This is very interesting and I agree.I had accodified ( Eve ;) ) the European text so that one can rehash it and make deep links into it. E.g.:My sense is that such requirements can drive adoption of good (even best) practices, for instance regarding retention and access:Those requirements could be baked into agreements with users and governments, such as Appendix 2 to the "Model Clauses" (the tan-colored part near the end of the document):On Thu, Jan 14, 2016 at 3:13 PM, Adrian Gropper <agropper@healthurl.com> wrote:_______________________________________________In the last month two very important regulatory guidance documents have been released by the EU and US governments respectively:
http://europa.eu/rapid/press-release_MEMO-15-6385_en.htm
and
http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.htmlBy adding to these regulations a single constraint - that an individual can own and specify the UMA Authorization Server if they choose to - I think we can derive a complete UMA Legal profile and associated clauses.
I've started analysis of the US reg at http://bit.ly/HEARTfromHIPAA I think a similar analysis could be interesting for the EU regs.Adrian
--Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma
--@commonaccord
_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma