<div dir="ltr">PurposeOfUse is indeed a critical aspect in healthcare. It is the highest differentiation, higher than user-role. It indicates the broader context that the data is to be used within. For example a request for data in healthcare often is onbehalf of a broader use: Treatment, Coverage, Research, etc. It is not an attribute of the user, it is an attribute of the request for information. It is not uncommon for identity and context attributes to be conflated or simply communicated in one token; however that does not mean they really are the same, it just means that the environment has made a simplifying assumption to combine for ease of technology. It is most closely aligned with the broadest part of a OAuth scope. So it should be included in the request for authorization decision, and authorization token.</div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">John Moehrke<br>Principal Engineering Architect: Standards - Interoperability, Privacy, and Security<br>CyberPrivacy – Enabling authorized communications while respecting Privacy<br>M +1 920-564-2067<br><a href="mailto:JohnMoehrke@gmail.com" target="_blank">JohnMoehrke@gmail.com</a><br><a href="https://www.linkedin.com/in/johnmoehrke" target="_blank">https://www.linkedin.com/in/johnmoehrke</a><br><a href="https://healthcaresecprivacy.blogspot.com" target="_blank">https://healthcaresecprivacy.blogspot.com</a><br>"Quis custodiet ipsos custodes?" ("Who watches the watchers?")</div></div></div>
<br><div class="gmail_quote">On Thu, May 11, 2017 at 3:29 PM, Justin Richer <span dir="ltr"><<a href="mailto:jricher@mit.edu" target="_blank">jricher@mit.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">The “pou” claim as it was specified in HEART does not fit this use case, then, and it’s appropriate that we removed it. This was a claim presented by the requesting party’s identity provider, and had nothing to do with the request being made by the client itself. That’s why I argued it wasn’t a good fit where it was. If we were to add it back in, it should go elsewhere in the protocol.<div><br></div><div> — Justin</div><div><br><div><div><blockquote type="cite"><span class=""><div>On May 11, 2017, at 2:01 PM, Nancy Lush <<a href="mailto:nlush@lgisoftware.com" target="_blank">nlush@lgisoftware.com</a>> wrote:</div><br class="m_7046718250433411500Apple-interchange-newline"></span><div><div class="m_7046718250433411500WordSection1" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span class=""><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt">Hello all,<span class="m_7046718250433411500Apple-converted-space"> </span><u></u><u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt"><u></u> <u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt">Per our last meeting, I agreed to provide more information on the need for the pou claim.<u></u><u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt"><u></u> <u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt">The claim pou was recently removed from the HEART specs and needs to be restored.<u></u><u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt"><u></u> <u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt">I spoke with Duane Decouteau from the VA team and provide the following details:<u></u><u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt"><u></u> <u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt">Purpose of use drives policy in many electronic exchanges today. The custodian organization uses the claimed purpose of use to interpret policy. For instance, if the pou is ‘Treatment’ a complete record might be provided, but if the pou is ‘Coverage’ the policy may limit what is sent. If the pou is ‘Research’ then the custodian organization might need to de-identify the data on the way out.<u></u><u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt"><u></u> <u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt">The pou is passed as a claim within the request. It is a determining factor in evaluating which policies apply to a request. Pou is implemented in ehealth exchange as an underlying principal. Duane feels that pou should be a cornerstone for patient consent. It is fully implemented now in ehealth exchange at the VA, Kaiser and others.<u></u><u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt"><u></u> <u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt">The list of pou values can be found at this link: <span class="m_7046718250433411500Apple-converted-space"> </span><span style="color:rgb(4,68,68)"><a href="https://www.hl7.org/fhir/v3/PurposeOfUse/vs.html" style="color:rgb(149,79,114);text-decoration:underline" target="_blank">https://www.hl7.org/<wbr>fhir/v3/PurposeOfUse/vs.html</a><u></u><u></u></span></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt;color:rgb(4,68,68)"><u></u> <u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt;color:rgb(4,68,68)">Respectively,<u></u><u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt;color:rgb(4,68,68)">Nancy</span><span style="font-size:12pt"><u></u><u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt;color:rgb(31,56,100)"><u></u> <u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt;color:rgb(31,56,100)"><u></u> <u></u></span></div></span><table class="m_7046718250433411500MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse"><tbody><tr style="height:1pt"><td width="342" colspan="2" valign="top" style="width:256.7pt;padding:0in 5.75pt;height:1pt"><div style="border-style:none none solid;border-bottom-width:1.5pt;border-bottom-color:windowtext;padding:0in 0in 1pt"><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px;border:none;padding:0in"><span style="font-size:8pt;line-height:12.266667366027832px;color:rgb(31,56,100)"><u></u> <u></u></span></div></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span style="font-size:8pt;line-height:12.266667366027832px;color:rgb(31,56,100)"><u></u> <u></u></span></div></td></tr><tr style="height:1pt"><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt;height:1pt"><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><b><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(34,42,53)">Nancy Lush </span></b><b><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(34,42,53)"><u></u><u></u></span></b></div></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt;height:1pt"><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"><a href="mailto:nancy.lush@lgisoftware.com" style="color:rgb(149,79,114);text-decoration:underline" target="_blank">nancy.lush@lgisoftware.com</a></span><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"><u></u><u></u></span></div></td></tr><tr style="height:1pt"><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt;height:1pt"><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><b><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(34,42,53)">Lush Group, Inc<u></u><u></u></span></b></div></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt;height:1pt"><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)">Office: <a href="tel:(401)%20423-9111" value="+14014239111" target="_blank">(401) 423-9111</a></span><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"><u></u><u></u></span></div></td></tr><tr style="height:1pt"><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt;height:1pt"><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)">28 Narragansett Ave<u></u><u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)">PO Box 651</span><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"><u></u><u></u></span></div></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt;height:1pt"><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"><a href="http://www.lgisoftware.com/" style="color:rgb(149,79,114);text-decoration:underline" target="_blank">www.lgisoftware.com</a></span><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"><u></u><u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)">Cell:<a href="tel:(401)%20965-9347" value="+14019659347" target="_blank">(401) 965-9347</a><u></u><u></u></span></div></td></tr><tr style="height:1pt"><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt;height:1pt"><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)">Jamestown, RI 02835<u></u><u></u></span></div></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt;height:1pt"></td></tr><tr><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt"></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt"><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"><u></u> <u></u></span></div></td></tr><tr><td width="342" colspan="2" valign="top" style="width:256.7pt;padding:0in 5.75pt"><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"><span id="m_7046718250433411500cid:image001.gif@01D2CA5E.B0BE16F0"><image001.gif></span></span><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"><u></u><u></u></span></div></td></tr><tr><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt"></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt"></td></tr><tr><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt"></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt"></td></tr><tr><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt"></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt"></td></tr><tr><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt"></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt"></td></tr><tr><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt"></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt"></td></tr><tr><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt"></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt"></td></tr><tr><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt"></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt"></td></tr><tr><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt"></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt"></td></tr><tr><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt"></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt"></td></tr><tr><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt"></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt"></td></tr><tr><td width="342" colspan="2" valign="bottom" style="width:256.7pt;padding:0in 5.75pt"></td></tr></tbody></table><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="color:rgb(31,56,100)"><u></u> <u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></div></div><span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important">______________________________<wbr>_________________</span><br style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important">Openid-specs-heart mailing list</span><br style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><a href="mailto:Openid-specs-heart@lists.openid.net" style="color:rgb(149,79,114);text-decoration:underline;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank">Openid-specs-heart@lists.<wbr>openid.net</a><br style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" style="color:rgb(149,79,114);text-decoration:underline;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank">http://lists.openid.net/<wbr>mailman/listinfo/openid-specs-<wbr>heart</a></div></blockquote></div><br></div></div></div><br>______________________________<wbr>_________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.<wbr>openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/<wbr>mailman/listinfo/openid-specs-<wbr>heart</a><br>
<br></blockquote></div><br></div>