UMA telecon 2021-12-09

...

• Approve minutes of UMA telecon 2021-09-09, UMA telecon 2021-09-16, UMA telecon 2021-09-23, UMA telecon 2021-09-30, UMA telecon 2021-10-14, UMA telecon 2021-10-21, UMA telecon 2021-10-28, UMA telecon 2021-11-04, UMA telecon 2021-11-18, UMA telecon 2021-12-02

Deferred

Working Session on BLT Use-Case Report

https://kantarainitiative.org/confluence/pages/viewpageattachments.action?pageId=17760302 

Goal for today:

• Focus on one healthcare use-cases → outline for content we want to create 
• Use first pp2pi use case and apply to UMA and UMA legal.
• Be empathetic in the language

Notes:

• we should always try to qualify the word "policy" to disambiguate (eg insurance policy, sharing policy)

Once you describe the relationship between people and technical systems (AS, RS), it becomes much easier to define what policy exists and where is can be applied. 

There is a tension between a patient's right to privacy and a providers (doctor's) need to have a complete medical history. 

There are many levels of policy, from federal (state, region, city, organization) and finally down to the individual patient. Also many types of policy (legal, compliance...

UMA enables patient driven policy, while other levels of policy are about risk management and liability. UMA is able to provide human rights enforcement. 

There has been recent shift and regulation to patient driven consent, wth the hope of giving them greater access and control over their data

UMA can align the incentives of people and organization at all of these policy levels, between those who have the most risk and liability to manage, and the lack of control given to the patient because of those risks.

Things are not fine-grained enough to enable sharing in safe ways, resulting in NO access. This is what info-blocking rules are starting to address, orgniaztions have to do better to give control of the data to the subject 9patient)

"architecture of the future of consent, we need to rectify the asymmetry that exists today through peer based, asynchronous and human consent"

the pyramid: data protection, transparency, control. Only the middle layer is maybe appropriate to hold on a blockchain...

Notice of risk and proof of notice is required before consent can be meaningfully gathered.

Use-Case (initial state):

• Julie is a adolescent woman, age 16
• She has a GP, and also see's an asthma specialist at a health organization
• The health organization provide a patient portal, including proxy access features
• The health organization provides a provider portal, with greater access to the data
• The health organization provides a provider identity provider/directory services, includes roles and patient roster
• Julie has given her mother proxy access to this health portal
• Julies' mother tells the provider about her history with abuse, this is noted in the record, but should be hidden from Julie be default
• Julie wants to hide reproductive health data from her mother (eg STI test history) in the portal, and her asthma specialist who can also access the record
• Her fathers insurance covers most of her medical care
• The insurance invoices should redact specific health information about Julie from her father, while he has a want(need?) to know what he's paying for (was the service even performed?!)

Examples of sensitive/conf health information areas, relevant to some providers - depending on role, hidden by default to th parent

• social status (hungry, safe at home?)
• sexual status (active? using condoms? STI?)
• smoking and drug status 
• mental health status

Technical Approaches:

• HEART based sensitivity and confidentiality tagging. Different coding is mapped and tagged with this information (eg STI history observation get's tagged as sensitive)
  • to a proxy, can have default policy (share by default, hide by default)
• use of the btg code, can turn an 'out of scope' access into a auditable and appropriate type of access
• audit through 'privacy log' 

Out of scope:

• big ad-tech and unintentional disclosure of information (eg Alice searches for X, and my parent starts seeing ads for dX)
• multiple data subjects involved (parent, child) eg parent information sharing policy towards the child (history of domestic violence)
• non-techinical data flows, eg phone calls etc where the human needs to make a fuzzy policy decision
• (future) in the bow tie today, the AS 'licenses perm granting to' the RS, however isn't it the RS that is delegation the PDP to the AS?

Design Pattern of state changes:

• specific to the resource, the RS is responsible to track resources, the resource subject(s) and other tagging

AOB

• Should we cancel some of the meeting at the end of the month, eg Dec 23 and Dec 30? 
  • Who would attend those sessions?

• https://identiverse.com/  Call for presentations is open, accepting proposals until early January. It 

Attendees

As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)

Voting:

1. Eve
2. Steve
3. Alec
4. Sal
5. Andi

Non-voting participants:

1. Scott
2. Nancy
3. George

Regrets: