Text archives Help


[projectvrm] From the personal perspective, there may be only 4 ways to share data


Chronological Thread 
  • From: Adrian Gropper < >
  • To: ProjectVRM list < >
  • Subject: [projectvrm] From the personal perspective, there may be only 4 ways to share data
  • Date: Mon, 10 Aug 2015 09:01:27 -0400
I wrote the outline below for the HEART workgroup http://openid.net/wg/heart/ list but it may have general applicability to VRM.

Please forgive the healthcare jargon:
- Alice   is the human subject
- EHR   is an information system controlled by an institution or service provider
-  AS     is an UMA Authorization Server
- PCP   is a primary care physician or other licensed professional hopefully acting on Alice's behalf
- Bob    is another human actor seeking access to Alice's data via some client software
- HIE    is a (health) information exchange offering some search or directory services


  • Alice-to-Alice N - The multiple portals problem - Alice wants to direct sharing herself

Alice wants to manage her EHR-1 and EHR-2 authorizations in one place. We call that place the AS.

  • Alice registers her AS with her practice’s EHR-1.

  • Alice registers her AS with another practice EHR-2.

  • From then on, Alice can sign-in to her EHR, view accounting for disclosures, and manage authorizations.


  • Alice-to-Custodian - Delegation to a custodian

    • Custodian creates an AS for Alice. Custodian has a sign-in to Alice’s AS.

    • Alice registers her AS with her PCP’s EHR-1.

    • Alice registers her AS with another practice’s EHR-2.

    • From then on, Custodian can sign-in to Alice’s EHR, view accounting for disclosures, and manage authorizations.


  • Alice-to-Bob Directed - Alice wants to authorize her PCP for directed sharing

    • Alice registers her AS with her PCP’s EHR-1.

    • The PCP shares an Alice-specific context with Bob.

    • Bob’s client EHR-2 presents claims to Alice’s AS, gets authorization.

    • EHR-2 accesses resource from EHR-1.


  • Alice-to-Bob HIE - Alice wants to be discoverable

    • Alice registers her AS with her practice’s EHR-1.

    • Alice picks up a flier for the state HIE with a Q/R code, reads their Privacy Policy

    • Alice signs-in into her AS and scans the Q/R code.

    • The HIE allows Alice to pick her discovery attributes, registers Alice’s AS.

    • Bob’s client signs into the HIE, discovers Alice, gets authorization to EHR-1.


This breakout from the personal perspective may be useful to engineering or explaining VRM. After all, the C-suite folks are Alice too.

Adrian
--

Adrian Gropper MD

RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/

  • [projectvrm] From the personal perspective, there may be only 4 ways to share data, Adrian Gropper, 08/10/2015

Archive powered by MHonArc 2.6.19.