Wiki
Clone wikiHEART / 2016-05-02
Attendees:
Cait Ryan
Tom Sullivan
Justin Richer
Sarah Squire
Dale Moberg
Debbie Bucci
Glen Marshall
Eve Maler
Scott Shorter
Nancy Lush
Thompson Boyd
Jin Wen
Kathleen Connor
Jim Kragh
Discussion:
Eve presented the current status of the use case. It now has technical preconditions. We now have “sharing scenarios” rather than “use case steps.” Eve read through some newer parts of the use case.
Eve: We do have some sections that need discussion. Alice’s physician requires a lot of Alice’s information and she wants to introduce her PHR to provide that. The administrator will tell Alice about the resources and scopes they need. We need to figure out who this sharing is directed to. Target? Audience? Subject?
Debbie: There’s been a lot of talk about what a developer would call these things, but has anyone done research about consumers? Which boxes they would check and what they would understand?
Glen: I don’t know if consumers understand them at all, particularly in an emergency situation.
Debbie: There are consent directives and advanced directives
Eve: We could make this specific to the purpose we are looking at. What I’ve chosen for starters is more in line with a proactive “share” button, rather than Alice being reactive to being asked for information. Dr. Bob’s office requests access in a verbal way, and Alice’s side shares her information in a technical way. Another way to do it would be for Dr. Bob to try to get access to Alice’s information, and have her approve it.
Access approval approach: Pro: Alice only needs to provision something simple Con: Requires Alice to interact after the fact Requires the doctor to know what they want
Tom: This could be called a handshake. It implies initial trust.
Justin: So, are we talking about client registration and discovery?
Eve: Yes
Justin: Can we just call it that?
Debbie: So if you have hundreds of patients, would providers have to manage hundreds of client credentials? Should we talk about that?
Eve had to leave, so the discussion was tabled. Justin presented the refreshed version of the working group drafts.
Justin: The major change here is to point out that HEART servers only have to be HEART-compliant when talking to other HEART-compliant parties. This allows multi-purpose servers to talk to non-HEART-compliant parties for other purposes.
We have also made audience and subject optional. This is to prevent possible privacy-compromising leakage of that information.
Updated