<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>I'm not saying it's unimportant, and I'm not arguing against
having a purpose of use mechanism, I'm arguing against where it
was stuck previously. I don't think we should include it until we
have decided exactly where it ought to go in the technical
architecture. I really don't think having it as an RqP claim
works, but defining something like a scope, or even an additional
(optional) parameter like the "aud" parameter might work.<br>
</p>
<p> -- Justin<br>
</p>
<br>
<div class="moz-cite-prefix">On 5/12/2017 4:19 AM, John Moehrke
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CACDGQjuMoH+sodf5BtYXcm=9BH9VOdjtiG9dHuOp-9X2mgmvsA@mail.gmail.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div dir="ltr">PurposeOfUse is indeed a critical aspect in
healthcare. It is the highest differentiation, higher than
user-role. It indicates the broader context that the data is to
be used within. For example a request for data in healthcare
often is onbehalf of a broader use: Treatment, Coverage,
Research, etc. It is not an attribute of the user, it is an
attribute of the request for information. It is not uncommon for
identity and context attributes to be conflated or simply
communicated in one token; however that does not mean they
really are the same, it just means that the environment has made
a simplifying assumption to combine for ease of technology. It
is most closely aligned with the broadest part of a OAuth scope.
So it should be included in the request for authorization
decision, and authorization token.</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">John Moehrke<br>
Principal Engineering Architect: Standards -
Interoperability, Privacy, and Security<br>
CyberPrivacy – Enabling authorized communications while
respecting Privacy<br>
M +1 920-564-2067<br>
<a href="mailto:JohnMoehrke@gmail.com" target="_blank"
moz-do-not-send="true">JohnMoehrke@gmail.com</a><br>
<a href="https://www.linkedin.com/in/johnmoehrke"
target="_blank" moz-do-not-send="true">https://www.linkedin.com/in/johnmoehrke</a><br>
<a href="https://healthcaresecprivacy.blogspot.com"
target="_blank" moz-do-not-send="true">https://healthcaresecprivacy.blogspot.com</a><br>
"Quis custodiet ipsos custodes?" ("Who watches the
watchers?")</div>
</div>
</div>
<br>
<div class="gmail_quote">On Thu, May 11, 2017 at 3:29 PM, Justin
Richer <span dir="ltr"><<a href="mailto:jricher@mit.edu"
target="_blank" moz-do-not-send="true">jricher@mit.edu</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word">The “pou” claim as it was
specified in HEART does not fit this use case, then, and
it’s appropriate that we removed it. This was a claim
presented by the requesting party’s identity provider, and
had nothing to do with the request being made by the
client itself. That’s why I argued it wasn’t a good fit
where it was. If we were to add it back in, it should go
elsewhere in the protocol.
<div><br>
</div>
<div> — Justin</div>
<div><br>
<div>
<div>
<blockquote type="cite"><span class="">
<div>On May 11, 2017, at 2:01 PM, Nancy Lush
<<a href="mailto:nlush@lgisoftware.com"
target="_blank" moz-do-not-send="true">nlush@lgisoftware.com</a>>
wrote:</div>
<br
class="m_7046718250433411500Apple-interchange-newline">
</span>
<div>
<div class="m_7046718250433411500WordSection1"
style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span
class="">
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span
style="font-size:12pt">Hello all,<span
class="m_7046718250433411500Apple-converted-space"> </span></span></div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span
style="font-size:12pt"> </span></div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span
style="font-size:12pt">Per our last
meeting, I agreed to provide more
information on the need for the pou
claim.</span></div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span
style="font-size:12pt"> </span></div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span
style="font-size:12pt">The claim pou was
recently removed from the HEART specs
and needs to be restored.</span></div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span
style="font-size:12pt"> </span></div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span
style="font-size:12pt">I spoke with
Duane Decouteau from the VA team and
provide the following details:</span></div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span
style="font-size:12pt"> </span></div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span
style="font-size:12pt">Purpose of use
drives policy in many electronic
exchanges today. The custodian
organization uses the claimed purpose of
use to interpret policy. For instance,
if the pou is ‘Treatment’ a complete
record might be provided, but if the pou
is ‘Coverage’ the policy may limit what
is sent. If the pou is ‘Research’ then
the custodian organization might need to
de-identify the data on the way out.</span></div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span
style="font-size:12pt"> </span></div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span
style="font-size:12pt">The pou is passed
as a claim within the request. It is a
determining factor in evaluating which
policies apply to a request. Pou is
implemented in ehealth exchange as an
underlying principal. Duane feels that
pou should be a cornerstone for patient
consent. It is fully implemented now in
ehealth exchange at the VA, Kaiser and
others.</span></div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span
style="font-size:12pt"> </span></div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span
style="font-size:12pt">The list of pou
values can be found at this link: <span
class="m_7046718250433411500Apple-converted-space"> </span><span
style="color:rgb(4,68,68)"><a
href="https://www.hl7.org/fhir/v3/PurposeOfUse/vs.html"
style="color:rgb(149,79,114);text-decoration:underline" target="_blank"
moz-do-not-send="true">https://www.hl7.org/<wbr>fhir/v3/PurposeOfUse/vs.html</a></span></span></div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span
style="font-size:12pt;color:rgb(4,68,68)"> </span></div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span
style="font-size:12pt;color:rgb(4,68,68)">Respectively,</span></div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span
style="font-size:12pt;color:rgb(4,68,68)">Nancy</span><span
style="font-size:12pt"></span></div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span
style="font-size:12pt;color:rgb(31,56,100)"> </span></div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span
style="font-size:12pt;color:rgb(31,56,100)"> </span></div>
</span>
<table
class="m_7046718250433411500MsoNormalTable"
style="border-collapse:collapse"
cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr style="height:1pt">
<td colspan="2"
style="width:256.7pt;padding:0in
5.75pt;height:1pt" valign="top"
width="342">
<div style="border-style:none none
solid;border-bottom-width:1.5pt;border-bottom-color:windowtext;padding:0in
0in 1pt">
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px;border:none;padding:0in"><span
style="font-size:8pt;line-height:12.266667366027832px;color:rgb(31,56,100)"> </span></div>
</div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span
style="font-size:8pt;line-height:12.266667366027832px;color:rgb(31,56,100)"> </span></div>
</td>
</tr>
<tr style="height:1pt">
<td style="width:1.45in;padding:0in
5.75pt;height:1pt" valign="top"
width="139">
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><b><span
style="font-size:10pt;line-height:15.333332061767578px;color:rgb(34,42,53)">Nancy
Lush </span></b><b><span
style="font-size:10pt;line-height:15.333332061767578px;color:rgb(34,42,53)"></span></b></div>
</td>
<td style="width:152.3pt;padding:0in
5.75pt;height:1pt" valign="top"
width="203">
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span
style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"><a
href="mailto:nancy.lush@lgisoftware.com"
style="color:rgb(149,79,114);text-decoration:underline"
target="_blank"
moz-do-not-send="true">nancy.lush@lgisoftware.com</a></span><span
style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"></span></div>
</td>
</tr>
<tr style="height:1pt">
<td style="width:1.45in;padding:0in
5.75pt;height:1pt" valign="top"
width="139">
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><b><span
style="font-size:10pt;line-height:15.333332061767578px;color:rgb(34,42,53)">Lush
Group, Inc</span></b></div>
</td>
<td style="width:152.3pt;padding:0in
5.75pt;height:1pt" valign="top"
width="203">
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span
style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)">Office:
<a href="tel:%28401%29%20423-9111"
value="+14014239111"
target="_blank"
moz-do-not-send="true">(401)
423-9111</a></span><span
style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"></span></div>
</td>
</tr>
<tr style="height:1pt">
<td style="width:1.45in;padding:0in
5.75pt;height:1pt" valign="top"
width="139">
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span
style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)">28
Narragansett Ave</span></div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span
style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)">PO
Box 651</span><span
style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"></span></div>
</td>
<td style="width:152.3pt;padding:0in
5.75pt;height:1pt" valign="top"
width="203">
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span
style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"><a
href="http://www.lgisoftware.com/"
style="color:rgb(149,79,114);text-decoration:underline"
target="_blank"
moz-do-not-send="true">www.lgisoftware.com</a></span><span
style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"></span></div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span
style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)">Cell:<a
href="tel:%28401%29%20965-9347"
value="+14019659347"
target="_blank"
moz-do-not-send="true">(401)
965-9347</a></span></div>
</td>
</tr>
<tr style="height:1pt">
<td style="width:1.45in;padding:0in
5.75pt;height:1pt" valign="top"
width="139">
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span
style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)">Jamestown,
RI 02835</span></div>
</td>
<td style="width:152.3pt;padding:0in
5.75pt;height:1pt" valign="top"
width="203"><br>
</td>
</tr>
<tr>
<td style="width:1.45in;padding:0in
5.75pt" valign="top" width="139"><br>
</td>
<td style="width:152.3pt;padding:0in
5.75pt" valign="top" width="203">
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span
style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"> </span></div>
</td>
</tr>
<tr>
<td colspan="2"
style="width:256.7pt;padding:0in
5.75pt" valign="top" width="342">
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif;line-height:16.866666793823242px"><span
style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"><span
id="m_7046718250433411500cid:image001.gif@01D2CA5E.B0BE16F0"><image001.gif></span></span><span
style="font-size:10pt;line-height:15.333332061767578px;color:rgb(31,56,100)"></span></div>
</td>
</tr>
<tr>
<td style="width:1.45in;padding:0in
5.75pt" valign="top" width="139"><br>
</td>
<td style="width:152.3pt;padding:0in
5.75pt" valign="top" width="203"><br>
</td>
</tr>
<tr>
<td style="width:1.45in;padding:0in
5.75pt" valign="top" width="139"><br>
</td>
<td style="width:152.3pt;padding:0in
5.75pt" valign="top" width="203"><br>
</td>
</tr>
<tr>
<td style="width:1.45in;padding:0in
5.75pt" valign="top" width="139"><br>
</td>
<td style="width:152.3pt;padding:0in
5.75pt" valign="top" width="203"><br>
</td>
</tr>
<tr>
<td style="width:1.45in;padding:0in
5.75pt" valign="top" width="139"><br>
</td>
<td style="width:152.3pt;padding:0in
5.75pt" valign="top" width="203"><br>
</td>
</tr>
<tr>
<td style="width:1.45in;padding:0in
5.75pt" valign="top" width="139"><br>
</td>
<td style="width:152.3pt;padding:0in
5.75pt" valign="top" width="203"><br>
</td>
</tr>
<tr>
<td style="width:1.45in;padding:0in
5.75pt" valign="top" width="139"><br>
</td>
<td style="width:152.3pt;padding:0in
5.75pt" valign="top" width="203"><br>
</td>
</tr>
<tr>
<td style="width:1.45in;padding:0in
5.75pt" valign="top" width="139"><br>
</td>
<td style="width:152.3pt;padding:0in
5.75pt" valign="top" width="203"><br>
</td>
</tr>
<tr>
<td style="width:1.45in;padding:0in
5.75pt" valign="top" width="139"><br>
</td>
<td style="width:152.3pt;padding:0in
5.75pt" valign="top" width="203"><br>
</td>
</tr>
<tr>
<td style="width:1.45in;padding:0in
5.75pt" valign="top" width="139"><br>
</td>
<td style="width:152.3pt;padding:0in
5.75pt" valign="top" width="203"><br>
</td>
</tr>
<tr>
<td style="width:1.45in;padding:0in
5.75pt" valign="top" width="139"><br>
</td>
<td style="width:152.3pt;padding:0in
5.75pt" valign="top" width="203"><br>
</td>
</tr>
<tr>
<td colspan="2"
style="width:256.7pt;padding:0in
5.75pt" valign="bottom" width="342"><br>
</td>
</tr>
</tbody>
</table>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span
style="color:rgb(31,56,100)"> </span></div>
<div style="margin:0in 0in
0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> </div>
</div>
<span
style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important">______________________________<wbr>_________________</span><br
style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">
<span
style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important">Openid-specs-heart
mailing list</span><br
style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">
<a
href="mailto:Openid-specs-heart@lists.openid.net"
style="color:rgb(149,79,114);text-decoration:underline;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"
target="_blank" moz-do-not-send="true">Openid-specs-heart@lists.<wbr>openid.net</a><br
style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">
<a
href="http://lists.openid.net/mailman/listinfo/openid-specs-heart"
style="color:rgb(149,79,114);text-decoration:underline;font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"
target="_blank" moz-do-not-send="true">http://lists.openid.net/<wbr>mailman/listinfo/openid-specs-<wbr>heart</a></div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net"
moz-do-not-send="true">Openid-specs-heart@lists.<wbr>openid.net</a><br>
<a
href="http://lists.openid.net/mailman/listinfo/openid-specs-heart"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.openid.net/<wbr>mailman/listinfo/openid-specs-<wbr>heart</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>