<div dir="ltr"><div><div>Apologies for missing today's call (I was in the air) and thank you for the wonderful notes.<br><br></div>Scoping HEART work for the coming year is an interesting opportunity as we see growing interest in patient-whatever health IT and discussions around TEFCA and the Trump administration's tilt on interoperability via HHS and VA programs.<br><br></div>Here's some thoughts on where HEART is likely to be most effective:<br><br><div dir="auto">I see at least three separate projects: Authentication, Scope of Authorization, and Authorization. Not all of them belong in HEART:<br></div><div dir="auto"><br></div><div dir="auto">A
- I believe Authentication is completely separable from the other two
and has almost nothing to do with HEART. The patient logs into the
hospital portal with or without federated authentication. Federated
authentication is very useful when a clinician or other requesting party
needs to authenticate to the Authorization Server (AS) because we can’t
expect clinicians to have separate passwords for their thousands of
patients. That said, we do expect clinicians to have separate
credentials for however many health information exchanges they deal
with. Allowing the patient to specify their HIE works just as well for a
limited choice among QHINs or local exchanges as it would for HIE of
One. As far as the FHIR resource endpoint is concerned, the availability
of federated ID for clinicians should be irrelevant. </div><div dir="auto"><br></div><div dir="auto">B
- Scope of Authorization is a problem but it is not
related to the ability for a patient to choose an HIE as Authorization
Server. Whatever scopes are available for the default AS can be offered
to a patient-specified AS. No more, no less. </div><div dir="auto"><br></div><div dir="auto">Patient
Privacy Rights does advocate for making EHR segmentation and the scope
of consent clearer and more effective for all patients whether this
applies internally to a large hospital system or in HIE. This issue has
nothing to do with how the AS is specified. From my perspective,
discussion of segmentation of the record does not belong in HEART. It
should be moved to a forum with much broader specialty reach and focus
on the EHR rather than just HIE. Doing so will help the hospitals and
EHR vendors as they consolidate into ever larger institutions. </div><div dir="auto"><br></div><div dir="auto">C
- Authorization - Allowing the patient to specify the AS is a big help because it collects all of the FHIR
endpoints into one login. It also helps patients by creating competition
among HIEs on the basis of their privacy policies and other
customer-facing services. This, I believe, is where HEART is poised to
make a real difference.<br><br></div><div>Adrian<br></div><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Mar 26, 2018 at 4:54 PM, Eve Maler <span dir="ltr"><<a href="mailto:eve.maler@forgerock.com" target="_blank">eve.maler@forgerock.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>
<span></span>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)"><b>HEART meeting 2018-03-26</b></p>
<p class="m_-6081395440392381056gmail-p2" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69);min-height:14px"><br></p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)">Attending:</p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)">Debbie Bucci</p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)">Thompson Boyd</p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)">Catherine Schulten</p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)">Justin Richer</p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)">Alan Byers</p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)">Luis Maas</p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)">Nancy Lush</p><p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)">Eve Maler</p>
<p class="m_-6081395440392381056gmail-p2" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69);min-height:14px"><br></p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)"><b>Profiles status</b></p>
<p class="m_-6081395440392381056gmail-p2" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69);min-height:14px"><br></p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)">Justin reports that the text has been revised. He hasn’t received any comments. Setting up a vote deadline will likely force the situation. Justin moves, Eve seconds. Justin recommends a WG review period of 1-2 weeks and then start an Implementer’s Draft period after that.</p>
<p class="m_-6081395440392381056gmail-p2" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69);min-height:14px"><br></p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)"><b>CARIN Alliance F2F meeting</b></p>
<p class="m_-6081395440392381056gmail-p2" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69);min-height:14px"><br></p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)">Alan reports that there was a payer meeting at the end. He can send notes from that. Debbie asks: Are they doing anything with ID proofing? Is there anything the HEART group can help with? They may require some investigation. They are just trying to bring people together, and come up with a standard to vet people to IAL2. There has been discussion on doing KBA, all around proofing. Justin: If that’s the focus, then this seems not directly HEART-related, unless VoT gets involved. Alan: VoT has been acknowledged, as has FIDO and social logon, as potentially helpful.</p>
<p class="m_-6081395440392381056gmail-p2" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69);min-height:14px"><br></p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)"><b>Vectors of Trust update</b></p>
<p class="m_-6081395440392381056gmail-p2" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69);min-height:14px"><br></p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)">Justin: The shepherd review has been submitted. It will go through AD review, then IESG review, then to RFC.</p>
<p class="m_-6081395440392381056gmail-p2" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69);min-height:14px"><br></p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)"><b>Adrian’s email thread on “What’s the best way to coordinate FHIR and HEART?”</b></p>
<p class="m_-6081395440392381056gmail-p2" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69);min-height:14px"><br></p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)">Debbie summarized for those not on the thread: Adrian started a thread to see where HEART could be relevant. Graham opined that HEART isn’t modular enough, and laid out four use cases. One was sort of about record locator service. Justin added: It was more like “I have a record; what are other related records?” This touches on other privacy discussions we’ve had about a protected discovery endpoint. The pre-FHIR notion of an hData document that comes back with pointers rather than documents would be something like the idea. Nancy: She saw the thread as their listing livewire issues, and quite a few of them do seem relevant to HEART.</p>
<p class="m_-6081395440392381056gmail-p2" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69);min-height:14px"><br></p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)">Alan: There’s been a discussion about this being the time to create a national patient identity, like other countries have. Debbie: That’s been a nonstarter. Catherine: CARIN is not advocating for this; it’s just still on people’s minds. Organizations can do two forms of queries: “give me everything you have” and more directed. Justin: Here’s how the discussion is coming up: <a href="https://catalyst.nejm.org/time-unique-patient-identifiers-us/" target="_blank"><span class="m_-6081395440392381056gmail-s1" style="color:rgb(228,175,10)">https://catalyst.nejm.org/<wbr>time-unique-patient-<wbr>identifiers-us/</span></a><span class="m_-6081395440392381056gmail-Apple-converted-space"> </span></p>
<p class="m_-6081395440392381056gmail-p3" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69);min-height:15px"><b></b><br></p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)"><b>HEART “marketing” and use cases</b></p>
<p class="m_-6081395440392381056gmail-p2" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69);min-height:14px"><br></p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)">Nancy: Since there is so much confusion about what HEART does and doesn’t do, proposes that we put together use cases, maybe 3 patient-facing and 3 provider-facing. Catherine: Supports this. Debbie: This could be useful for, e.g., the HL7 Connectathons. Nancy: Would like to see this connected to the Argonaut work so that it can be moved into the mainstream.</p>
<p class="m_-6081395440392381056gmail-p2" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69);min-height:14px"><br></p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)">Catherine: Has written some use cases in English. She’ll share them and work with Nancy. Luis: Has HEART-enabled servers and clients, and they were there in the consumer-mediated exchange track. there were ~9 different scenarios there, and they made sure HEART — including UMA (then 1.0) — was included. Subjectively, the feedback he got was that they were looking for less complex solutions and less involved specs, e.g. Sync 4 Science with long-lived tokens. However they then need to enroll at each service. He’ll present in Cologne again.</p>
<p class="m_-6081395440392381056gmail-p2" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69);min-height:14px"><br></p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)">Eve: This feedback is great. To date we’ve provided no auxiliary material whatsoever about the operational and topological elements, just the bare bones of specs that mostly point to other specs. Suspects that would likely help. Debbie: The notion of a patient’s own AS is the new piece, and discussing that is something we need to do. Nancy: We need to discuss the notion of trusted IdP and a provider directory. If Alice wants to share with a provider, how does that happen? Justin: We’ve discussed that, and there are places in the specs to deal with it, but we don’t deal with the policy elements. Nancy: If we make some assumptions, that would make it realistic for readers. Could be non-normative.</p>
<p class="m_-6081395440392381056gmail-p2" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69);min-height:14px"><br></p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)">Catherine: Some examples she runs into all the time: How would that work with a child? Or how would that work if I were unconscious? Nancy: Agreed that delegation is really important; we also don’t want to get bogged down by edge cases. Let’s keep the main cases simple and to the point. Debbie: Willing to join ad hoc groups to work on all of this. Luis: Also willing. Debbie: It would be good also to have discussions with the broader FHIR community.</p>
<p class="m_-6081395440392381056gmail-p2" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69);min-height:14px"><br></p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)">Who will be at IIW next week? Eve, Justin, Adrian probably, Alan maybe, Debbie maybe. That <i>might</i> work.</p>
<p class="m_-6081395440392381056gmail-p2" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69);min-height:14px"><br></p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)">Nancy thinks use cases and, secondarily, messaging, are the first task. Debbie thinks the use cases need to be easily implementable.</p>
<p class="m_-6081395440392381056gmail-p2" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69);min-height:14px"><br></p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)"><b>Meeting logistics</b></p>
<p class="m_-6081395440392381056gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica Neue";color:rgb(69,69,69)"></p><ul><li>Thu Mar 29 8am PT/11am ET: Ad hoc meeting to discuss use cases and marketing (Nancy will send out invitation and connection info)<br></li><li>No meeting Mon Apr 2 due to IIW<br></li><li>Mon Apr 9 1pm PT/4pm ET: Next regular HEART meeting<br></li><li>No meeting Mon Apr 16 due to RSA<br></li></ul><p></p>
<br></div><br clear="all"><div><div class="m_-6081395440392381056gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div class="m_-6081395440392381056gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">
<table style="font-family:Times" cellspacing="0" cellpadding="0" border="0"><tbody><tr><td valign="top"><a href="https://www.forgerock.com/" target="_blank"><img src="https://www.forgerock.com/img/ForgeRock_retina_email_bw_logo.png" alt="ForgeRock" width="185" border="0" height="70"></a></td><td style="font-family:arial,helvetica,verdana,sans-serif;font-size:12px;color:rgb(47,52,56);line-height:19.8px" valign="top" bgcolor="#ffffff" align="left"><strong>Eve Maler</strong><br>VP Innovation & Emerging Technology | ForgeRock<br><span style="color:rgb(249,76,35)"><strong>t</strong></span> <a href="tel:(425)%20345-6756" value="+14253456756" target="_blank">(425) 345-6756</a> | <span style="display:inline-block"><span style="color:rgb(249,76,35)"><strong>e</strong></span> <a href="mailto:eve.maler@forgerock.com" style="color:rgb(47,52,56)" target="_blank">eve.maler@forgerock.com</a></span><br><span style="color:rgb(249,76,35)"><strong>twitter</strong></span> xmlgrrl | <span style="display:inline-block"><span style="color:rgb(249,76,35)"><strong>web</strong></span> <a href="https://www.forgerock.com/" style="color:rgb(47,52,56)" target="_blank">www.forgerock.com</a></span></td></tr></tbody></table></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>
<br>______________________________<wbr>_________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.<wbr>openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/<wbr>mailman/listinfo/openid-specs-<wbr>heart</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><br><div dir="ltr">Adrian Gropper MD<span style="font-size:11pt"></span><br><br><span style="font-family:"Arial",sans-serif;color:#1f497d">PROTECT YOUR FUTURE - RESTORE Health Privacy!</span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>HELP us fight for the right to control personal health data.</span></div><div dir="ltr"><span style="color:rgb(31,73,125);font-family:Arial,sans-serif;font-size:10pt">DONATE: </span><span style="font-family:Arial,sans-serif;font-size:10pt;color:blue"><a href="https://patientprivacyrights.org/donate-3/" style="color:rgb(17,85,204)" target="_blank">https://patientprivacyrights.org/donate-3/</a></span></div></div></div></div></div></div></div></div></div>
</div>