Child pages
  • UMA telecon 2021-10-28

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.



The Kantara All members meeting is Dec 8th, 11-1230ET

FHIR Vulnerability Report

Working document here: Report on FHIR API Vulnerabilities 

Please take a look, all comments/contributions welcomed! There original report is attached to the confluence page 

Delegation Use Cases

  • We reviewed user-stories from the pp2pi group
    • They are reviewing these user-stories from many aspects: privacy, harms, policy, legal, technical
    • there are a few patient personas such as: Adolescent, Adult, Parent, Geriatric
    • Reviewed the Adolescent persona around reproductive health and the privacy and harm risks created through proxy access
    • Risks both from patient→proxy and proxy→patient
  • How can UMA address? How can delegation address? What can't be handled technically?
    • delegated administration can solve many, but not all, of the challenges. resource rights constrained by relationships
      • can we understand the different states that the data moves through? how do these states change and new data is added/accessed?
    • the discrete data elements needs appropriate RO and sensitivity tagging – before access by anyone...
    • How far does UMA standard go, and what needs to go beyond into impl/profile?


  • We are planning a 3 hour working session on December 9th, we will use extend the normal call from 930-1230ET 
    • Want to make progress on some of the in-progress docs, have them in a consistent state 
    • Eve, Nancy, Alec, Andi 
    • If you're up to attend, please email Alec, or leave a comment on these minutes

Topic Candidates (from previous week's telcon)


As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)


  • Andi
  • Eve
  • Alec
  • Sal

Non-voting participants:

  • Scott
  • Nancy


  1. Steve