<div dir="ltr"><div>I'm taking the patient's perspective and hoping our standards drive adoption of uma from many different angles. Right now, we have initiatives around Patient ID, Record Locator Directories, and Encounter Notification Services and Behavioral Health management. If we add Notification and Authorization Service, we will have 6 overlapping identity-related privacy processes just for HIPAA-covered services. On top of that we can add the non-HIPAA cases like research uses in the PMI and all sorts of wellness initiatives. Maybe we add de-identification as a way to avoid notification to the list as well. Every one of these mini-sectors might make sense from each narrow institutional perspective but they ignore the patient perspective completely.<br><br></div>The simple fact is that patients have zero economic power when it comes to FHIR and HEART. We can design HEART according to the golden rule or we can honor the patient perspective as our first principle.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Apr 18, 2016 at 9:26 PM, Eve Maler <span dir="ltr"><<a href="mailto:eve.maler@forgerock.com" target="_blank">eve.maler@forgerock.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Why couldn't notification coexist alongside authorization for access? And what does the "mode" of permission have inherently to do with notification about access?</div><div class="gmail_extra"><span class=""><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">
<p><b>Eve Maler<br></b>ForgeRock Office of the CTO | VP Innovation & Emerging Technology<br>Cell <a href="tel:%2B1%20425.345.6756" value="+14253456756" target="_blank">+1 425.345.6756</a> | Skype: xmlgrrl | Twitter: @xmlgrrl<br>Check out the <a href="https://summits.forgerock.com" target="_blank">2016 schedule</a> for <b>ForgeRock Summits and UnSummits</b>!</p></div></div></div></div></div></div></div></div></div></div></div>
<br></span><div><div class="h5"><div class="gmail_quote">On Mon, Apr 18, 2016 at 6:11 PM, Adrian Gropper <span dir="ltr"><<a href="mailto:agropper@healthurl.com" target="_blank">agropper@healthurl.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Notification is more important than authorization because it enhances the security and transparency of the system. Under the "proactive" design pattern the Grantor is not notified of releases so the only way that breaches come to light is via whistle-blowers or when records show up on the market. We expect notification from banks and many internet businesses but the only notification we get in healthcare are the bills - usually 1-2 months after the service. <br><br></div><div>Once we establish a practical way to notify Grantors of data access, we also have a way of managing updates to interested parties - a medical home EHR, a PHR, or an encounter notification service. As we move beyond the paper mindset that Justin points out, we can have contemporaneous "Accounting for Disclosures" for all transactions including those that are currently exempt under HIPAA T/P/O. Once my authorization server is notified of a TPO transaction that it has no power to authorize or deny (because it's TPO) my AS can trigger an update of medical home EHRs, PHRs, or encounter notification services. Who would not want that?<br><br></div><div>Adrian<br></div><div><br></div>Adrian<br></div><div class="gmail_extra"><div><div><br><div class="gmail_quote">On Mon, Apr 18, 2016 at 7:50 PM, Eve Maler <span dir="ltr"><<a href="mailto:eve.maler@forgerock.com" target="_blank">eve.maler@forgerock.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">True, "proactive" and "reactive" aren't the whole story either, they were just a quick shorthand. This is where dealing with UMA and other systems has been highlighting the fact for me that the usual language of permissions (which doesn't really use those two words either) isn't very rich, and I've actually been working to develop a classification system that offers more depth. More anon, maybe...</div><div class="gmail_extra"><span><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">
<p><b>Eve Maler<br></b>ForgeRock Office of the CTO | VP Innovation & Emerging Technology<br>Cell <a href="tel:%2B1%20425.345.6756" value="+14253456756" target="_blank">+1 425.345.6756</a> | Skype: xmlgrrl | Twitter: @xmlgrrl<br>Check out the <a href="https://summits.forgerock.com" target="_blank">2016 schedule</a> for <b>ForgeRock Summits and UnSummits</b>!</p></div></div></div></div></div></div></div></div></div></div></div>
<br></span><div><div><div class="gmail_quote">On Mon, Apr 18, 2016 at 4:24 PM, Justin Richer <span dir="ltr"><<a href="mailto:jricher@mit.edu" target="_blank">jricher@mit.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Also, a point I raised on the call:<div><br></div><div>Keep in mind that many of the historically “proactive” use cases are likely proactive precisely because there’s no reasonable way for people to be reactive in a paper-based system. So instead of asking people in-situ when making decisions, we clear everything up front so that we don’t have to ask again. </div><div><br></div><div>Yes, we can model that with technology. My question to the group is: should we? I think sometimes it makes sense, and others it does not. We need to carefully weigh that. </div><div><br></div><div>And ultimately, the line of “proactive/reactive” is fuzzy at best. What do we call it when Alice gets notified of the enforcement of a proactive policy, which she can then quickly change on the fly? What if Alice makes a reactive decision and tells the system to remember it (TOFU)?</div><span><font color="#888888"><div><br></div><div> — Justin</div></font></span><div><div><div><br><div><blockquote type="cite"><div>On Apr 18, 2016, at 5:13 PM, Eve Maler <<a href="mailto:eve.maler@forgerock.com" target="_blank">eve.maler@forgerock.com</a>> wrote:</div><br><div><div dir="ltr">Thanks, Sarah! Piling on: Here is the snippet with the latest edited list of sharing scenarios to consider:<div><br></div><div><i>We suggest to modularize our work on this use case, such that we can add "Step" sections whenever we're satisfied with previously vetted sections. Can we prioritize sharing scenarios in the group?<br></i></div><div>
<ul>
<li><span><i>(Proactive flow?:) Alice setting up provisioning of basic data on first visits to Dr. Bob (and Dr. Erica for extra credit?): PHR A to EHR B and EHR E.</i></span></li>
<li><span><i>Alice being able to monitor and control access by Dr. Bob: Alice interacting with SMH A.</i></span></li>
<li><span><i>(Proactive flow?:) Alice sharing her medication list with her spouse: PHR A to app C.</i></span></li>
<li><span><i>(Reactive flow?:) Agreeing to do data donation under certain conditions: EHR A to Aggregator</i></span></li>
<li><span><i>(Proactive flow?:) Sharing mother’s medical concerns with daughter: PHR D to app A</i></span></li>
<li><span><i>(Proactive flow:) Consent directives: Rules set ahead of time for EHR access by family members and others?</i></span></li>
<li><span><i>(Reactive flow:) Alice approves access to physician requests for records?</i></span></li>
<li><span><i>(lots of other flows possible...)</i></span></li>
</ul></div><div>Can people please weigh in on how they would prioritize these scenarios (and any other new ones, or edited versions of these) for building out the Steps? I don't think it would take all that long to write Steps for any (say) top-two flows if we narrow it down.</div><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><p><b>Eve Maler<br></b>ForgeRock Office of the CTO | VP Innovation & Emerging Technology<br>Cell <a href="tel:%2B1%20425.345.6756" value="+14253456756" target="_blank">+1 425.345.6756</a> | Skype: xmlgrrl | Twitter: @xmlgrrl<br>Check out the <a href="https://summits.forgerock.com/" target="_blank">2016 schedule</a> for <b>ForgeRock Summits and UnSummits</b>!</p></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Mon, Apr 18, 2016 at 2:04 PM, Sarah Squire <span dir="ltr"><<a href="mailto:sarah@engageidentity.com" target="_blank">sarah@engageidentity.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Also, here's a link to the use cases we discussed today:<div><br></div><div><a href="https://bitbucket.org/openid/heart/wiki/Alice_Shares_with_Physicians_and_Others_UMA_FHIR" target="_blank">https://bitbucket.org/openid/heart/wiki/Alice_Shares_with_Physicians_and_Others_UMA_FHIR</a><br></div><div><br></div><div>Thanks to Jim for the reminder!</div></div><div class="gmail_extra"><span><br clear="all"><div><div><div dir="ltr"><div style="color:rgb(136,136,136)">Sarah Squire</div><div style="color:rgb(136,136,136)">Engage Identity</div><div style="color:rgb(136,136,136)"><a href="http://engageidentity.com/" style="color:rgb(17,85,204)" target="_blank">http://engageidentity.com</a></div></div></div></div>
<br></span><div><div><div class="gmail_quote">On Mon, Apr 18, 2016 at 1:59 PM, Sarah Squire <span dir="ltr"><<a href="mailto:sarah@engageidentity.com" target="_blank">sarah@engageidentity.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><span><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Attending:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Eve Maler</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Tom Sullivan</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">William Kinsley</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Josh Mandel</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Adrian Gropper</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Dale Moberg</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Scott Shorter</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Cait Ryan</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Simon Gordon</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Justin Richer</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Sarah Squire</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Glen Marshall</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Edmund Jay</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Jin Wen</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Kathleen Connor</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Jim Kragh</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Julie Maas</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Upcoming events:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">IIW</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">EIC</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Cloud Identity Summit</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">SOUPS</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Datapolooza</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">OSCON</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">IEEE Security and Privacy</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Is there an interest in trying to find alternate dates? Why don’t we construct a Doodle poll of dates where we know we definitely have an overlap?</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Action Item: Sarah will construct a Doodle poll.</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Eve:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">UMA FHIR Use Case: We’ve made small changes, but the content of the characters and flows hasn’t changed.</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">We have sharing scenarios to consider. These need some group input.</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Jin:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">One case is a patient visiting a healthcare organization and then transferring his or her medical history. This would be an EHR to EHR transfer. </span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Eve:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">There’s also sharing the medication list with Alice’s husband.</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">What should we call a healthcare information consuming application?</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Kathleen:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Maybe we could just call it a health app. Just leave the portal as a PHR and then everything else is an app. There are apps that a healthcare consumer might want to use in concert with other apps that have nothing to do with health.</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">William:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Are we differentiating between HIPAA covered apps and non-HIPAA covered apps?</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Eve:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">We could. Non-PHR seems to be the more relevant distinction.</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Adrian:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">What are we trying to do here? Why do we need separate use cases for all of these subcategories?</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Eve:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">In this case, it’s the people motivated to share. In the first case, Alice doesn’t want to fill in a clip board. In the sharing with husband case, Alice’s husband needs to know so he can help with care.</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Glen:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">That is of interest in setting up the use case, but not after.</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Eve:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">We could do a whole series of use cases, but we’re starting to see this as modular. If we documented each of the flows, we could easily prioritize them. For me, sharing with husband is the highest priority. </span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Adrian:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Would you consider two motivations as part of this list? Alice gathers different portals into one, and the desire to be “in the loop” for anything involving healthcare at a particular provider, i.e. wanting transparency.</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Eve:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">We would only branch off if we had other characters or flows. There are many motivations that are not listed here. The motivations you are talking about are outside of an UMA flow. We could have a use case involving central management of two EHRs by adding another doctor. Do we have an authoritative data source?</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Adrian:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">They would both be authoritative for different data. If there is no trigger update mechanism, then the PHR doesn’t solve that problem.</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Bill:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">I think we need to figure out what the scope of the use case is. The purpose of the PHR was to provide a single point of truth. I think what you’re trying to say is there is no single point of truth. Is that true?</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Adrian:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Every FHIR endpoint is authoritative for something, and what matters is what triggers updates of another system. How do we create a surveillance system so that a doctor can find out when their patients are seen elsewhere? </span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Bill:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Having a single point of truth simplifies the use cases. I think that creates a complex use case.</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Sarah:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">How is this different from our oauth delegation use case?</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Adrian:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Being able to specify an authorization server to multiple resources. And we have lots of directory problems.</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Sarah:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Directory problems are outside the scope of HEART, and it sounds like you’re talking about Alice to Alice delegation, which has already been solved with oauth.</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Bill:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Aren’t we supposed to be protocol agnostic?</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Justin:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">We’re trying to increase security, and we are definitely going to use FHIR. HEART is a longer term utopian project, whereas Argonauts is a current-state project. We are more forward-looking.</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Bill:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">I’m just saying we shouldn’t be too concerned with Argonauts because they’re jumping and doing things now, and that’s not our goal.</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Justin:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Agreed, we just want to make sure that HEART remains realistic and implementable and becomes a next-generation option for the healthcare space.</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Eve:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">I’m trying to figure out how to summarize where we are. Our first use case is exchange between EHR and PHR. Is that controversial?</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Adrian:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">I just said it was unnecessary.</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Eve:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">But whoever is authoritative should be the source of truth. In the case of medications, the patient is authoritative.</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Adrian:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">The distinction between EHR and PHR is arbitrary.</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Eve:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">You obviously feel strongly about PHR mucking up the works. I don’t understand why it can’t be authoritative.</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Adrian:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">It’s not wrong, but it doesn’t serve the purpose of filling in the clipboard. You want to be able to do that even if the patient doesn’t have a PHR. </span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Kathleen:</span></div><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">It’s not a problem to me that there are different endpoints.</span></div><br><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Justin:</span></div><span style="font-size:14.6667px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Reminder that there’s no call next week due to the OpenID Foundation meeting. There will be a HEART get-together there. </span></span><span><font color="#888888"><div><font face="Arial"><span style="font-size:14.6667px;white-space:pre-wrap"><br></span></font></div><div><font face="Arial"><span style="font-size:14.6667px;white-space:pre-wrap"><br clear="all"></span></font><div><div><div dir="ltr"><div style="color:rgb(136,136,136)">Sarah Squire</div><div style="color:rgb(136,136,136)">Engage Identity</div><div style="color:rgb(136,136,136)"><a href="http://engageidentity.com/" style="color:rgb(17,85,204)" target="_blank">http://engageidentity.com</a></div></div></div></div>
</div></font></span></div>
</blockquote></div><br></div></div></div>
<br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br></blockquote></div><br></div>
_______________________________________________<br>Openid-specs-heart mailing list<br><a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.openid.net</a><br><a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br></div></blockquote></div><br></div></div></div></div></blockquote></div><br></div></div></div>
<br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br></blockquote></div><br><br clear="all"><br></div></div><span><font color="#888888">-- <br><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><br><div dir="ltr">Adrian Gropper MD<span style="font-size:11pt"></span><br><br><span style="font-family:"Arial",sans-serif;color:#1f497d">PROTECT YOUR FUTURE - RESTORE Health Privacy!</span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>HELP us fight for the right to control personal health data.</span><span style="font-family:"Arial",sans-serif;color:#1f497d"></span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>DONATE:
<a href="http://patientprivacyrights.org/donate-2/" target="_blank"><span style="color:#0563c1">http://patientprivacyrights.org/donate-2/</span></a></span><span style="color:#1f497d"></span>
</div></div></div></div></div></div></div></div>
</font></span></div>
</blockquote></div><br></div></div></div>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><br><div dir="ltr">Adrian Gropper MD<span style="font-size:11pt"></span><br><br><span style="font-family:"Arial",sans-serif;color:#1f497d">PROTECT YOUR FUTURE - RESTORE Health Privacy!</span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>HELP us fight for the right to control personal health data.</span><span style="font-family:"Arial",sans-serif;color:#1f497d"></span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>DONATE:
<a href="http://patientprivacyrights.org/donate-2/" target="_blank"><span style="color:#0563c1">http://patientprivacyrights.org/donate-2/</span></a></span><span style="color:#1f497d"></span>
</div></div></div></div></div></div></div></div>
</div>