<p dir="ltr">I tried to figure out what ROI is... Clearly not classic use of ROI... Right?</p>
<p dir="ltr">42cfr is an unusual case globally. Hence why it is troubling. It is a dataset defined by the fact that the USA government funds a special case clinic for some sensitive health topics, AND that the patient participated in that funded project, AND the data in the set is the result. So the patient isn't special. The topics are not special. The data is not special. It is the confluence that makes them special. Yes I know I over simplified and over normalized. </p>
<p dir="ltr">An important part is that those funded facilities Know what data was created under this rule, and what data they have that wasn't. That is the distinguishing characteristics. They could have exact same data with some in and some out.</p>
<p dir="ltr">We use this one because in the USA it is the only case we get specifics that look like Privacy and are Federal rather than State based. </p>
<p dir="ltr">Look too long at this and your eyes will permanently cross.</p>
<p dir="ltr">John</p>
<div class="gmail_extra"><br><div class="gmail_quote">On Jul 19, 2016 6:25 AM, "Sarah Squire" <<a href="mailto:sarah@engageidentity.com">sarah@engageidentity.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I definitely agree on auditing. Can you elaborate a little on what you're thinking in terms of defining a resource set? I imagine that the "clipboard" resource set would vary quite a bit based on the provider and their specialty. Are you suggesting that we attempt to define a universal set of fields that everyone would need as a baseline? Or are you thinking that we should just acknowledge the existence of something called a clipboard resource set, and let implementors decide for themselves what that means?<div><br></div><div>I agree that RPT is essentially an authorization for release.</div><div><br></div><div>Sarah</div></div><div class="gmail_extra"><br clear="all"><div><div data-smartmail="gmail_signature"><div dir="ltr"><div style="color:rgb(136,136,136)">Sarah Squire</div><div style="color:rgb(136,136,136)">Engage Identity</div><div style="color:rgb(136,136,136)"><a href="http://engageidentity.com/" style="color:rgb(17,85,204)" target="_blank">http://engageidentity.com</a></div></div></div></div>
<br><div class="gmail_quote">On Tue, Jul 19, 2016 at 1:10 PM, Debbie Bucci <span dir="ltr"><<a href="mailto:debbucci@gmail.com" target="_blank">debbucci@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">Well... when thinking about the virtual clipboard vs real world .. I am usually presented with at least 3 or 4 documents ... the laundry list info insurance meds allergies etc. Consent for treatment, Privacy Notice and if referred with no info in hand the release of information.</p>
<p dir="ltr">Seems to me that rpt is essentially an authorization for release. </p>
<p dir="ltr">Adrian asked that we consider roi as part of the discussion....I think he may be right.</p>
<p dir="ltr">Eves doc was broad and I thought the next step was to drill down to soecifics. If we have agreed a virtual clipboard resource set makes sense that needs to be added. </p>
<p dir="ltr">Specifically from the ROI - John Moerke mentioned date range of treatment - that's one and this form opts in sensitive info.... so I think ... the CFR 42 part 2 stuff ( +genomics) may need a specific scope for authorization to release.</p>
<p dir="ltr">Auditing needs to peripherally be considered as well imo</p><div><div>
<div class="gmail_quote">On Jul 19, 2016 6:56 AM, "Sarah Squire" <<a href="mailto:sarah@engageidentity.com" target="_blank">sarah@engageidentity.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi all,<div><br></div><div>This is the use case that Eve has been hashing out on the call for a few weeks now: <a href="https://bitbucket.org/openid/heart/wiki/Alice_Shares_with_Physicians_and_Others_UMA_FHIR" target="_blank">https://bitbucket.org/openid/heart/wiki/Alice_Shares_with_Physicians_and_Others_UMA_FHIR</a></div><div><br></div><div>Is there anything specifically added by the NYP form that has not already been covered?</div><div><br></div><div>Sarah</div></div><div class="gmail_extra"><br clear="all"><div><div data-smartmail="gmail_signature"><div dir="ltr"><div style="color:rgb(136,136,136)">Sarah Squire</div><div style="color:rgb(136,136,136)">Engage Identity</div><div style="color:rgb(136,136,136)"><a href="http://engageidentity.com/" style="color:rgb(17,85,204)" target="_blank">http://engageidentity.com</a></div></div></div></div>
<br><div class="gmail_quote">On Tue, Jul 19, 2016 at 5:43 AM, Adrian Gropper <span dir="ltr"><<a href="mailto:agropper@healthurl.com" target="_blank">agropper@healthurl.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Debbie,<br><br></div><div>In case it's not on the HEART servers, I've put a copy of the NYP Authorization Form here: <a href="https://dl.dropboxusercontent.com/u/8909568/NYP%20authorization.pdf" target="_blank">https://dl.dropboxusercontent.com/u/8909568/NYP%20authorization.pdf</a><br></div><div><br></div>Mapping the NYP Authorization Form to actual UMA protocol is way above my pay grade. Here's as far as I get (inline):<br><div class="gmail_extra"><span><br>In the case of Alice authorizing Dr. Bob:</span><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><br></div><div><br></div><ul><li>Alice is the Resource Owner <b>[Yes. Notice that we have to handle the case where Alice has a Representative sign for her as at the bottom of the form]</b><br></li></ul></div></blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><ul><li>The requested resource set - is the protected resource. <b>[Someone else needs to propose the mapping to standards]</b> <br></li><span><ul><li>The resource set would need to have date range. </li><li>Form indicates that release of sensitive information is explicitly OPT-IN so a confidentiality code of V (very sensitive) would not release HIV-AIDS/Mental Health/Genetics/Substance Abuse unless explicitly asked for (as a scope?).</li></ul></span><li>Can the Authorization server sign the RPT(ROI) on behalf of Alice?<b> [Yes. That's the whole point of UMA and HEART as far as I can tell.]</b><br></li><li>Probably good hygiene to recommend that claims re: Bob's medical affiliation be recorded as part of the audit or consent receipt if unable to include as part of RPT process. <b>[Maybe but it seems peripheral.]</b><br></li></ul></div></blockquote><div>It's important to note that this form is labeled by NYP as an "authorization" and represents UMA Phase 2 where Dr. Bob is on the scene. Whoever proposes a mapping to standards needs to also deal with UMA Phase 1 where Alice or her representative tells NYP the address of her UMA Authorization Server. This happens before Bob is on the scene and is what I would call "consent".<br><br></div><div>For the purpose of HEART, could we call UMA Phase 1 consent and UMA Phase 2 authorization?<span><font color="#888888"><br></font></span></div><span><font color="#888888"><div><br></div><div>Adrian <br></div></font></span></div><br></div></div>
<br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br></blockquote></div><br></div>
</blockquote></div>
</div></div></blockquote></div><br></div>
<br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br></blockquote></div></div>