-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use of ION Public DIDs and Privacy Compliance #45
Comments
So Providence wouldn't then use anything with long-form DIDs? Have any other health orgs done that same review and come up with a different answer? |
I want to keep the distinction between long-form ion DIDs and public DIDs. A long-form ion DID can be used directly between parties without ever becoming public (and indeed our current resolution guidance does not include anything beyond support for long form DIDs). I'm not sure how it's different from other identifiers (e.g., phone number or insurance plan id) in this context. I also want to understand where HIPAA applies in this evaluation; in general we are talking about letting consumers share their data with an app of their choice (e.g., the Common Health app), and this exchange falls under the HIPAA right of access. |
Thanks @jmandel and if I misconstrued long-form and public I'll take the hit. It was specifically Public, but I don't think long form was differentiated. Probably worth checking. |
Closing this issue in lieu of #64 |
Previous review by legal compliance at Providence Health System determine public DIDs (such as ION) would not be considered compliant with HIPAA and could not be associated with elements of ePHI.
Recommend sidetree configuration support both public and private DIDs.
The text was updated successfully, but these errors were encountered: