Wait, Adrian, are you thinking of the UMA authorization server as being the custodial agent, or a separate person? I think I'm confused. We have collected a variety of use cases that are more like the RUFADAA ones, and I was reading this delegatability provision more in that fashion.

Eve Maler
Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl

On Thu, Oct 24, 2019 at 3:13 PM Eve Maler <eve@xmlgrrl.com> wrote:

Thanks Adrian! Tim, I wonder how this compares to RUFADAA. I suppose this would be a single federal law, for one. Any comments? (See "SEC. 5. DELEGATABILITY")

Eve Maler
Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl

On Thu, Oct 24, 2019 at 2:33 PM Adrian Gropper <agropper@healthurl.com> wrote:
Here’s my analysis of the ACCESS Act
http://blog.petrieflom.law.harvard.edu/2019/10/24/access-act-points-the-way-to-a-post-hipaa-world/#more-28136

Adrian

On Tue, Oct 22, 2019 at 11:02 PM Adrian Gropper <agropper@healthurl.com> wrote:
Check out https://www.warner.senate.gov/public/index.cfm/2019/10/senators-introduce-bipartisan-bill-to-encourage-competition-in-social-media

Especially Section 5: Delegation. (There's a link to a nice summary at the very end of the page.) It calls for a right to specify a fiduciary agent, hopefully one that I can compile and own myself. I can imagine a law like this applying to all of our service providers above a certain size, like say 50 employees.

--
Adrian

--

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: https://patientprivacyrights.org/donate-3/
_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
https://kantarainitiative.org/mailman/listinfo/wg-uma