<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.hoenzb
{mso-style-name:hoenzb;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>And this may be a really stupid question but what the heckā¦<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>How does this discussion play into the discussion of computational privacy as advocated by ONC/Lisa Savage?<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Barb<o:p></o:p></span></p><p class=MsoNormal><a name="_MailEndCompose"><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></a></p><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Openid-specs-heart [mailto:openid-specs-heart-bounces@lists.openid.net] <b>On Behalf Of </b>Debbie Bucci<br><b>Sent:</b> Monday, May 4, 2015 9:15 PM<br><b>To:</b> Adrian Gropper<br><b>Cc:</b> Lefkovitz, Naomi B.; openid-specs-heart@lists.openid.net; michael.garcia@nist.gov<br><b>Subject:</b> Re: [Openid-specs-heart] Taking Privacy engineering to HEART<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>Adrian<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>Your description sounds like a redux mix of FIPP, Privacy by Design sprinkled with HIPPA. <o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal> I see reference to the workshop and objectives. <a href="http://csrc.nist.gov/projects/privacy_engineering/index.html">http://csrc.nist.gov/projects/privacy_engineering/index.html</a> <o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>Do you have a link reference that lays out the principles you listed? <o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p> <o:p></o:p></p><p> <o:p></o:p></p><p> <o:p></o:p></p><p> <o:p></o:p></p></div></div><div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>On Mon, May 4, 2015 at 9:55 PM, Adrian Gropper <<a href="mailto:agropper@healthurl.com" target="_blank">agropper@healthurl.com</a>> wrote:<o:p></o:p></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><div><div><p class=MsoNormal style='margin-bottom:12.0pt'>I propose we apply NIST Privacy Engineering principles to the HEART profiles. This would mean designing the profiles to allow policy to be introduced at the appropriate layer in the protocols and no sooner.<o:p></o:p></p></div><p class=MsoNormal style='margin-bottom:12.0pt'>The most important aspects of Privacy Engineering in the HEART context are (in rough order of importance) open source, anonymity, pairwise pseudonymous identity, transparency, notice, data minimization, persistence minimization, and subject-centrality. <o:p></o:p></p><div><div><p class=MsoNormal>0 - Open Source - HEART MUST allow for implementation by open source Clients and open source authorization servers as built by the Subject.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'><br>1 - Anonymity - HEART MUST allow for anonymous access when policy allows.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'>2 - Pairwise Pseudonymous Identity - HEART MUST support pairwise pseudonymous identity for longitudinal aggregation of data by a single Resource Server. For the purpose of the Privacy Engineering exercise, we need a definition of "known to the practice" as the in-person identification of the Subject without recourse to external verification or ID proofing. The requirement for verified identity or other policy-dependent attributes such as a discoverable pseudonym are to be separate from the core design of HEART profiles.<br><br>3 - Transparency - HEART MUST allow for the Subject to get an on-line Accounting for Disclosures while preserving a pairwise pseudonymous identity.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'>4 - Notice - HEART MUST allow for notice to Subjects that are willing to share a voluntary and possibly insecure notification address.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'>5 - Data Minimization - HEART MUST not impose minimum information disclosure requirements by design.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'>6 - Persistence Minimization - HEART SHOULD support automated, limited access to data by reference in order to reduce the incentive for Clients to persist unnecessary copies of the subject's data.<o:p></o:p></p></div><div><p class=MsoNormal>7 - Subject Centrality - aka the Multiple Portals Problem - HEART SHOULD allow for Subjects to specify their preferred Authorization Server in a domain-neutral (across legal, finance, health, education domains) unless expressly prohibited by law.<o:p></o:p></p></div><div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'>I've copied two NIST folks involved in privacy engineering and the NSTIC principles in order to make sure I'm interpreting these correctly.<o:p></o:p></p></div><div><p class=MsoNormal><span style='color:#888888'>Adrian<br clear=all><o:p></o:p></span></p></div><div><p class=MsoNormal><span style='color:#888888'><br>-- <o:p></o:p></span></p><div><div><p class=MsoNormal><span style='color:#888888'>Adrian Gropper MD</span><span style='font-size:7.5pt;color:#888888'><br></span><span style='font-size:10.0pt;color:#888888'>Ensure Health Information Privacy. Support Patient Privacy Rights.<br><a href="http://patientprivacyrights.org/donate-2/" target="_blank">http://patientprivacyrights.org/donate-2/</a></span><u><span style='font-size:10.0pt;color:blue'> </span></u><span style='font-size:11.0pt;color:#888888'><o:p></o:p></span></p><p class=MsoNormal><span style='color:#888888'><o:p> </o:p></span></p></div></div></div></div></div></div><p class=MsoNormal style='margin-bottom:12.0pt'><br>_______________________________________________<br>Openid-specs-heart mailing list<br><a href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.openid.net</a><br><a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><o:p></o:p></p></blockquote></div><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>