Good idea to anchor the Legal group to use cases. Here is an issue ticket related to this: https://github.com/xmlgrrl/UMA-Specifications/issues/180 So they can be iterated,I've added Adrian's initial use cases to the wiki here: https://github.com/xmlgrrl/UMA-Specifications/wiki/UMA-Legal-Anchor-Use-Case... Thanks, - Dazza _ _ _ _ _ _ _ _ _ _ _ _ _ _ | Dazza Greenwood, JD | CIVICS.com, Founder & Principal | MIT Media Lab, Visiting Scientist | Vmail: 617.500.3644 | Email: dazza@CIVICS.com | Biz: http://CIVICS.com | MIT: https://law.MIT.edu | Me: DazzaGreenwood.com | Twitter: @DazzaGreenwood | Google+: google.com/+DazzaGreenwood | LinkedIn: linkedin.com/in/DazzaGreenwood | GitHub: github.com/DazzaGreenwood/Interface | Postal: P.O. Box 425845 Cambridge, MA 02142 | _ _ _ _ _ _ _ _ _ _ _ _ _ _ On Fri, Aug 7, 2015 at 10:40 AM, Eve Maler <eve@xmlgrrl.com> wrote:
From Adrian for consideration in our legal subgroup meeting coming up shortly. Thanks, Adrian!
Begin forwarded message:
*From: *Adrian Gropper <agropper@healthurl.com> *Subject: **Four UMA Use-Cases in Healthcare* *Date: *7 August 2015 at 6:33:18 AM PDT *To: *Eve Maler <eve@xmlgrrl.com> *Cc: *"Bucci, Debbie (HHS/ONCIT)" <debbie.bucci@hhs.gov>, Josh Mandel < jmandel@gmail.com>, Justin Richer <jricher@mit.edu>
Eve,
There may be only 4 distinct use-cases for UMA in healthcare. I wrote this in order to prepare for the legal subgroup this morning. Feel free to share if it's useful.
- Alice-to-Alice N - The multiple portals problem - Alice wants to direct sharing herself
Alice wants to manage her EHR-1 and EHR-2 authorizations in one place. We call that place the AS.
- Alice registers her AS with her practice’s EHR-1. - Alice registers her AS with another practice EHR-2. - From then on, Alice can sign-in to her EHR, view accounting for disclosures, and manage authorizations.
- Alice-to-Custodian - Delegation to a custodian - Custodian creates an AS for Alice. Custodian has a sign-in to Alice’s AS. - Alice registers her AS with her PCP’s EHR-1. - Alice registers her AS with another practice’s EHR-2. - From then on, Custodian can sign-in to Alice’s EHR, view accounting for disclosures, and manage authorizations.
- Alice-to-Bob Directed - Alice wants to authorize her PCP for directed sharing - Alice registers her AS with her PCP’s EHR-1. - The PCP shares an Alice-specific context with Bob. - Bob’s client EHR-2 presents claims to Alice’s AS, gets authorization. - EHR-2 accesses resource from EHR-1.
- Alice-to-Bob HIE - Alice wants to be discoverable - Alice registers her AS with her practice’s EHR-1. - Alice picks up a flier for the state HIE with a Q/R code, reads their Privacy Policy - Alice signs-in into her AS and scans the Q/R code. - The HIE allows Alice to pick her discovery attributes, registers Alice’s AS. - Bob’s client signs into the HIE, discovers Alice, gets authorization to EHR-1.
--
Adrian Gropper MD
RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
Eve Maler | cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl | Calendar: xmlgrrl@gmail.com
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-uma