:#0563c1">http://patientprivacyrights.org/donate-2/</span></a></span><span style="color:#1f497d"></span>
</div></div></div></div></div></div></div></div>
</div>