bdhandspicker
commented
5 years ago Just thinking out loud, but I suspect that when asking for authorization to access/modify previously exchanged sensitive information (the "mother-may-I" request) we may need to be able to uniquely identify the specific information involved. This might require associated UIDs for information down to the finest level of granularity. This is doable with meta-data, but it would be an unreasonable overhead burden to have to include a UID with every individual element in an original information exchange just in case someone needs to ask for authorization. So, how do we decide what elements to tag with UIDs? Or can we simply tag the IEPD instance and calculate privileges for individual elements within the IEPD instance?
markrdotson
Review HIPPA-compliant & PHI use case(s) to be provided by Health Domain COI; determine approach and level of effort (LOE) needed to support requirements