In the last month two very important regulatory guidance documents have been released by the EU and US governments respectively:

http://europa.eu/rapid/press-release_MEMO-15-6385_en.htm
and
http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html

By adding to these regulations a single constraint - that an individual can own and specify the UMA Authorization Server if they choose to - I think we can derive a complete UMA Legal profile and associated clauses.

I've started analysis of the US reg at http://bit.ly/HEARTfromHIPAA I think a similar analysis could be interesting for the EU regs.

Adrian

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/