Stream: patient empowerment
Topic: Excellent privacy proposal?
Dave deBronkart (Nov 19 2019 at 11:31):
In the security workgroup's thread on Google Project Nightingale, , someone proposed that HL7 add something to declare "why I believe I have a right to this data." I'm misquoting that (in haste) but I love the idea, at first blush: as I said in a reply, it would enable the kind of trust that I think consumers will need to have.
John Moehrke (Nov 19 2019 at 15:30):
yes, there are two different things being discussed. ( a ) including details in a request for data that expresses why the data should be released, and ( b ) including details in data as it is communicated expressing the authorized uses that the data is released for.
both ( a ) and ( b ) have partial solutions, so it is important to separate out where solutions exist and where they do not exist. Most of ( a ) is what OAuth fundimentally does, and ( b ) is what the Consent resource does...
This said, I am working with Jose to define a generic rules Resource that can be used for use-cases that are not strictly a one-by-one patient privacy Consent. Getting more involvement would be good.
to be specific.. .Patient centric use-cases are the primary use-cases for Consent; the usecases that are not covered are very much NON patient centric.
John Moehrke (Nov 19 2019 at 15:36):
I wonder if someone would be interested in a version of my FHIR Privacy and Security tutorial where I flip the audience to be patients? That is to explain not the internal workings, but the patient centric function that is enabled with enough breadcrumbs that the patient empowerment group can advocate for those FHIR Privacy and Security functionalities to be promoted? I recognize that this stuff is technical and geeky, but it is there because it is needed for patients. https://healthcaresecprivacy.blogspot.com/2019/09/hl7-tutorial-fhir-privacy-and-security.html
Dave deBronkart (Nov 19 2019 at 15:59):
I appreciate the idea (a lot!) but I'm confused (probably too clueless) by trying to figure this out, so I'll leave it to more-savvy others.
Ryan Howells (Jan 16 2020 at 22:04):
This said, I am working with Jose to define a generic rules Resource that can be used for use-cases that are not strictly a one-by-one patient privacy Consent. Getting more involvement would be good.
to be specific.. .Patient centric use-cases are the primary use-cases for Consent; the usecases that are not covered are very much NON patient centric.
@John Moehrke Our CARIN folks would be very interested in discussing this work and may be able to lend some support. Can we connect offline?
Jose Costa Teixeira (Jan 16 2020 at 22:15):
Sounds like good input to our discussions.
Jose Costa Teixeira (Jan 16 2020 at 22:15):
I expect to have some progress in Sydney
John Moehrke (Jan 17 2020 at 18:07):
happy to get these together. See you in Sydney
Jose Costa Teixeira (Feb 22 2020 at 05:14):
The Permission resource was published right after the Sydney WGM. It's draft, hasn't gone through discussions yet, but now is the time to have such discussions.
Ryan Howells (Feb 25 2020 at 22:08):
Jose Costa Teixeira said:
The Permission resource was published right after the Sydney WGM. It's draft, hasn't gone through discussions yet, but now is the time to have such discussions.
Great. What would you suggest as next steps @Jose Costa Teixeira?
Jose Costa Teixeira (Feb 25 2020 at 22:12):
We started discussing during yesterday's Security call. I think we should continue those discussions. Concretely:
Jose Costa Teixeira (Feb 25 2020 at 22:13):
- Define a set of scenarios that we want to enable, and respective requirements
Jose Costa Teixeira (Feb 25 2020 at 22:13):
- Use the existing mechanisms (and placeholders like the Permission resource) to see how these scenarios can be implemebted
Jose Costa Teixeira (Feb 25 2020 at 22:14):
@John Moehrke is this fitting to the calls you suggested to have?
Jose Costa Teixeira (Feb 25 2020 at 22:15):
Also, question: I left the Permission resource incomplete, must change a data type (Backbone to Expression). Do I need a Jira ticket for that?
John Moehrke (Feb 26 2020 at 13:04):
Yes these are the steps. It is more normal to do the use-case gathering and use-case analysis on confluence prior to putting something into the build, but it is there now. During Draft FMM, changes can be made as part of that drafting CR. It is best to have a CR so that tracking of changes is discoverable.
Last updated: Apr 12 2022 at 19:14 UTC
