[Openid-specs-heart] Bloomberg article highlights pitfalls associated with patient matching

Aaron Seib (NATE) aaron.seib at nate-trust.org
Sun Sep 27 12:18:04 UTC 2015 

Thanks.  Arbitrary is a loaded term for me in the sense that in law it seems to mean a decision that is not based on reason or justification.   


Sent from my Verizon Wireless 4G LTE smartphone

<div>-------- Original message --------</div><div>From: "Glen Marshall [SRS]" <gfm at securityrs.com> </div><div>Date:09/26/2015  11:47 PM  (GMT-05:00) </div><div>To: openid-specs-heart at lists.openid.net </div><div>Subject: Re: [Openid-specs-heart] Bloomberg article highlights pitfalls associated with patient matching </div><div>
</div>Policy-based privacy objectives cannot be predicted, hence they are     arbitrary relative to the use cases.  They may be individual, institutional, governmental, cultural, etc.  The technology should be secure and enabling, not constraining, to the objectives.  

Our assumptions about the provenance of the policies and how they operate needs to be unconstrained as well.  For example, not all privacy preferences are restrictive, e.g., a patient may choose to disclose more than a default privacy policy allows.  Some policies may conflict with each other, with a compromise resolution outside of the use case.  And so on.  We just need to support them, regardless.

Glen F. Marshall
Consultant
Security Risk Solutions, Inc.
698 Fishermans Bend
Mount Pleasant, SC 29464
Tel: (610) 644-2452
Mobile: (610) 613-3084
gfm at securityrs.com
www.SecurityRiskSolutions.com

On 9/26/15 20:03, Aaron Seib wrote:
There is no objecting to that reasoning. 
 
I would add that the system operator is responsible for disclosing to the potential user that these risks exist and allow the user to exercise their right not to participate if they do not feel the approach being proposed is sufficient. 
 
Where I am not following is the following phrase…
 
“help us define a secure means to support arbitrary policy-based privacy objectives.”
 
I wonder if when you say ‘support arbitrary policy based privacy objectives’ is that mean the same thing as ‘support             the ability of an individual to define their own privacy preferences’ as in “I am not ready to share with these people the fact that I am being treated for pancreatitis” and the authorization server prevents information related to my treatments from being shared or do you mean something else entirely?
 
Aaron Seib, CEO
@CaptBlueButton
 (o) 301-540-2311
(m) 301-326-6843

 
From: Openid-specs-heart [mailto:openid-specs-heart-bounces at lists.openid.net] On Behalf Of Glen Marshall [SRS]
Sent: Saturday, September 26, 2015 7:37 PM
Cc: Catherine Schulten; openid-specs-heart at lists.openid.net
Subject: Re: [Openid-specs-heart] Bloomberg article highlights pitfalls associated with patient matching
 
Let's assume an accurate patient-matching "black box" exists.  What are the use cases that would help us define a secure means to support arbitrary policy-based privacy objectives?  
  
Let's not seek 100% assurance of privacy, as that is an NP-complete problem.  What we need is a solution that can be incrementally improved.

Glen    
Glen F. Marshall
Consultant
Security Risk Solutions, Inc.
698 Fishermans Bend
Mount Pleasant, SC 29464
Tel: (610) 644-2452
Mobile: (610) 613-3084
gfm at securityrs.com
www.SecurityRiskSolutions.com

On 9/26/15 16:32, Adrian Gropper wrote:
If it were under the cover of TPO, then why wouldn't all health information exchanges do the same thing?

Adrian
 
On Sat, Sep 26, 2015 at 11:34 AM,                 Aaron Seib <aaron.seib at nate-trust.org> wrote:
If you figure out how SureScripts does it please don’t share with anyone else.  J
 
Isn’t it just under the cover of TPO?
 
Aaron Seib
NATE, CEO
@CaptBlueButton
(o) 301-540-2311
(m) 301-326-6843
 
 
From:                       Openid-specs-heart [mailto:openid-specs-heart-bounces at lists.openid.net] On Behalf Of Adrian Gropper
Sent: Saturday, September 26, 2015 10:14 AM
To: Maxwell, Jeremy (OS/OCPO)
Cc: Catherine Schulten; openid-specs-heart at lists.openid.net
Subject: Re: [Openid-specs-heart] Bloomberg article highlights pitfalls associated with patient matching
 
I agree with Jeremy about transparency as the solution but I also think that what Catherine calls "anonymization" would have solved the problem. 
 
Anonymization or pairwise pseudonumity forces the patient to be an explicit actor to the matching process. It replaces an error-prone probabilistic and                           hidden process with a clear informed consent by the patient being matched. 
 
Although not mentioned in this Bloomberg article, Surescripts is the de-facto national patient surveillance system. Pretty much every prescription we have ever had from any                           Meaningful Use EHR and beyond is identity matched, tracked, and stored forever by Surescripts. I am currently trying to figure out how Surescripts is able to do this                           without any visible consent or transparency.
 
Adrian

On Friday, September 25, 2015, Maxwell, Jeremy (OS/OCPO) <Jeremy.Maxwell at hhs.gov> wrote:
Probably not.  It sounds like it was either human error (e.g., someone entered information into                                 a wrong chart) or a software error (e.g., the EHR software mixed up its database indices). Or it could be                                 simple fraud (e.g., doctor shopping).  In any event, I think the best de
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20150927/af9a17f7/attachment.html>

More information about the Openid-specs-heart mailing list