<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Let's assume an accurate patient-matching "black box" exists. What
are the use cases that would help us define a secure means to
support arbitrary policy-based privacy objectives? <br>
<br>
Let's not seek 100% assurance of privacy, as that is an NP-complete
problem. What we need is a solution that can be incrementally
improved.<br>
<br>
Glen <br>
<div class="moz-signature">
<p><b>Glen F. Marshall</b><br>
Consultant<br>
Security Risk Solutions, Inc.<br>
698 Fishermans Bend<br>
Mount Pleasant, SC 29464<br>
Tel: (610) 644-2452<br>
Mobile: (610) 613-3084<br>
<a class="moz-txt-link-abbreviated" href="mailto:gfm@securityrs.com">gfm@securityrs.com</a><br>
<a class="moz-txt-link-abbreviated" href="http://www.SecurityRiskSolutions.com">www.SecurityRiskSolutions.com</a></p>
</div>
<div class="moz-cite-prefix">On 9/26/15 16:32, Adrian Gropper wrote:<br>
</div>
<blockquote
cite="mid:CANYRo8jS4sQ=PZ4npcs0-dH=WYQESnti-5yxN-yrV7k+yEsaZQ@mail.gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<div dir="ltr">
<div>If it were under the cover of TPO, then why wouldn't all
health information exchanges do the same thing?<br>
<br>
</div>
Adrian<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Sat, Sep 26, 2015 at 11:34 AM, Aaron
Seib <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:aaron.seib@nate-trust.org" target="_blank">aaron.seib@nate-trust.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div link="blue" vlink="purple" lang="EN-US">
<div>
<p class="MsoNormal"><a moz-do-not-send="true"
name="1500a4b04c0be91d__MailEndCompose"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">If
you figure out how SureScripts does it please
don’t share with anyone else. </span></a><span
style="font-size:11.0pt;font-family:Wingdings;color:#1f497d">J</span><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Isn’t
it just under the cover of TPO?</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Aaron
Seib</span></p>
<p class="MsoNormal"><a moz-do-not-send="true"
href="http://www.nate-trust.org/" target="_blank"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">NATE</span></a><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">,
CEO</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">@CaptBlueButton</span><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">(o)
<a moz-do-not-send="true" href="tel:301-540-2311"
value="+13015402311" target="_blank">301-540-2311</a></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">(m)
<a moz-do-not-send="true" href="tel:301-326-6843"
value="+13013266843" target="_blank">301-326-6843</a></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Openid-specs-heart [mailto:<a moz-do-not-send="true"
href="mailto:openid-specs-heart-bounces@lists.openid.net"
target="_blank">openid-specs-heart-bounces@lists.openid.net</a>]
<b>On Behalf Of </b>Adrian Gropper<br>
<b>Sent:</b> Saturday, September 26, 2015 10:14 AM<span
class=""><br>
<b>To:</b> Maxwell, Jeremy (OS/OCPO)<br>
<b>Cc:</b> Catherine Schulten; <a
moz-do-not-send="true"
href="mailto:openid-specs-heart@lists.openid.net"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:openid-specs-heart@lists.openid.net">openid-specs-heart@lists.openid.net</a></a><br>
</span><b>Subject:</b> Re: [Openid-specs-heart]
Bloomberg article highlights pitfalls associated
with patient matching</span></p>
<div>
<div class="h5">
<p class="MsoNormal"> </p>
<p class="MsoNormal">I agree with Jeremy about
transparency as the solution but I also think that
what Catherine calls "anonymization" would have
solved the problem. </p>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Anonymization or pairwise
pseudonumity forces the patient to be an
explicit actor to the matching process. It
replaces an error-prone probabilistic and hidden
process with a clear informed consent by the
patient being matched. </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Although not mentioned in
this Bloomberg article, Surescripts is the
de-facto national patient surveillance system.
Pretty much every prescription we have ever had
from any Meaningful Use EHR and beyond is
identity matched, tracked, and stored forever by
Surescripts. I am currently trying to figure out
how Surescripts is able to do this without any
visible consent or transparency.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Adrian<br>
<br>
On Friday, September 25, 2015, Maxwell, Jeremy
(OS/OCPO) <<a moz-do-not-send="true"
href="mailto:Jeremy.Maxwell@hhs.gov"
target="_blank">Jeremy.Maxwell@hhs.gov</a>>
wrote:</p>
<div>
<div>
<p class="MsoNormal"><span
style="color:#1f497d">Probably not. It
sounds like it was either human error
(e.g., someone entered information into a
wrong chart) or a software error (e.g.,
the EHR software mixed up its database
indices). Or it could be simple fraud
(e.g., doctor shopping). In any event, I
think the best defense against erroneous
records is greater, easier, and quicker
patient access. Just like paper charts
before them, electronic records will
always have inaccuracies. This isn’t
really news. It’s how quickly they can be
identified and remedied—that’s the key.</span></p>
<p class="MsoNormal"><span
style="color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="color:#1f497d"> </span></p>
<div>
<div style="border:none;border-top:solid
#b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Openid-specs-heart [mailto:<a
moz-do-not-send="true"><a class="moz-txt-link-abbreviated" href="mailto:openid-specs-heart-bounces@lists.openid.net">openid-specs-heart-bounces@lists.openid.net</a></a>]
<b>On Behalf Of </b>Catherine
Schulten<br>
<b>Sent:</b> Friday, September 25,
2015 11:07 AM<br>
<b>To:</b> <a moz-do-not-send="true">openid-specs-heart@lists.openid.net</a><br>
<b>Subject:</b> [Openid-specs-heart]
Bloomberg article highlights pitfalls
associated with patient matching</span></p>
</div>
</div>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><a moz-do-not-send="true"
href="http://www.bloomberg.com/news/articles/2015-09-23/the-pitfalls-of-health-care-companies-addiction-to-big-data"
target="_blank">http://www.bloomberg.com/news/articles/2015-09-23/the-pitfalls-of-health-care-companies-addiction-to-big-data</a></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Mother’s prescription
information is linked to daughter’s record –
would anonomyziation have solved this
problem?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif";color:#2f5496">Catherine
Schulten</span></p>
<p class="MsoNormal"><b><span
style="font-family:"Arial","sans-serif";color:#2f5496">Director,
Product Management</span></b></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif";color:#2f5496">LifeMed
ID, Inc. </span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif";color:#2f5496">6349
Auburn Blvd., Citrus Heights, CA 95621</span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif";color:#2f5496"> </span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif";color:#2f5496">Office:
<a moz-do-not-send="true"
href="tel:888.550.6550%20x135"
value="+18885506550" target="_blank">888.550.6550
x135</a> </span><span
style="font-family:"Arial","sans-serif";color:#70ad47">|</span><span
style="font-family:"Arial","sans-serif";color:#2f5496">
Cell: <a moz-do-not-send="true"
href="tel:954.290.1991"
value="+19542901991" target="_blank">954.290.1991</a>
</span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif";color:#2f5496"><a
moz-do-not-send="true"
href="http://www.lifemedid.com/"
target="_blank"><span
style="color:#2f5496;text-decoration:none">Website</span></a>
</span><span
style="font-family:"Arial","sans-serif";color:#70ad47">|</span><span
style="font-family:"Arial","sans-serif";color:#2f5496">
<a moz-do-not-send="true"
href="https://www.facebook.com/pages/LifeMed-ID/168424683331516?ref=bookmarks"
target="_blank"><span
style="color:#2f5496;text-decoration:none">Facebook</span></a>
</span><span
style="font-family:"Arial","sans-serif";color:#70ad47">|</span><span
style="font-family:"Arial","sans-serif";color:#2f5496">
<a moz-do-not-send="true"
href="https://www.linkedin.com/company/1893899?trk=tyah&trkInfo=clickedVertical%3Acompany%2Cidx%3A1-1-1%2CtarId%3A1436221486696%2Ctas%3ALifeMed%20Id"
target="_blank"><span
style="color:#2f5496;text-decoration:none">LinkedIn</span></a>
</span><span
style="font-family:"Arial","sans-serif";color:#70ad47">|</span><span
style="font-family:"Arial","sans-serif";color:#2f5496">
<a moz-do-not-send="true"
href="https://twitter.com/LifemedID"
target="_blank"><span
style="color:#2f5496;text-decoration:none">Twitter</span></a>
</span><span
style="font-family:"Arial","sans-serif";color:#70ad47">|</span><span
style="font-family:"Arial","sans-serif";color:#2f5496">
<a moz-do-not-send="true"
href="https://plus.google.com/106315953419857947247/posts"
target="_blank"><span
style="color:#2f5496;text-decoration:none">Google+</span></a></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif";color:#2f5496"> </span></p>
<p class="MsoNormal"><span
style="color:#0f243e"><img
src="cid:part19.01040908.09030705@securityrs.com"
alt="lifemedid_logo" border="0"
height="25" width="185"></span></p>
<p class="MsoNormal"><span
style="font-family:"Century
Gothic","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"> </p>
</div>
</div>
</div>
<p class="MsoNormal"><br>
<br>
-- </p>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">Adrian Gropper MD<br>
<br>
<span
style="font-family:"Arial","sans-serif";color:#1f497d">PROTECT
YOUR FUTURE - RESTORE Health
Privacy!<br>
HELP us fight for the right to
control personal health data.<br>
DONATE: <a moz-do-not-send="true"
href="http://patientprivacyrights.org/donate-2/" target="_blank"><span
style="color:#0563c1">http://patientprivacyrights.org/donate-2/</span></a></span>
</p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"> </p>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div class="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div><br>
<div dir="ltr">Adrian Gropper MD<span
style="font-size:11pt"></span><br>
<br>
<span
style="font-family:"Arial",sans-serif;color:#1f497d">PROTECT
YOUR FUTURE - RESTORE Health Privacy!</span><span
style="font-family:"Arial",sans-serif;color:#1f497d"><br>
HELP us fight for the right to control
personal health data.</span><span
style="font-family:"Arial",sans-serif;color:#1f497d"></span><span
style="font-family:"Arial",sans-serif;color:#1f497d"><br>
DONATE:
<a moz-do-not-send="true"
href="http://patientprivacyrights.org/donate-2/"
target="_blank"><span style="color:#0563c1">http://patientprivacyrights.org/donate-2/</span></a></span><span
style="color:#1f497d"></span>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Openid-specs-heart mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-heart">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a>
</pre>
</blockquote>
<br>
</body>
</html>