<div dir="ltr"><div><div><div>Robert,<br><br></div>The duty to warn does not imply a right to block access. With respect to personal health data, at least in the US, this has been confirmed and reconfirmed many times and many ways. It probably will come up again in the API Task Force but it does not have to be decided in HEART. All HEART needs to do is to enable the "warn" while also giving the resource subject full authority to bypass the "block". This is what limits the liability of the RS while it enables both privacy AND security. This is what I called a Type A Resource Server yesterday in this thread.<br><br></div>Other constraints may emerge from policy processes in the US and abroad but those will be layered on top of HEART in various ways including trust frameworks, registries, and exceptional controls at the RS that have nothing to do with HEART.<br><br></div>Adrian<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Dec 16, 2015 at 11:30 AM, Robert Horn <span dir="ltr"><<a href="mailto:robert.horn@agfa.com" target="_blank">robert.horn@agfa.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><font face="sans-serif" size="2">This diverges significantly but to understand
the risks you need to know harms and probabilities. Is that person
wrong about that email danger? What are the potential harms to that
person? What are the probabilities that this exposure will result in harm?
What are the cumulative risks and correlated risks? We've got
pitifully little data. That person who turned red might be entirely
correct that for their situation and the PHI involved the integrated probability
and degree of harm from disclosure is much less than the integrated probability
and degree of harm from lack of disclosure. </font>
<br>
<br><font face="sans-serif" size="2">For example, I think the probable harm
from disclosing my dentist appointment (which is PHI) in unprotected email
is less than the harm from missing the appointment. So I let them
send email appointment reminders. I also do not let them use their
web portal for me. It looks poorly implemented and would expose too
much else.</font>
<br>
<br><font face="sans-serif" size="2">I think our goal in this is to establish
mechanisms that will enable appropriate actions as we gain understanding
of risks and as risks evolve. Don't assume you've got the right risk
assessment at the moment. </font>
<br><span class=""><font face="sans-serif" size="2"><br>
Kind Regards,<br>
</font><font face="Verdana" size="2"><b><br>
Robert Horn | </b></font><font face="Verdana" color="red" size="2"><b>Agfa
HealthCare</b></font><font face="Verdana" size="1"><br>
Interoperability Architect | HE/Technology Office<br>
T <a href="tel:%2B1%20978%20897%204860" value="+19788974860" target="_blank">+1 978 897 4860</a><br>
<br>
Agfa HealthCare Corporation, Gotham Parkway 580, Carlstadt, NJ 07072-2405,
USA</font><font face="Verdana" color="#8f8f8f" size="1"><br>
</font><a href="http://www.agfahealthcare.com/" target="_blank"><font face="Verdana" color="#8f8f8f" size="1">http://www.agfahealthcare.com</font></a><font face="Verdana" color="#8f8f8f" size="1"><br>
</font><a href="http://blog.agfahealthcare.com/" target="_blank"><font face="Verdana" color="#8f8f8f" size="1">http://blog.agfahealthcare.com</font></a><font face="Verdana" size="1"><br>
</font>
<hr><font face="Verdana" size="1">Click on link to read important disclaimer:
</font><a href="http://www.agfahealthcare.com/maildisclaimer" target="_blank"><font face="Verdana" color="#8f8f8f" size="1">http://www.agfahealthcare.com/maildisclaimer</font></a><font size="3">
</font>
<br>
<br>
<br>
<br></span><font face="sans-serif" color="#5f5f5f" size="1">From:
</font><font face="sans-serif" size="1">"Aaron Seib"
<<a href="mailto:aaron.seib@nate-trust.org" target="_blank">aaron.seib@nate-trust.org</a>></font>
<br><font face="sans-serif" color="#5f5f5f" size="1">To:
</font><font face="sans-serif" size="1">"'Glen Marshall
[SRS]'" <<a href="mailto:gfm@securityrs.com" target="_blank">gfm@securityrs.com</a>></font>
<br><font face="sans-serif" color="#5f5f5f" size="1">Cc:
</font><font face="sans-serif" size="1"><a href="mailto:openid-specs-heart@lists.openid.net" target="_blank">openid-specs-heart@lists.openid.net</a></font>
<br><font face="sans-serif" color="#5f5f5f" size="1">Date:
</font><font face="sans-serif" size="1">12/16/2015 10:46 AM</font>
<br><span class=""><font face="sans-serif" color="#5f5f5f" size="1">Subject:
</font><font face="sans-serif" size="1">Re: [Openid-specs-heart]
The Number and Ownership of Authorization Servers.</font>
<br></span><span class=""><font face="sans-serif" color="#5f5f5f" size="1">Sent by:
</font><font face="sans-serif" size="1">"Openid-specs-heart"
<<a href="mailto:openid-specs-heart-bounces@lists.openid.net" target="_blank">openid-specs-heart-bounces@lists.openid.net</a>></font>
<br>
<hr noshade>
<br>
<br>
<br></span><div><div class="h5"><font face="Calibri" color="#004080" size="2">Awesome. And on the
other had – lest we all forget – we are the exception and there are people
on the other side of the continuum who literally turn red when you try
to explain to them that sending their PHI to an unsecure email address
is fraught with dangers. </font>
<br><font face="Calibri" color="#004080" size="2"> </font>
<br><font face="Calibri" color="#004080" size="2">If you think about it –
that might be a case that we have to address. </font>
<br><font face="Calibri" color="#004080" size="2"> </font>
<br><font face="Calibri" color="#004080" size="2">There are users who do not
want to set up a AS at all – they just want their damn data. Can
we introduce something in the profile that tells the technologist how to
configure that and more interesting – can that act as the users acknowledgement
that they understand the risks and have chosen to go commando with their
sharing preferences?</font>
<br><font face="Calibri" color="#004080" size="2"> </font>
<br><font face="Calibri" color="#004080" size="2">Aaron Seib, CEO</font>
<br><font face="Calibri" color="#004080" size="2">@CaptBlueButton </font>
<br><font face="Calibri" color="#004080" size="2"> (o) <a href="tel:301-540-2311" value="+13015402311" target="_blank">301-540-2311</a></font>
<br><font face="Calibri" color="#004080" size="2">(m) <a href="tel:301-326-6843" value="+13013266843" target="_blank">301-326-6843</a></font>
<br><a href="http://nate-trust.org" target="_blank"><img src="cid:_2_0FAAE7340FAAE3D4005AA4B385257F1D" style="border:0px solid"></a>
<br><font face="Calibri" color="#004080" size="2"> </font>
<br><font face="Tahoma" size="2"><b>From:</b> Openid-specs-heart [</font><a href="mailto:openid-specs-heart-bounces@lists.openid.net" target="_blank"><font face="Tahoma" size="2">mailto:openid-specs-heart-bounces@lists.openid.net</font></a><font face="Tahoma" size="2">]
<b>On Behalf Of </b>Glen Marshall [SRS]<b><br>
Sent:</b> Tuesday, December 15, 2015 5:16 PM<b><br>
Cc:</b> <a href="mailto:openid-specs-heart@lists.openid.net" target="_blank">openid-specs-heart@lists.openid.net</a><b><br>
Subject:</b> Re: [Openid-specs-heart] The Number and Ownership of Authorization
Servers.</font>
<br><font face="Times New Roman" size="3"> </font>
<br><font face="Times New Roman" size="3">Many people have already set-up
things to establish privacy, in various ways and some more effective than
others. Multiple AS might be one of them.<br>
<br>
For example, if I were enrolled in an HIV-positive clinical study, I might
want the study's AS to contain my authorization just for access to the
relevant RSs and not be noted in my clinical record. The very fact
of being enrolled in the study is too much of a disclosure.<br>
<br>
Similarly, a person who has established a social networking account on
an adult-interest web site might want to keep that out of sight from others.
The mere existence of such privacy preferences in a common authorization
resource might raise uncomfortable questions if they were revealed. One
solution is to have a distinct AS for the adult-interest site. That
can be generalized.<br>
<br>
For privacy reasons, I give every one of my on-line vendor contacts a unique
e-mail address to contact me, e.g., </font><a href="mailto:vendor.com@glenmarshall.com" target="_blank"><font face="Times New Roman" color="blue" size="3"><i><u>vendor.com</u></i><u>@glenmarshall.com</u></font></a><font face="Times New Roman" size="3">
Even though all the e-mail comes to a common account for me to read,
it makes it impossible for unrelated vendors to assemble and share a dossier
keyed by e-mail. Each vendor has my privacy and contact preferences
relative to just cou common business. With a large number of e-mail
addresses I also avoid common identification services, e.g., OAuth, except
where it suits my purposes. A side-effect is that I do not need complex
trust relationships among vendors. This is not much of a schlep for
me, once it was set-up. <br>
<br>
... and so on. <br>
</font>
</div></div><p></p><div><div class="h5"><font face="Times New Roman" size="3"><b>Glen F. Marshall</b><br>
Consultant<br>
Security Risk Solutions, Inc.<br>
698 Fishermans Bend<br>
Mount Pleasant, SC 29464<br>
Tel: <a href="tel:%28610%29%20644-2452" value="+16106442452" target="_blank">(610) 644-2452</a><br>
Mobile: <a href="tel:%28610%29%20613-3084" value="+16106133084" target="_blank">(610) 613-3084</a></font><font face="Times New Roman" color="blue" size="3"><u><br>
</u></font><a href="mailto:gfm@securityrs.com" target="_blank"><font face="Times New Roman" color="blue" size="3"><u>gfm@securityrs.com</u></font></a><font face="Times New Roman" color="blue" size="3"><u><br>
</u></font><a href="http://www.securityrisksolutions.com/" target="_blank"><font face="Times New Roman" color="blue" size="3"><u>www.SecurityRiskSolutions.com</u></font></a>
<br><font face="Times New Roman" size="3">On 12/15/15 15:10, Debbie Bucci
wrote:</font>
<br><font face="Times New Roman" size="3">Yes I believe ...</font><font face="Calibri" color="#004080" size="3">some
poor schlep is going to be on the hook for keeping his AS replicated with
the one I designated because of “Policy”</font>
<br><font face="Times New Roman" size="3"> </font>
<br><font face="Calibri" color="#004080" size="3">AND (ideally) </font>
<br><font face="Times New Roman" size="3"> </font>
<br><font face="Calibri" color="#004080" size="3">The trusted application
that you are familiar designate (Bill's source of truth) would/should trigger/drive
the updates. </font>
<br><font face="Times New Roman" size="3"> </font>
<br><font face="Calibri" color="#004080" size="3">Perhaps a schlep provide
UI to verify update and changes (and trigger receipts of those update)
- would be considered a safeguard.</font>
<br><font face="Times New Roman" size="3"> </font>
<br><font face="Calibri" color="#004080" size="3">Given your experience with
PHRs - you know best - there maybe one source of truth for Healthcare data
today but with IOT and other yet to be determined innovations - I
still believe (under the covers) it will be distributed in nature.</font>
<br><font face="Times New Roman" size="3"> </font>
<br><font face="Calibri" color="#004080" size="3">Understanding that going
in may impact some of our decisions. </font>
<br><font face="Times New Roman" size="3"> </font>
<br><font face="Times New Roman" size="3"> </font>
<br><font face="Times New Roman" size="3"> </font>
<br><font face="Times New Roman" size="3"> </font>
<br><font face="Times New Roman" size="3"> </font>
<br><font face="Times New Roman" size="3"><br>
<br>
</font>
<br><font face="Courier New" size="2">_______________________________________________</font>
<br><font face="Courier New" size="2">Openid-specs-heart mailing list</font>
<br><a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank"><font face="Courier New" color="blue" size="2"><u>Openid-specs-heart@lists.openid.net</u></font></a>
<br><a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" target="_blank"><font face="Courier New" color="blue" size="2"><u>http://lists.openid.net/mailman/listinfo/openid-specs-heart</u></font></a>
<br><font face="Times New Roman" size="3"> </font>
<div align="center">
<hr noshade></div>
<br><font face="Times New Roman" size="3">No virus found in this message.<br>
Checked by AVG - </font><a href="http://www.avg.com/" target="_blank"><font face="Times New Roman" color="blue" size="3"><u>www.avg.com</u></font></a></div></div><font face="Times New Roman" size="3"><br>
Version: 2016.0.7294 / Virus Database: 4483/11177 - Release Date: 12/14/15</font><tt><font size="2">_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.openid.net</a><br>
</font></tt><a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" target="_blank"><tt><font size="2">http://lists.openid.net/mailman/listinfo/openid-specs-heart</font></tt></a><tt><font size="2"><br>
</font></tt>
<br>
<p></p><br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><br><div dir="ltr">Adrian Gropper MD<span style="font-size:11pt"></span><br><br><span style="font-family:"Arial",sans-serif;color:#1f497d">PROTECT YOUR FUTURE - RESTORE Health Privacy!</span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>HELP us fight for the right to control personal health data.</span><span style="font-family:"Arial",sans-serif;color:#1f497d"></span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>DONATE:
<a href="http://patientprivacyrights.org/donate-2/" target="_blank"><span style="color:#0563c1">http://patientprivacyrights.org/donate-2/</span></a></span><span style="color:#1f497d"></span>
</div></div></div></div></div></div></div></div>
</div>