<div dir="ltr">Below:<div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">
<p><b>Eve Maler<br></b>ForgeRock Office of the CTO | VP Innovation & Emerging Technology<br>Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl<br><b>ForgeRock Summits and UnSummits</b> <a href="http://summits.forgerock.com/" target="_blank">are coming to</a> <b>Sydney, London, and Paris!</b></p></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Wed, Jul 27, 2016 at 9:49 AM, Salyards, Kenneth (SAMHSA/OPPI) <span dir="ltr"><<a href="mailto:Kenneth.Salyards@samhsa.hhs.gov" target="_blank">Kenneth.Salyards@samhsa.hhs.gov</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<div lang="EN-US">
<div>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">See my thoughts below:<u></u><u></u></span></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="gmail-MsoNormal"><b><span style="font-size:10pt;font-family:tahoma,sans-serif">From:</span></b><span style="font-size:10pt;font-family:tahoma,sans-serif"> Openid-specs-heart [mailto:<a href="mailto:openid-specs-heart-bounces@lists.openid.net" target="_blank">openid-specs-heart-bounces@lists.openid.net</a>]
<b>On Behalf Of </b>Eve Maler<br>
<b>Sent:</b> Wednesday, July 27, 2016 12:25 PM<br>
<b>To:</b> John Moehrke<br>
<b>Cc:</b> HEART List<br>
<b>Subject:</b> Re: [Openid-specs-heart] Resources vs Resource sets<u></u><u></u></span></p>
<p class="gmail-MsoNormal"><u></u> <u></u></p>
<div><span class="gmail-">
<p class="gmail-MsoNormal">Eliding older parts of this thread:<u></u><u></u></p>
<div>
<p class="gmail-MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="gmail-MsoNormal">If I understand right:<u></u><u></u></p>
</div>
</span><div><span class="gmail-">
<ul type="disc">
<li class="gmail-MsoNormal">
Confidentiality codes are not deterministically applicable to FHIR resources.<u></u><u></u></li></ul>
</span><p style="margin-left:1.5in">
<u></u><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"><span>-<span style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"times new roman"">
</span></span></span><u></u><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">They are applicable to any data container - Ken</span></p></div></div></div></div></blockquote><div><br></div><div>By "not deterministically", I mean "they are applicable and valuable, but not in a deterministic fashion". Guess I should have broken that out into two bullets! </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div lang="EN-US"><div><div><div><p style="margin-left:1.5in"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"><u></u><u></u></span></p><span class="gmail-">
<ul type="disc">
<li class="gmail-MsoNormal">
Patients are not trustworthy for applying confidentiality codes to FHIR resources because they could get them wrong.<u></u><u></u></li></ul>
</span><p style="margin-left:1.5in">
<u></u><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"><span>-<span style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"times new roman"">
</span></span></span><u></u><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">I agree. Patients define their policy. It is an enforcement engine (AP/RS) that is responsible for applying policy correctly.</span></p></div></div></div></div></blockquote><div>I think it's a bit more subtle than that, if I understand confidentiality codes correctly. The codes are part of a system of regulatory markers about data protection. By contrast, patient-created policies are about their wishes for sharing, which they may create taking into account such codes, but which they may also create without respect to the codes. On the other hand, FHIR servers/UMA resource servers will probably have to care a great deal about those codes in handling and releasing FHIR resources/UMA resource sets, even to the point, possibly, of sometimes "exercising UMA's Adrian clause" and giving less access than instructed.</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div lang="EN-US"><div><div><div><p style="margin-left:1.5in"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"><u></u><u></u></span></p>
<ul type="disc">
<li class="gmail-MsoNormal">
FHIR API servers <span style="color:rgb(31,73,125)">(UMA RS) </span>are trustworthy to be authoritative for applying confidentiality codes to FHIR resources.<u></u><u></u></li></ul>
<p style="margin-left:1.5in">
<u></u><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"><span>-<span style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"times new roman"">
</span></span></span><u></u><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">yes<u></u><u></u></span></p>
<ul type="disc">
<li class="gmail-MsoNormal">
Therefore:<u></u><u></u></li></ul>
<ul type="disc">
<ul type="circle">
<li class="gmail-MsoNormal">
We posit that it makes sense for FHIR API servers as UMA resource servers to apply confidentiality codes to FHIR resources during the process of UMA resource set registration at UMA authorization servers.<span style="color:rgb(31,73,125)"> – does this mean at the
point of sharing? </span><font color="#cc0000">No, at the point of "putting the resources under central protection" so that Alice can set policy on them. See below for a 50,000 foot take.</font><u></u></li><li class="gmail-MsoNormal">
We think UMA authorization servers could use this extra confidentiality code information to help patients as UMA resource owners to set sharing policy in a convenient fashion. (Concrete examples here would be good!)<span style="color:rgb(31,73,125)"> – I think this
is reverse to how it would work</span><u></u><u></u></li><li class="gmail-MsoNormal">
It's an open question where extending the UMA resource set registration messaging flow is an in-scope activity that we in HEART should be taking on.<span style="color:rgb(31,73,125)"> – I think it would be in-scope for without this the process would be incomplete</span></li></ul></ul></div></div></div></div></blockquote><div><br></div><div>The biggest question, then, is: What are the actual use cases for the RS to inform the AS about confidentiality codes at all? I can think of these two:</div><div><ul><li>Providing the patient/UMA resource owner with clever criteria on which to base the creation of her sharing policies. This actually sounds like a fairly weak reason to me.</li><li>Providing the UMA authorization server with something it can put into audit logs/consent receipts that is an official statement about regulatory confidentiality level of the resource. More plausible, but would require profiling an extension to UMA that doesn't yet exist to be able to achieve it.</li></ul></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div lang="EN-US"><div><div><div><ul type="disc"><ul type="circle"><li class="gmail-MsoNormal"><u></u><u></u></li></ul>
</ul>
</div><div><div class="gmail-h5">
<div>
<p class="gmail-MsoNormal">If we conclude for the last bullet that it's not in scope for HEART, by the way, it's still entirely possible for an extension to be written and for a community to get implementation experience with it. And then HEART could consider adding
that spec to its charter at some appropriate time.<u></u><u></u></p>
</div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p><b>Eve Maler<br>
</b>ForgeRock Office of the CTO | VP Innovation & Emerging Technology<br>
Cell <a href="tel:%2B1%20425.345.6756" value="+14253456756" target="_blank">+1 425.345.6756</a> | Skype: xmlgrrl | Twitter: @xmlgrrl<br>
<b>ForgeRock Summits and UnSummits</b> <a href="http://summits.forgerock.com/" target="_blank">
are coming to</a> <b>Sydney, London, and Paris!</b><u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="gmail-MsoNormal"><u></u> <u></u></p>
<div>
<p class="gmail-MsoNormal">On Wed, Jul 27, 2016 at 8:51 AM, John Moehrke <<a href="mailto:johnmoehrke@gmail.com" target="_blank">johnmoehrke@gmail.com</a>> wrote:<u></u><u></u></p>
<p>Hi Aaron<u></u><u></u></p>
<p>I think you need something in the "beyond" category. Confidentiality is rather blunt.<u></u><u></u></p>
<p>In the beyond category we could have dynamically created scopes. Scopes that could be invented on your RS, communicated to the UMA authority to be used in authorization statements. In this way the patient could be creative to create scopes as complex as
they want, tagging their controlled PHR data how they want. This could be many scopes that overlap as desired by the patient. This kind of tag would be a security "compartment" kind of tag. (Somewhat like a http RESTful compartment).<u></u><u></u></p>
<p>Note that in this solution I am still putting the responsibility of tagging in the RS, and relying on RS magic. It is simply more dynamic. This dynamic function is hard. Lets walk first.<u></u><u></u></p>
<p><span style="color:rgb(136,136,136)">John<u></u><u></u></span></p>
<div>
<div>
<div>
<p class="gmail-MsoNormal"><u></u> <u></u></p>
<div>
<p class="gmail-MsoNormal">On Jul 27, 2016 10:28 AM, "Aaron Seib" <<a href="mailto:aaron.seib@nate-trust.org" target="_blank">aaron.seib@nate-trust.org</a>> wrote:<u></u><u></u></p>
<div>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">Thank you John.</span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">I am still a little dull in the drawer with the broken knives but I think I get it now.
</span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">Before I trick myself into thinking I got it let me ask a question that goes one layer deeper (I
am actually working on using this today for an Autism Pilot so bear with me if I am being selfish with the Task Force’s time) .</span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">The very narrow use case that I am dealing with is the sharing of data between a consumer and a research
registry. For context – we are making a consumer controlled PHI aggregator app available for free to participants in the project (family caregiver(s), the proband and their siblings). We are striving to make it easy for the family to gather their EHR data
(today all we can support is Upload of a CDA and Transport via direct). They are free to do with it what they will. If they choose to do so they can mark the data as okay to share with researchers.
</span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">When I look at the classification codes I am trying to deduce what codes I would use to convey that.
In other words, if all their data was initially tagged as “V” and via the UI they could change it to “N” we could constrain what is shared with the research registry to only be that data that has a confidentiality code marked with an “N”. But that seems sort
of a strained use so I am wondering if there is some other standard that would make more sense in that kind of scenario.</span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">Again, I want to be aligned with the standard but not sure how best to do so. Worse, I may be trying
to use the wrong standard and there is a better one to use. Or I am putting too much thought into it and a binary value is sufficient for this use case?</span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">Aaron Seib, CEO</span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">@CaptBlueButton
</span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"> (o)
<a href="tel:301-540-2311" target="_blank">301-540-2311</a></span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">(m)
<a href="tel:301-326-6843" target="_blank">301-326-6843</a></span><u></u><u></u></p>
<p class="gmail-MsoNormal"><a href="http://nate-trust.org" target="_blank"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125);text-decoration:none"><img border="0" width="205" height="48" src="cid:image001.jpg@01D1E804.BA118A80"></span></a><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="gmail-MsoNormal"><b><span style="font-size:10pt;font-family:tahoma,sans-serif">From:</span></b><span style="font-size:10pt;font-family:tahoma,sans-serif"> John Moehrke [mailto:<a href="mailto:johnmoehrke@gmail.com" target="_blank">johnmoehrke@gmail.com</a>]
<br>
<b>Sent:</b> Wednesday, July 27, 2016 10:50 AM<br>
<b>To:</b> Aaron Seib<br>
<b>Cc:</b> HEART List; Nancy Lush<br>
<b>Subject:</b> RE: [Openid-specs-heart] Resources vs Resource sets</span><u></u><u></u></p>
<p class="gmail-MsoNormal"> <u></u><u></u></p>
<p>Yes it is a big knife today. The codes are based on privacy harm evaluation. They are not specific to CE to CE; although that is the most use. Yes all sensitive topics go into R. So yes you can't use this system more finegrain.
<u></u><u></u></p>
<p>We can get this start.... And improve later... <u></u><u></u></p>
<p>Later we can add sensitivity tags. Or compartment tags. Or....<u></u><u></u></p>
<p>John<u></u><u></u></p>
<div>
<p class="gmail-MsoNormal"> <u></u><u></u></p>
<div>
<p class="gmail-MsoNormal">On Jul 27, 2016 9:20 AM, "Aaron Seib" <<a href="mailto:aaron.seib@nate-trust.org" target="_blank">aaron.seib@nate-trust.org</a>> wrote:<u></u><u></u></p>
<div>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">John
</span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">I follow you now and I think Mr. Lush’s suggestion would be fruitful and help clarify some of the
things I am struggling with at this current point in time.</span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">“The point is to draw a line and declare the side of the line you are going to solve.” I think that
you’ve diagnosed my confusion precisely. I’d like to clearly understand what Consumer Directed means in the context of HEART specifically with regards to the use of confidentiality codes.
</span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">Just to be explicit - as I may be off the rails in my understanding already – where we make reference
to confidentiality codes I am assuming we are referring to </span><a href="http://hl7-fhir.github.io/v3/ConfidentialityClassification/vs.html" target="_blank">http://hl7-fhir.github.io/v3/ConfidentialityClassification/vs.html</a> <u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">Is that a bad inference? My read of the description of these codes seems to indicate that they were
devised in relation to the exchange between Covered Entities, right? </span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">I am assuming that on the RS side these codes would be applied based on policy interpretation of
the Covered Entity and what we’ve been talking about is that for consumer directed exchange it is the consumer who would define a rule that said in effect When sharing my PHI with recipient X – the disclosing system can share anything that has a classification
code assigned by the CE in (U, L, M, N) but not in (R, V). When sharing with my PCP or consumer app you can share anything that has a classification in (U, L, M, N, R, V).</span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">I feel like that is a sophomoric understanding but I hope putting it out their as what I am able
to understand at this point might be helpful to improving everyone’s understanding.</span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">An example of where I get confused is when there is a reference to Alice not wanting to share her
HIV related PHI. I don’t follow how this approach would get to that level of granularity as the classification system doesn’t differentiate between V’s that are classified that way because it is related to HIV versus other V’s that are classified that way
because it relates to domestic violence, for example.</span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">I am not the sharpest knife in the drawer but I really share this in the hopes that it will be helpful
in getting clarity around the discussion for others in the same boat as me. </span>
<u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">Thank you for your patients.</span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">Aaron</span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></p>
<div>
<div>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">Aaron Seib, CEO</span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">@CaptBlueButton
</span><u></u><u></u></p>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)"> (o)
<a href="tel:301-540-2311" target="_blank">301-540-2311</a></span><u></u><u></u></p>
</div>
<p class="gmail-MsoNormal"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125)">(m)
<a href="tel:301-326-6843" target="_blank">301-326-6843</a></span><u></u><u></u></p>
<p class="gmail-MsoNormal"><a href="http://nate-trust.org" target="_blank"><span style="font-size:11pt;font-family:calibri,sans-serif;color:rgb(31,73,125);text-decoration:none"><img border="0" width="205" height="48" src="cid:image001.jpg@01D1E804.BA118A80"></span></a><u></u><u></u></p>
</div>
<p class="gmail-MsoNormal"><u></u> <u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="gmail-MsoNormal"><u></u> <u></u></p>
</div>
</div></div></div>
</div>
</div>
</blockquote></div><br></div></div>