Thanks for the Consent Receipt info, Mark! We should perhaps have you demo the receipt generator on our next legal subgroup call.

I’m planning to comment on Adrian’s use cases tonight and also send out some of my own, to get ready for Friday. If anyone else has thoughts or questions on use cases for our subgroup work, I encourage you to write in.

(I know the list has been full of technical stuff lately. I’ve added “[legal]” in the subject line above to catch the subgroup's attention, and perhaps that’s a good idea for others to do as well.)

Eve

On 11 Aug 2015, at 11:33 AM, Mark Lizar <mark@smartspecies.com> wrote:

Great  UMA-Legal call.   

As mentioned in the call, the CIS WG has a freshly minted,  MVCR v0.7 draft, from the CIS WG on GitHub.   This is an active working draft,  in progress, and can be found here : 

https://github.com/KI-CISWG/MVCR/blob/master/mvcr-0.7.md

There is also a : 
The MVCR has just reached (this is the first announcement) v0.7 has been cut to its most minimal, and the plan is to fill in the detail through implementation requirements which we hope UMA can help by providing some use cases.   The MVCR wants to be a core consent record format, which can (hypothetically) be extended by UMA (and 3rd part trust frameworks ).  We plan to start testing it out as a tool to map information sharing relationships and it can be useful in the context of logging UMA resource access and use from the Authorisation Server. 

As it happens, the law provides a great rule set for the consent record format.  Consent requirement are the most  common privacy requirements across all jurisdictions and cultures, it  is what is legitimately authoritative (enforced by law) and we for see using consent  to bind terms and logging use of resources with the MVCR format. 

Now that we have this new MVCR we really want to play with it.  In collaboration with UMA we have a chance to explore the use of the MVCR on aggregate and hopefully get a glimpse of how the MVCR might work on scale and for interoperability. 

If you are interested in contributing to the MVCR we are taking issues on the Github repository, everyone is welcome to participate, if you sign the participation agreement.  

Kind Regards,

Mark
CO-Chair 
Consent & Information Sharing Work Group

On 7 Aug 2015, at 11:29, Dazza Greenwood <dazza@civics.com> wrote:

Good idea to anchor the Legal group to use cases.  Here is an issue ticket related to this: 

So they can be iterated,I've added Adrian's initial use cases to the wiki here:

Thanks,
 - Dazza



   _ _ _ _ _ _ _ _ _ _ _ _ _ _
   |   Dazza Greenwood, JD
   |   CIVICS.com, Founder & Principal
   |   MIT Media Lab, Visiting Scientist
   |     Vmail: 617.500.3644
   |     Email: dazza@CIVICS.com
   |     Biz: http://CIVICS.com
   |     MIT: https://law.MIT.edu
   |     Me: DazzaGreenwood.com
   |     Twitter: @DazzaGreenwood
   |     Google+: google.com/+DazzaGreenwood
   |     LinkedIn: linkedin.com/in/DazzaGreenwood
   |     GitHub: github.com/DazzaGreenwood/Interface
   |     Postal: P.O. Box 425845 Cambridge, MA  02142
   | _ _ _ _ _ _ _ _ _ _ _ _ _ _

On Fri, Aug 7, 2015 at 10:40 AM, Eve Maler <eve@xmlgrrl.com> wrote:
From Adrian for consideration in our legal subgroup meeting coming up shortly. Thanks, Adrian!

Begin forwarded message:

From: Adrian Gropper <agropper@healthurl.com>
Subject: Four UMA Use-Cases in Healthcare
Date: 7 August 2015 at 6:33:18 AM PDT
To: Eve Maler <eve@xmlgrrl.com>
Cc: "Bucci, Debbie (HHS/ONCIT)" <debbie.bucci@hhs.gov>, Josh Mandel <jmandel@gmail.com>, Justin Richer <jricher@mit.edu>

Eve,

There may be only 4 distinct use-cases for UMA in healthcare. I wrote this in order to prepare for the legal subgroup this morning. Feel free to share if it's useful.


  • Alice-to-Alice N - The multiple portals problem - Alice wants to direct sharing herself
Alice wants to manage her EHR-1 and EHR-2 authorizations in one place. We call that place the AS.
  • Alice registers her AS with her practice’s EHR-1.
  • Alice registers her AS with another practice EHR-2.
  • From then on, Alice can sign-in to her EHR, view accounting for disclosures, and manage authorizations.

  • Alice-to-Custodian - Delegation to a custodian
    • Custodian creates an AS for Alice. Custodian has a sign-in to Alice’s AS.
    • Alice registers her AS with her PCP’s EHR-1.
    • Alice registers her AS with another practice’s EHR-2.
    • From then on, Custodian can sign-in to Alice’s EHR, view accounting for disclosures, and manage authorizations.

  • Alice-to-Bob Directed - Alice wants to authorize her PCP for directed sharing
    • Alice registers her AS with her PCP’s EHR-1.
    • The PCP shares an Alice-specific context with Bob.
    • Bob’s client EHR-2 presents claims to Alice’s AS, gets authorization.
    • EHR-2 accesses resource from EHR-1.

  • Alice-to-Bob HIE - Alice wants to be discoverable
    • Alice registers her AS with her practice’s EHR-1.
    • Alice picks up a flier for the state HIE with a Q/R code, reads their Privacy Policy
    • Alice signs-in into her AS and scans the Q/R code.
    • The HIE allows Alice to pick her discovery attributes, registers Alice’s AS.
    • Bob’s client signs into the HIE, discovers Alice, gets authorization to EHR-1.



--

Adrian Gropper MD

RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/


Eve Maler | cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl | Calendar: xmlgrrl@gmail.com


_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma


_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma



Eve Maler | cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl | Calendar: xmlgrrl@gmail.com