Hi Adrian: thanks for sending though the example. How region-specific is this? For example: assuming such forms exists in other countries (UK or Japan, for example), are we likely to find the same essential elements? Or are there features that are properly specific to given jurisdictions? In which case, anything that's designed from these from a specifications standpoint probably needs to account for that....--&eOn Fri, Aug 14, 2015 at 3:50 PM, Adrian Gropper <agropper@healthurl.com> wrote:_______________________________________________The ROI form is one of the three common legal documents in healthcare. (The other two are the Notice of Privacy Practices that's a meaningless and often unsigned notification about HIPAA and informed consent notices for specific procedures. )The ROI form (attached) is quite typical and demonstrates all of the common elements. I've annotated it with the UMA terms. Jim Hazard and I have some experience translating the ROI form into the Common Accord format.I see the ROI form as the institutional complement to the 4 use-cases I shared last week. The use-cases were presented entirely from Alice's perspective. The ROI form is presented entirely from the service provider perspective.There is, of course, a third dimension: the third parties and intermediaries in the real world that have contractual relationships with Alice and her service provider. These are sometimes called Business Associates in healthcare and sometimes overlap with federations. Alice's third parties often look like software clients and apps.Adrian
--Adrian Gropper MD
RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma
--Andrew HindleHindle Consulting Limited