<div dir="ltr"><div><div><div>Establishing a separate URI for each patient is likely to be the only stable solution to the patient ID problem. The issue, however, is how many URIs will a patient be allowed to have? If the URIs are coercive, in the sense of a chip or tattoo issued by government or an equivalent global authority (Facebook?) or the URI is derived from DNA or an iris scan. (Iris scans are a good positive IDs and can be read from 30 feet away with modern technology.)<br><br></div>Let's assume, for our purposes, that an iris scanner costs about as much as a credit card terminal, cheap enough for every front office, ambulance, and police car. Is the patient ID problem solved? I don't think so.<br><br></div>Patients can have one or more separate URIs in order to help manage their health records. Today, we typically use email address for this purpose, with WebFinger <a href="https://webfinger.net/">https://webfinger.net/</a> as a standardized way to discover linked attributes such as the patient's UMA Authorization Server and the associated public key. <br><br>UMA for patient ID brings numerous benefits including much greater transparency and security. The patient now has a single portal (their UMA AS) to view all current relationships under that particular patient ID persona. The system is also much more resistant to data breaches as data holders (UMA Resource Servers) must implement separate encryption keys for each patient.<br><br></div><div>I think the HEART group is in a good position to compete for the CHIME challenge on this basis and I'd be happy for me and PPR to help organize a submission.<br><br></div><div>Adrian<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Jan 24, 2016 at 1:20 PM, Aaron Seib <span dir="ltr"><<a href="mailto:aaron.seib@nate-trust.org" target="_blank">aaron.seib@nate-trust.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>
<div>I appreciate your expertise and action. </div><div><br></div><div>I don't necessarily agree with some of your statements here but that is the beauty of open processes. </div><div><br></div><div>Let's strive to do all we can - together.</div><div><br></div><div><br></div><div><br></div><div><span style="font-size:15.4224px">Aaron Seib</span><div><span style="font-size:17.489px">@CaptBlueButton<br></span><div dir="auto"><span style="font-size:15.4224px" dir="auto">(O) <a href="tel:301-540-9549" value="+13015409549" target="_blank">301-540-9549</a></span></div><div dir="auto"><span style="font-size:15.4224px" dir="auto">(M) <a href="tel:301-326-6843" value="+13013266843" target="_blank">301-326-6843</a></span></div><div dir="auto"><span style="font-size:15.4224px" dir="auto"><br></span></div><div dir="auto"><span style="font-size:15.4224px" dir="auto">"The trick to earning trust is to avoid all tricks. Including tricks on yourself."</span></div><div dir="auto"><br></div></div></div><div><div class="h5"><br><br>-------- Original message --------<br>From: "Glen Marshall [SRS]" <<a href="mailto:gfm@securityrs.com" target="_blank">gfm@securityrs.com</a>> <br>Date: 2016/01/24 7:07 AM (GMT-08:00) <br>To: HEART List <<a href="mailto:openid-specs-heart@lists.openid.net" target="_blank">openid-specs-heart@lists.openid.net</a>> <br>Subject: [Openid-specs-heart] CHIME Launches $1M Challenge to Solve Patient ID Problem <br><br>
This is pertinent to our data-sharing use cases. There is no
current solution to accurately sharing/gathering patients' clinical
data stored among various repositories. In turn, that makes
applying access controls across all of a patient's data in those
repositories difficult. I'm happy to see Chime's challenge.<br>
<br>
However, the related problem of discovering where all of one's data
might be is computationally intractable. It is equally intractable
to gather and combine all access permissions and regulatory
restrictions on patients' data, even if there were a useful means to
do so. (Both are equivalent to the <a href="https://en.wikipedia.org/wiki/Halting_problem" target="_blank">halting
problem</a>.)<br>
<br>
Having a single "source of truth" repository is one direction for a
solution, as is having a single access permissions source. Keeping
them updated with new data and permissions is possible, even if
difficult in the short run.<br>
<br>
However, establishing unique URIs for each patient's data and
permissions is the same as having a universal patient identifier.
That might be subject to current Congressional funding restrictions.
<br>
<br>
<br>
<i>The College of Healthcare Information Management Executives on
Tuesday launched a $1 million National Patient ID Challenge to
develop solutions to ensure 100 percent accuracy of every
patient’s identity to reduce preventable medical errors.</i><i><br>
</i><i><br>
</i><i><a href="http://www.healthdatamanagement.com/news/chime-launches-1m-challenge-to-solve-patient-id-problem" target="_blank">http://www.healthdatamanagement.com/news/chime-launches-1m-challenge-to-solve-patient-id-problem</a></i><br>
<div>-- <br>
<p><b>Glen F. Marshall</b><br>
Consultant<br>
Security Risk Solutions, Inc.<br>
698 Fishermans Bend<br>
Mount Pleasant, SC 29464<br>
Tel: <a href="tel:%28610%29%20644-2452" value="+16106442452" target="_blank">(610) 644-2452</a><br>
Mobile: <a href="tel:%28610%29%20613-3084" value="+16106133084" target="_blank">(610) 613-3084</a><br>
<a href="mailto:gfm@securityrs.com" target="_blank">gfm@securityrs.com</a><br>
<a href="http://www.SecurityRiskSolutions.com" target="_blank">www.SecurityRiskSolutions.com</a></p>
</div>
</div></div></div><br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><br><div dir="ltr">Adrian Gropper MD<span style="font-size:11pt"></span><br><br><span style="font-family:"Arial",sans-serif;color:#1f497d">PROTECT YOUR FUTURE - RESTORE Health Privacy!</span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>HELP us fight for the right to control personal health data.</span><span style="font-family:"Arial",sans-serif;color:#1f497d"></span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>DONATE:
<a href="http://patientprivacyrights.org/donate-2/" target="_blank"><span style="color:#0563c1">http://patientprivacyrights.org/donate-2/</span></a></span><span style="color:#1f497d"></span>
</div></div></div></div></div></div></div></div>
</div>