Debbie,<div><br></div><div>Thanks for giving me another opportunity to explain what's at stake for all of us.</div><div><br></div><div>As far as the substantive point of this interchange, it doesn't matter if only 5% or 10% of the AS are independent - it will be enough to make every authorization service patient-centered and make transparency and longitudinal health records the norm for all of us.</div><div><br></div><div>I don't understand why any AS operated by an RS matters in the HEART context. It's entirely captive and not an interoperability issue. The only AS that matters to HEART is the one a patient has a choice over.</div><div><br></div><div>Adrian</div><div><br>On Sunday, July 31, 2016, Debbie Bucci <<a href="mailto:debbucci@gmail.com">debbucci@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div dir="ltr"><div><font size="2"><br></font></div></div><div dir="ltr">Adrian - <br><br>My sincere apologies if I offended you. I just voiced a personal opinion. That was not the point of the paragraph though - I failed to state the point I was trying to make - sorry to send you off on a tangent. <br><br></div><div>Totally agree with the following statement.<br></div><div dir="ltr"><br><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2">The degree to which HEART chooses to profile particular subsets of FHIR has nothing to do with whether a person chooses to outsource his / her authorization server. It simply has to do with the person's user experience in setting policies that HIPAA-covered-entities and FTC-covered-entities and 42-CFR-covered-entities as resource servers will need to follow. In some cases, the resource servers will voluntarily take advantage of the FHIR standard while in others it will not apply at all. <br></font></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><br></font>I do not see the rise of totally independent AS. I see it more as a federate authorization model
(kind of what MIT is thinking about with Datahub - DUMA - PDS). All RS
will have their own AS processes to deal with - even if trusted, most
likely the sharing preference/consent/ROI would be replicated to the RA
AS to manage ongoing requests. <br></p><span><font color="#888888"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><br></p></font></span><br></div></div></div></div>
</blockquote></div>