Thanks, Tim.
I think the difference is like the difference between the chicken and the
pig when it comes to ham and eggs. The chicken is involved but the pig is
committed.
By this I mean that UMA might be involved in RUFADAA but it is not
essential. Each resource server can implement delegation in many ways that
don't involve UMA. I see no major secondary economic benefits arising from
this.
On the other hand, implementing the ACCESS delegation mandate, including
the relative safe harbor for standards, can only be done with UMA or
oauth.xyz or other standard protocol for delegation. The economic impact
for such a mandate across the full range of personal data transfers would
be immense.
Adrian
On Thu, Oct 24, 2019 at 6:40 PM Tim Reiniger
Eve,
The two laws are conceptually similar in that they give legal standing to third-party custodial agents in information governance --- great developments for UMA!. But RUFADAA and the Access Act involve different agent qualifications and oversight (for example, the Access Act positions the FTC as the regulatory body while RUFADAA custodians are unregulated). The two laws also deal with different use cases. (In other words, the Access Act doesn't encompass or even overlap the RUFADAA.)
Tim
On Thu, Oct 24, 2019 at 4:13 PM Eve Maler
wrote: Thanks Adrian! Tim, I wonder how this compares to RUFADAA. I suppose this would be a single federal law, for one. Any comments? (See "SEC. 5. DELEGATABILITY")
*Eve Maler*Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
On Thu, Oct 24, 2019 at 2:33 PM Adrian Gropper
wrote: Here’s my analysis of the ACCESS Act
http://blog.petrieflom.law.harvard.edu/2019/10/24/access-act-points-the-way-...
Adrian
On Tue, Oct 22, 2019 at 11:02 PM Adrian Gropper
wrote: Check out https://www.warner.senate.gov/public/index.cfm/2019/10/senators-introduce-bi...
Especially Section 5: Delegation. (There's a link https://www.scribd.com/document/431507476/ACCESS-Act-Section-by-Section-FINA... to a nice summary at the very end of the page.) It calls for a right to specify a fiduciary agent, hopefully one that I can compile and own myself. I can imagine a law like this applying to all of our service providers above a certain size, like say 50 employees.
-- Adrian
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: https://patientprivacyrights.org/donate-3/ _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
-- Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: https://patientprivacyrights.org/donate-3/