<div dir="ltr">I tend to agree with Aaron and Justin. POU _reduces_ the agency of the patient and will therefore add both complexity and reduce the scalability of the protocol. <div><br></div><div>Adrian</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, May 12, 2017 at 9:23 AM, Justin Richer <span dir="ltr"><<a href="mailto:jricher@mit.edu" target="_blank">jricher@mit.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>I'm not saying it's unimportant, and I'm not arguing against
having a purpose of use mechanism, I'm arguing against where it
was stuck previously. I don't think we should include it until we
have decided exactly where it ought to go in the technical
architecture. I really don't think having it as an RqP claim
works, but defining something like a scope, or even an additional
(optional) parameter like the "aud" parameter might work.<span class="HOEnZb"><font color="#888888"><br>
</font></span></p><span class="HOEnZb"><font color="#888888">
<p> -- Justin<br>
</p></font></span><div><div class="h5">
<br>
<div class="m_4883584326862685371moz-cite-prefix">On 5/12/2017 4:19 AM, John Moehrke
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">PurposeOfUse is indeed a critical aspect in
healthcare. It is the highest differentiation, higher than
user-role. It indicates the broader context that the data is to
be used within. For example a request for data in healthcare
often is onbehalf of a broader use: Treatment, Coverage,
Research, etc. It is not an attribute of the user, it is an
attribute of the request for information. It is not uncommon for
identity and context attributes to be conflated or simply
communicated in one token; however that does not mean they
really are the same, it just means that the environment has made
a simplifying assumption to combine for ease of technology. It
is most closely aligned with the broadest part of a OAuth scope.
So it should be included in the request for authorization
decision, and authorization token.</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="m_4883584326862685371gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">John Moehrke<br>
Principal Engineering Architect: Standards -
Interoperability, Privacy, and Security<br>
CyberPrivacy – Enabling authorized communications while
respecting Privacy<br>
M <a href="tel:(920)%20564-2067" value="+19205642067" target="_blank">+1 920-564-2067</a><br>
<a href="mailto:JohnMoehrke@gmail.com" target="_blank">JohnMoehrke@gmail.com</a><br>
<a href="https://www.linkedin.com/in/johnmoehrke" target="_blank">https://www.linkedin.com/in/<wbr>johnmoehrke</a><br>
<a href="https://healthcaresecprivacy.blogspot.com" target="_blank">https://healthcaresecprivacy.<wbr>blogspot.com</a><br>
"Quis custodiet ipsos custodes?" ("Who watches the
watchers?")</div>
</div>
</div>
<br>
<div class="gmail_quote">On Thu, May 11, 2017 at 3:29 PM, Justin
Richer <span dir="ltr"><<a href="mailto:jricher@mit.edu" target="_blank">jricher@mit.edu</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word">The “pou” claim as it was
specified in HEART does not fit this use case, then, and
it’s appropriate that we removed it. This was a claim
presented by the requesting party’s identity provider, and
had nothing to do with the request being made by the
client itself. That’s why I argued it wasn’t a good fit
where it was. If we were to add it back in, it should go
elsewhere in the protocol.
<div><br>
</div>
<div> — Justin</div>
<div><br>
<div>
<div>
<blockquote type="cite"><span>
<div>On May 11, 2017, at 2:01 PM, Nancy Lush
<<a href="mailto:nlush@lgisoftware.com" target="_blank">nlush@lgisoftware.com</a>>
wrote:</div>
<br class="m_4883584326862685371m_7046718250433411500Apple-interchange-newline">
</span>
<div>
<div class="m_4883584326862685371m_7046718250433411500WordSection1" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span>
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt">Hello all,<span class="m_4883584326862685371m_7046718250433411500Apple-converted-space"> </span></span></div>
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt"> </span></div>
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt">Per our last
meeting, I agreed to provide more
information on the need for the pou
claim.</span></div>
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt"> </span></div>
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt">The claim pou was
recently removed from the HEART specs
and needs to be restored.</span></div>
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt"> </span></div>
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt">I spoke with
Duane Decouteau from the VA team and
provide the following details:</span></div>
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt"> </span></div>
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt">Purpose of use
drives policy in many electronic
exchanges today. The custodian
organization uses the claimed purpose of
use to interpret policy. For instance,
if the pou is ‘Treatment’ a complete
record might be provided, but if the pou
is ‘Coverage’ the policy may limit what
is sent. If the pou is ‘Research’ then
the custodian organization might need to
de-identify the data on the way out.</span></div>
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt"> </span></div>
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt">The pou is passed
as a claim within the request. It is a
determining factor in evaluating which
policies apply to a request. Pou is
implemented in ehealth exchange as an
underlying principal. Duane feels that
pou should be a cornerstone for patient
consent. It is fully implemented now in
ehealth exchange at the VA, Kaiser and
others.</span></div>
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt"> </span></div>
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt">The list of pou
values can be found at this link: <span class="m_4883584326862685371m_7046718250433411500Apple-converted-space"> </span><span style="color:rgb(4,68,68)"><a href="https://www.hl7.org/fhir/v3/PurposeOfUse/vs.html" style="color:rgb(149,79,114);text-decoration:underline" target="_blank">https://www.hl7.org/fh<wbr>ir/v3/PurposeOfUse/vs.html</a></span></span></div>
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt;color:rgb(4,68,68)"> </span></div>
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt;color:rgb(4,68,68)">Respectively,</span></div>
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt;color:rgb(4,68,68)">Nancy</span><span style="font-size:12pt"></span></div>
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt;color:rgb(31,56,100)"> </span></div>
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:12pt;color:rgb(31,56,100)"> </span></div>
</span>
<table class="m_4883584326862685371m_7046718250433411500MsoNormalTable" style="border-collapse:collapse" cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr style="height:1pt">
<td colspan="2" style="width:256.7pt;padding:0in 5.75pt;height:1pt" valign="top" width="342">
<div style="border-style:none none solid;border-bottom-width:1.5pt;border-bottom-color:windowtext;padding:0in 0in 1pt">
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px;border:none;padding:0in"><span style="font-size:8pt;line-height:12.266667366027832px;color:rgb(31,56,100)"> </span></div>
</div>
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span style="font-size:8pt;line-height:12.266667366027832px;color:rgb(31,56,100)"> </span></div>
</td>
</tr>
<tr style="height:1pt">
<td style="width:1.45in;padding:0in 5.75pt;height:1pt" valign="top" width="139">
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><b><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(34,42,53)">Nancy
Lush </span></b><b><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(34,42,53)"></span></b></div>
</td>
<td style="width:152.3pt;padding:0in 5.75pt;height:1pt" valign="top" width="203">
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"><a href="mailto:nancy.lush@lgisoftware.com" style="color:rgb(149,79,114);text-decoration:underline" target="_blank">nancy.lush@lgisoftware.com</a></span><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"></span></div>
</td>
</tr>
<tr style="height:1pt">
<td style="width:1.45in;padding:0in 5.75pt;height:1pt" valign="top" width="139">
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><b><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(34,42,53)">Lush
Group, Inc</span></b></div>
</td>
<td style="width:152.3pt;padding:0in 5.75pt;height:1pt" valign="top" width="203">
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)">Office:
<a href="tel:%28401%29%20423-9111" value="+14014239111" target="_blank">(401)
423-9111</a></span><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"></span></div>
</td>
</tr>
<tr style="height:1pt">
<td style="width:1.45in;padding:0in 5.75pt;height:1pt" valign="top" width="139">
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)">28
Narragansett Ave</span></div>
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)">PO
Box 651</span><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"></span></div>
</td>
<td style="width:152.3pt;padding:0in 5.75pt;height:1pt" valign="top" width="203">
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"><a href="http://www.lgisoftware.com/" style="color:rgb(149,79,114);text-decoration:underline" target="_blank">www.lgisoftware.com</a></span><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"></span></div>
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)">Cell:<a href="tel:%28401%29%20965-9347" value="+14019659347" target="_blank">(401)
965-9347</a></span></div>
</td>
</tr>
<tr style="height:1pt">
<td style="width:1.45in;padding:0in 5.75pt;height:1pt" valign="top" width="139">
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)">Jamestown,
RI 02835</span></div>
</td>
<td style="width:152.3pt;padding:0in 5.75pt;height:1pt" valign="top" width="203"><br>
</td>
</tr>
<tr>
<td style="width:1.45in;padding:0in 5.75pt" valign="top" width="139"><br>
</td>
<td style="width:152.3pt;padding:0in 5.75pt" valign="top" width="203">
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"> </span></div>
</td>
</tr>
<tr>
<td colspan="2" style="width:256.7pt;padding:0in 5.75pt" valign="top" width="342">
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"><span id="m_4883584326862685371m_7046718250433411500cid:image001.gif@01D2CA5E.B0BE16F0"><image001.gif></span></span><span style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"></span></div>
</td>
</tr>
<tr>
<td style="width:1.45in;padding:0in 5.75pt" valign="top" width="139"><br>
</td>
<td style="width:152.3pt;padding:0in 5.75pt" valign="top" width="203"><br>
</td>
</tr>
<tr>
<td style="width:1.45in;padding:0in 5.75pt" valign="top" width="139"><br>
</td>
<td style="width:152.3pt;padding:0in 5.75pt" valign="top" width="203"><br>
</td>
</tr>
<tr>
<td style="width:1.45in;padding:0in 5.75pt" valign="top" width="139"><br>
</td>
<td style="width:152.3pt;padding:0in 5.75pt" valign="top" width="203"><br>
</td>
</tr>
<tr>
<td style="width:1.45in;padding:0in 5.75pt" valign="top" width="139"><br>
</td>
<td style="width:152.3pt;padding:0in 5.75pt" valign="top" width="203"><br>
</td>
</tr>
<tr>
<td style="width:1.45in;padding:0in 5.75pt" valign="top" width="139"><br>
</td>
<td style="width:152.3pt;padding:0in 5.75pt" valign="top" width="203"><br>
</td>
</tr>
<tr>
<td style="width:1.45in;padding:0in 5.75pt" valign="top" width="139"><br>
</td>
<td style="width:152.3pt;padding:0in 5.75pt" valign="top" width="203"><br>
</td>
</tr>
<tr>
<td style="width:1.45in;padding:0in 5.75pt" valign="top" width="139"><br>
</td>
<td style="width:152.3pt;padding:0in 5.75pt" valign="top" width="203"><br>
</td>
</tr>
<tr>
<td style="width:1.45in;padding:0in 5.75pt" valign="top" width="139"><br>
</td>
<td style="width:152.3pt;padding:0in 5.75pt" valign="top" width="203"><br>
</td>
</tr>
<tr>
<td style="width:1.45in;padding:0in 5.75pt" valign="top" width="139"><br>
</td>
<td style="width:152.3pt;padding:0in 5.75pt" valign="top" width="203"><br>
</td>
</tr>
<tr>
<td style="width:1.45in;padding:0in 5.75pt" valign="top" width="139"><br>
</td>
<td style="width:152.3pt;padding:0in 5.75pt" valign="top" width="203"><br>
</td>
</tr>
<tr>
<td colspan="2" style="width:256.7pt;padding:0in 5.75pt" valign="bottom" width="342"><br>
</td>
</tr>
</tbody>
</table>
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="color:rgb(31,56,100)"> </span></div>
<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> </div>
</div>
<span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important">______________________________<wbr>_________________</span><br style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">
<span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important">Openid-specs-heart
mailing list</span><br style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">
<a href="mailto:Openid-specs-heart@lists.openid.net" style="color:rgb(149,79,114);text-decoration:underline;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank">Openid-specs-heart@lists.openi<wbr>d.net</a><br style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" style="color:rgb(149,79,114);text-decoration:underline;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank">http://lists.openid.net/mailma<wbr>n/listinfo/openid-specs-heart</a></div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.openi<wbr>d.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/mailma<wbr>n/listinfo/openid-specs-heart</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div></div></div>
<br>______________________________<wbr>_________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.<wbr>openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/<wbr>mailman/listinfo/openid-specs-<wbr>heart</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><br><div dir="ltr">Adrian Gropper MD<span style="font-size:11pt"></span><br><br><span style="font-family:"Arial",sans-serif;color:#1f497d">PROTECT YOUR FUTURE - RESTORE Health Privacy!</span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>HELP us fight for the right to control personal health data.</span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br></span></div></div></div></div></div></div></div>
</div>