<div dir="ltr">I am okay with your interpretation of B, C, and A... BUT my point is more that there simply has not yet been enough time for us to know if will succeed or not. <div><br></div><div>I also agree with Nuno, that until FHIR matures there should be no expectation that HEART will even start to be born. Yes, there is some deployment of DSTU2, but it is very experimental (as it should be since it is not normative). Further emphasis that these implementations are on DSTU2, even though STU3 has released a year ago. Thus should we state that FHIR is a failure given that STU3 has not been adopted?</div><div><br></div><div>So, overall vote is.... give it some time...</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">John Moehrke<br>Principal Engineering Architect: Standards - Interoperability, Privacy, and Security<br>CyberPrivacy – Enabling authorized communications while respecting Privacy<br>M +1 920-564-2067<br><a href="mailto:JohnMoehrke@gmail.com" target="_blank">JohnMoehrke@gmail.com</a><br><a href="https://www.linkedin.com/in/johnmoehrke" target="_blank">https://www.linkedin.com/in/johnmoehrke</a><br><a href="https://healthcaresecprivacy.blogspot.com" target="_blank">https://healthcaresecprivacy.blogspot.com</a><br>"Quis custodiet ipsos custodes?" ("Who watches the watchers?")</div></div></div>
<br><div class="gmail_quote">On Wed, Nov 1, 2017 at 11:11 AM, Adrian Gropper <span dir="ltr"><<a href="mailto:agropper@healthurl.com" target="_blank">agropper@healthurl.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div dir="auto">John,</div><div dir="auto"><br></div><div dir="auto">It’s interesting to read your perspective on the same day as the Senate information blocking hearing: <a href="https://www.politico.com/tipsheets/morning-ehealth/2017/11/01/analysis-of-helps-health-it-hearing-223116" target="_blank">https://www.politico.<wbr>com/tipsheets/morning-ehealth/<wbr>2017/11/01/analysis-of-helps-<wbr>health-it-hearing-223116</a></div><div dir="auto"><br></div><div dir="auto">In terms of the vote, it seems you’re saying B and C with a hint of A for the security reasons you cite. I agree that my phrasing of C is less PC than yours, but your point about how HEART would benefit the sicker patients before others suggests that we’re talking about the same thing.</div><div dir="auto"><br></div><div dir="auto">John, if you would like us to score your vote as “other” please be clearer as to what that is.</div><div dir="auto"><br></div><div dir="auto">I’m at a loss to interpret Eve’s perspective other than maybe A. This vote is not about OAUth2 or UMA, it’s about HEART. If we’re unable to get either medical data holders (especially the federales) or the health information exchanges to the HEART meetings, then maybe we need to focus our attention on UMA instead.</div><div dir="auto"><br></div><div dir="auto">A few more votes have come in. The longer we talk about this, the likelier we are to reach a consensus for what to do next.</div><span class="HOEnZb"><font color="#888888"><div dir="auto"><br></div><div dir="auto">Adrian</div></font></span><div><div class="h5"><br><div class="gmail_quote"><div>On Wed, Nov 1, 2017 at 7:47 AM Eve Maler <<a href="mailto:eve.maler@forgerock.com" target="_blank">eve.maler@forgerock.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div>Great thoughts.</div><div><br></div>I would never have bothered working on SAML starting in late 2000 (or any other standards :-) ) if I didn't think it had differentiating value. When we published a finished 1.0 two years later, I thought "Great, everyone, start using it!" Real adoption took much longer, not just because technology refresh rates were at least three years at the time, but because it challenged business models. SAML went through a 1.1 and then a 2.0. Ten years later, something like 90% of broadly used business SaaS services supported SAML 2.0 as SPs because so many enterprises already served as IdPs. Adoption wasn't guaranteed to happen, but while code is really really important, solving the right problem is king.<div><br></div><div>It does seem there are challenges with the US healthcare business environment that erect barriers. At the same time, I am having conversations with US-connected businesses, especially involving IoT, interested in HEART (particularly involving UMA because it's the patient-centric piece). And organizations from around the world are also reaching out with interest.</div><div><br></div><div>Perhaps it's unnecessary to assume that adoption is unusually hindered when considering that a standard like this affects a whole BLT sandwich (business, legal, technical). A question might be: What do you intend to do differently with the answer? (Along the lines of Why perform this diagnostic test? :-) ) I intend to keep doing the work, collecting use cases and spec feedback, and getting the word out.</div><div class="gmail_extra"></div></div><div><div class="gmail_extra"><div><div class="m_-7739665763472089766m_898445293522528194gmail_signature" data-smartmail="gmail_signature"><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div>
<p><b>Eve Maler<br></b>ForgeRock Office of the CTO | VP Innovation & Emerging Technology<br>Cell <a href="tel:(425)%20345-6756" value="+14253456756" target="_blank">+1 425.345.6756</a> | Skype: xmlgrrl | Twitter: @xmlgrrl</p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><div><div class="gmail_extra">
<br><div class="gmail_quote">On Wed, Nov 1, 2017 at 5:59 AM, John Moehrke <span><<a href="mailto:johnmoehrke@gmail.com" target="_blank">johnmoehrke@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>Adrian,<div><br></div><div>I think you are very quick to place others names on the list of reasons HEART has failed...</div><div><br></div><div>The fastest standards get implemented within 5 years, most take longer. I could be that we haven't waited long enough.</div><div><br></div><div>I really like the idea of HEART, but I am not sure it will get implemented, because it presents more complexity, while not solving a problem that the data holders believe they have. I will put the word 'believe' in that sentence, but I am more on the side that they do not have a problem that HEART solves. I am not saying that the vision of HEART is false, it is a fantastic vision. There are just no obvious stepping-stones from where we are today to this nirvana.</div><div><br></div><div>For HEART to exist a large number of HEART authorities must exist. They must convince custodians that they are trustworthy, and do represent the patient. They must convince the patient that they are trustworthy and will accurately represent the patient. There must be many, so that the patient has choice. There must be some mechanism where this trust is developed and maintained There must be blunt discussions of what happens when failure-modes happen. This is a case where these must be built and prove themselves before the system will work, yet they can't prove themselves until the system is working. Too risky for everyone.</div><div><br></div><div>There is a subset of the population that would benefit from HEART, those that frequent many different and unconnected healthcare providers. I don't know how big this group is. I 'think' that subset is small relative to the whole population. I 'think' that subset is generally not the technically engaged, or technically adventuresome. Yes, there is a couple dozen that are, but most are not. </div><div><br></div><div>Many healthcare providers have fully functional interactions with their patient population. This includes a user identity. That user identity has Privacy controls. That user identity has access to a Portal where that patient can obtain their patient data. That identity is being enabled to be able to use the FHIR API in many cases. Note that there is little interest in moving to a federated identity, because of the risk of exposing metadata and patterns of behavior to that third-party. Although we are encouraging OAuth be used with FHIR, everyone has placed the OAuth authority within the same walls as their FHIR Server. Thus, it isn't really a federation, it is just using the technology so that apps can be enabled and managed using OAuth. This is a win, but not a full identity federation win. Time might solve this one.</div><div><br></div><div>I realize that some healthcare providers are still blocking data. I have had fantastic access to my data for a decade. The VHA provides full access for veterans to their data. In all cases I know of through my family they have access. And ALL of us are on the eHEX nationwide health information exchange. I don't know who these data blockers are, and it is sick that we keep abusing the whole industry because of these abusive healthcare providers. I don't understand why we are not yet naming and shaming these organizations. We should be abusing THOSE organizations, not the whole of healthcare. </div><div><br></div><div>Thus, HEART is a great idea but it is too difficult: technically, legally, human, risk...</div><div><br></div><div>john</div></div><div class="gmail_extra"><span class="m_-7739665763472089766m_898445293522528194HOEnZb"><font color="#888888"><br clear="all"><div><div class="m_-7739665763472089766m_898445293522528194m_4089630060572861431gmail_signature" data-smartmail="gmail_signature"><div>John Moehrke<br>Principal Engineering Architect: Standards - Interoperability, Privacy, and Security<br>CyberPrivacy – Enabling authorized communications while respecting Privacy<br>M <a href="tel:(920)%20564-2067" value="+19205642067" target="_blank">+1 920-564-2067</a><br><a href="mailto:JohnMoehrke@gmail.com" target="_blank">JohnMoehrke@gmail.com</a><br><a href="https://www.linkedin.com/in/johnmoehrke" target="_blank">https://www.linkedin.com/in/<wbr>johnmoehrke</a><br><a href="https://healthcaresecprivacy.blogspot.com" target="_blank">https://healthcaresecprivacy.<wbr>blogspot.com</a><br>"Quis custodiet ipsos custodes?" ("Who watches the watchers?")</div></div></div></font></span><div><div class="m_-7739665763472089766m_898445293522528194h5">
<br><div class="gmail_quote">On Tue, Oct 31, 2017 at 8:24 PM, Danny van Leeuwen <span><<a href="mailto:danny@health-hats.com" target="_blank">danny@health-hats.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div dir="auto">J other people don’t know about it and don’t understand it’s balue </div><div dir="auto"><br></div><div dir="auto">All 3 votes</div><br><div class="gmail_quote"><div><div class="m_-7739665763472089766m_898445293522528194m_4089630060572861431h5"><div>On Tue, Oct 31, 2017 at 8:55 PM Adrian Gropper <<a href="mailto:agropper@healthurl.com" target="_blank">agropper@healthurl.com</a>> wrote:<br></div></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="m_-7739665763472089766m_898445293522528194m_4089630060572861431h5"><div><div dir="auto">Only one vote so far. </div></div><div><div dir="auto"><br></div><div dir="auto">Adrian</div></div><div><br><div class="gmail_quote"><div>On Fri, Oct 27, 2017 at 11:46 PM Adrian Gropper <<a href="mailto:agropper@healthurl.com" target="_blank">agropper@healthurl.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div dir="auto">A - Our standards work is incomplete</div><div dir="auto">B - Implementation of our profiles is too expensive</div><div dir="auto">C - Why would a hospital want to make patient-directed access easier?</div><div dir="auto">D - HEART distracts the patient from the hospital’s portal experience</div><div dir="auto">E - US regulations are inadequate from a patient rights perspective</div><div dir="auto">F - NATE and other HIE groups don’t see the value of HEART to their business or mission</div><div dir="auto">G - Patient-directed exchange does not allow the patient to pay for API access</div><div dir="auto">H - CMS and VA have not endorsed HEART or put it on their road map</div><div dir="auto">I - We have not done enough PR and promotion</div><div dir="auto">J - Other ______________________________<wbr>_____</div><div dir="auto"><br></div><div dir="auto">Please vote on the list above. Each person has 3 votes to cast on one or more of the options. </div><div dir="auto"><br></div><div dir="auto">If you want your vote to be “secret” just send it to me and I promise I won’t share or even save your name. I will simply report the total count of people who voted as it grows and then tally the totals <b>before the Nov 6 call.</b></div><div dir="auto"><br></div><div dir="auto">Please share this email with anyone you know that has any idea of what we’re doing with UMA or HEART.</div></div><div dir="auto"><br></div><div dir="auto">Thank you,</div><div><div dir="auto"><br></div><div dir="auto">Adrian</div></div><div>-- <br></div><div class="m_-7739665763472089766m_898445293522528194m_4089630060572861431m_-4481668652324209504m_-7759800578636723593m_-4007805244818047783gmail_signature" data-smartmail="gmail_signature"><div><div><div><div><div><div><div><br><div>Adrian Gropper MD<span style="font-size:11pt"></span><br><br><span style="font-family:"Arial",sans-serif;color:#1f497d">PROTECT YOUR FUTURE - RESTORE Health Privacy!</span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>HELP us fight for the right to control personal health data.</span></div><div><span style="color:rgb(31,73,125);font-family:Arial,sans-serif;font-size:10pt">DONATE: </span><span style="font-family:Arial,sans-serif;font-size:10pt;color:blue"><a href="https://patientprivacyrights.org/donate-3/" style="color:rgb(17,85,204)" target="_blank">https://<wbr>patientprivacyrights.org/<wbr>donate-3/</a></span></div></div></div></div></div></div></div></div></div></blockquote></div></div><div>-- <br></div><div class="m_-7739665763472089766m_898445293522528194m_4089630060572861431m_-4481668652324209504m_-7759800578636723593gmail_signature" data-smartmail="gmail_signature"><div><div><div><div><div><div><div><br><div>Adrian Gropper MD<span style="font-size:11pt"></span><br><br><span style="font-family:"Arial",sans-serif;color:#1f497d">PROTECT YOUR FUTURE - RESTORE Health Privacy!</span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>HELP us fight for the right to control personal health data.</span></div><div><span style="color:rgb(31,73,125);font-family:Arial,sans-serif;font-size:10pt">DONATE: </span><span style="font-family:Arial,sans-serif;font-size:10pt;color:blue"><a href="https://patientprivacyrights.org/donate-3/" style="color:rgb(17,85,204)" target="_blank">https://<wbr>patientprivacyrights.org/<wbr>donate-3/</a></span></div></div></div></div></div></div></div></div></div></div></div>
______________________________<wbr>_________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.<wbr>openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/<wbr>mailman/listinfo/openid-specs-<wbr>heart</a><span class="m_-7739665763472089766m_898445293522528194m_4089630060572861431HOEnZb"><font color="#888888"><br>
</font></span></blockquote></div></div><span class="m_-7739665763472089766m_898445293522528194m_4089630060572861431HOEnZb"><font color="#888888"><div>-- <br></div><div class="m_-7739665763472089766m_898445293522528194m_4089630060572861431m_-4481668652324209504gmail_signature" data-smartmail="gmail_signature">Danny van Leeuwen <br>Danny@health-Hats.com<br><a href="tel:(617)%20304-4681" value="+16173044681" target="_blank">617-304-4681</a><br>Blog: <a href="http://www.health-hats.com" target="_blank">www.health-hats.com</a> <br>Twitter: @healthhats</div>
</font></span><br>______________________________<wbr>_________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.<wbr>openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/<wbr>mailman/listinfo/openid-specs-<wbr>heart</a><br>
<br></blockquote></div><br></div></div></div>
<br>______________________________<wbr>_________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.<wbr>openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/<wbr>mailman/listinfo/openid-specs-<wbr>heart</a><br>
<br></blockquote></div><br></div></div>
______________________________<wbr>_________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.<wbr>openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/<wbr>mailman/listinfo/openid-specs-<wbr>heart</a><br>
</blockquote></div></div></div></div><div class="HOEnZb"><div class="h5"><div dir="ltr">-- <br></div><div class="m_-7739665763472089766gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><br><div dir="ltr">Adrian Gropper MD<span style="font-size:11pt"></span><br><br><span style="font-family:"Arial",sans-serif;color:#1f497d">PROTECT YOUR FUTURE - RESTORE Health Privacy!</span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>HELP us fight for the right to control personal health data.</span></div><div dir="ltr"><span style="color:rgb(31,73,125);font-family:Arial,sans-serif;font-size:10pt">DONATE: </span><span style="font-family:Arial,sans-serif;font-size:10pt;color:blue"><a href="https://patientprivacyrights.org/donate-3/" style="color:rgb(17,85,204)" target="_blank">https://<wbr>patientprivacyrights.org/<wbr>donate-3/</a></span></div></div></div></div></div></div></div></div></div>
</div></div></blockquote></div><br></div>