<div dir="ltr">I definitely agree on auditing. Can you elaborate a little on what you're thinking in terms of defining a resource set? I imagine that the "clipboard" resource set would vary quite a bit based on the provider and their specialty. Are you suggesting that we attempt to define a universal set of fields that everyone would need as a baseline? Or are you thinking that we should just acknowledge the existence of something called a clipboard resource set, and let implementors decide for themselves what that means?<div><br></div><div>I agree that RPT is essentially an authorization for release.</div><div><br></div><div>Sarah</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div style="color:rgb(136,136,136)">Sarah Squire</div><div style="color:rgb(136,136,136)">Engage Identity</div><div style="color:rgb(136,136,136)"><a href="http://engageidentity.com/" style="color:rgb(17,85,204)" target="_blank">http://engageidentity.com</a></div></div></div></div>
<br><div class="gmail_quote">On Tue, Jul 19, 2016 at 1:10 PM, Debbie Bucci <span dir="ltr"><<a href="mailto:debbucci@gmail.com" target="_blank">debbucci@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">Well... when thinking about the virtual clipboard vs real world .. I am usually presented with at least 3 or 4 documents ... the laundry list info insurance meds allergies etc. Consent for treatment, Privacy Notice and if referred with no info in hand the release of information.</p>
<p dir="ltr">Seems to me that rpt is essentially an authorization for release. </p>
<p dir="ltr">Adrian asked that we consider roi as part of the discussion....I think he may be right.</p>
<p dir="ltr">Eves doc was broad and I thought the next step was to drill down to soecifics. If we have agreed a virtual clipboard resource set makes sense that needs to be added. </p>
<p dir="ltr">Specifically from the ROI - John Moerke mentioned date range of treatment - that's one and this form opts in sensitive info.... so I think ... the CFR 42 part 2 stuff ( +genomics) may need a specific scope for authorization to release.</p>
<p dir="ltr">Auditing needs to peripherally be considered as well imo</p><div class="HOEnZb"><div class="h5">
<div class="gmail_quote">On Jul 19, 2016 6:56 AM, "Sarah Squire" <<a href="mailto:sarah@engageidentity.com" target="_blank">sarah@engageidentity.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi all,<div><br></div><div>This is the use case that Eve has been hashing out on the call for a few weeks now: <a href="https://bitbucket.org/openid/heart/wiki/Alice_Shares_with_Physicians_and_Others_UMA_FHIR" target="_blank">https://bitbucket.org/openid/heart/wiki/Alice_Shares_with_Physicians_and_Others_UMA_FHIR</a></div><div><br></div><div>Is there anything specifically added by the NYP form that has not already been covered?</div><div><br></div><div>Sarah</div></div><div class="gmail_extra"><br clear="all"><div><div data-smartmail="gmail_signature"><div dir="ltr"><div style="color:rgb(136,136,136)">Sarah Squire</div><div style="color:rgb(136,136,136)">Engage Identity</div><div style="color:rgb(136,136,136)"><a href="http://engageidentity.com/" style="color:rgb(17,85,204)" target="_blank">http://engageidentity.com</a></div></div></div></div>
<br><div class="gmail_quote">On Tue, Jul 19, 2016 at 5:43 AM, Adrian Gropper <span dir="ltr"><<a href="mailto:agropper@healthurl.com" target="_blank">agropper@healthurl.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Debbie,<br><br></div><div>In case it's not on the HEART servers, I've put a copy of the NYP Authorization Form here: <a href="https://dl.dropboxusercontent.com/u/8909568/NYP%20authorization.pdf" target="_blank">https://dl.dropboxusercontent.com/u/8909568/NYP%20authorization.pdf</a><br></div><div><br></div>Mapping the NYP Authorization Form to actual UMA protocol is way above my pay grade. Here's as far as I get (inline):<br><div class="gmail_extra"><span><br>In the case of Alice authorizing Dr. Bob:</span><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><br></div><div><br></div><ul><li>Alice is the Resource Owner <b>[Yes. Notice that we have to handle the case where Alice has a Representative sign for her as at the bottom of the form]</b><br></li></ul></div></blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><ul><li>The requested resource set - is the protected resource. <b>[Someone else needs to propose the mapping to standards]</b> <br></li><span><ul><li>The resource set would need to have date range. </li><li>Form indicates that release of sensitive information is explicitly OPT-IN so a confidentiality code of V (very sensitive) would not release HIV-AIDS/Mental Health/Genetics/Substance Abuse unless explicitly asked for (as a scope?).</li></ul></span><li>Can the Authorization server sign the RPT(ROI) on behalf of Alice?<b> [Yes. That's the whole point of UMA and HEART as far as I can tell.]</b><br></li><li>Probably good hygiene to recommend that claims re: Bob's medical affiliation be recorded as part of the audit or consent receipt if unable to include as part of RPT process. <b>[Maybe but it seems peripheral.]</b><br></li></ul></div></blockquote><div>It's important to note that this form is labeled by NYP as an "authorization" and represents UMA Phase 2 where Dr. Bob is on the scene. Whoever proposes a mapping to standards needs to also deal with UMA Phase 1 where Alice or her representative tells NYP the address of her UMA Authorization Server. This happens before Bob is on the scene and is what I would call "consent".<br><br></div><div>For the purpose of HEART, could we call UMA Phase 1 consent and UMA Phase 2 authorization?<span><font color="#888888"><br></font></span></div><span><font color="#888888"><div><br></div><div>Adrian <br></div></font></span></div><br></div></div>
<br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br></blockquote></div><br></div>
</blockquote></div>
</div></div></blockquote></div><br></div>