Use of ION Public DIDs and Privacy Compliance #45
Comments
|
So Providence wouldn't then use anything with long-form DIDs? Have any other health orgs done that same review and come up with a different answer? |
|
I want to keep the distinction between long-form ion DIDs and public DIDs. A long-form ion DID can be used directly between parties without ever becoming public (and indeed our current resolution guidance does not include anything beyond support for long form DIDs). I'm not sure how it's different from other identifiers (e.g., phone number or insurance plan id) in this context. I also want to understand where HIPAA applies in this evaluation; in general we are talking about letting consumers share their data with an app of their choice (e.g., the Common Health app), and this exchange falls under the HIPAA right of access. |
|
Thanks @jmandel and if I misconstrued long-form and public I'll take the hit. It was specifically Public, but I don't think long form was differentiated. Probably worth checking. |
|
Closing this issue in lieu of #64 |
Previous review by legal compliance at Providence Health System determine public DIDs (such as ION) would not be considered compliant with HIPAA and could not be associated with elements of ePHI.
Recommend sidetree configuration support both public and private DIDs.
The text was updated successfully, but these errors were encountered: