...
- mdui:PrivacyStatementURL: PRESENT, MUST be reachable without any authN.
- mdui:DisplayName: PRESENT
- mdui:Description: PRESENT and RECOMMENDED "no longer than 140 characters"
- for all mdui elements there MUST be at least an English value with the `xml:lang="en"` attribute.
- Sirtfi:
- Entity Attribute value:
- ""
- Security Contact:
- ""
Notes from
...
[CoCov2-
...
SP-
...
BP]
p. 12 Data Minimisation
"In the context of this Code of Conduct, under no circumstances is a Service
Provider Organisation authorised to request End User’s Attribute
revealing racial or ethnic origin, political opinions, religious or philosophical
beliefs, trade-union membership, genetic data, biometric data for the
purposes of uniquely identifying a natural person or data concerning health
or sex life or sexual orientation."
Q: Which means that a service provider cannot run an application that collect health data of patients?
A: No it means that for the health data collection to take place there need to be in place a specific agreement between the Home Organisation and the SP. Such agreement will take precedence and override the CoCo.
...
https://refeds.org/category/code-of-conduct/v2
[CoCov2-SP-ECBP]
https://refeds.org/category/code-of-conduct/v2/wp-content/uploads/2022/05/REFEDS-CoCo-Best-Practicev2.pdf
[CoCov2-HomeOrg]
https://wiki.refeds.org/display/CODE/Good+practice+for+Home+organisations