<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:33309340;
mso-list-template-ids:1323720904;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>Thanks John – and to build on your statement about the service getting “…sensitive topics from a Healthcare organization, or might get them from the Patient; possibly both.”<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I would add that experience has shown that adoption by Provider Organizations without an Authoritative list of what is sensitive in relation to a specific regulatory set of conditions (think of a HIPAA transaction for Treatment Purposes) has been hard to engender. My perception is that the law has given no agency the authority to constrain liability (protect the Provider Organization that subscribes to a list of codes representing sensitive topics when that list is defective either sharing too much or sharing too little) for the Provider Organizations that use sanctioned LOVs and basically anything that has been published to date is “use at your own risk”.<span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>That said – if we can figure out how to properly capture and persist the sensitivity tags of the consumer my perception is that the discloser who does so is not liable. Of course this relies on the consumer being able to tag things themselves and have the literacy to do so without inadvertent consequences (their failing to recognize that a Prescription they didn’t mark as sensitive essentially tells literate users that they have a specific condition that the consumer didn’t want to disclose). <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I am not advocating that LOVs that help people set their preferences don’t have value. I am asserting that such lists alone are insufficient and for their intended purpose.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Aaron <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Aaron Seib, CEO<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>@CaptBlueButton <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> (o) 301-540-2311<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>(m) 301-326-6843<o:p></o:p></span></p><p class=MsoNormal><a href="nate-trust.org"><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;text-decoration:none'><img border=0 width=205 height=48 id="Picture_x0020_1" src="cid:image001.jpg@01D2A57A.30D033F0"></span></a><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> John Moehrke [mailto:johnmoehrke@gmail.com] <br><b>Sent:</b> Saturday, March 25, 2017 2:31 PM<br><b>To:</b> Aaron Seib<br><b>Cc:</b> Nancy Lush; HEART List<br><b>Subject:</b> Re: [Openid-specs-heart] HEART profiling for sensitive data<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>I agree with Aaron. However the problem is far bigger. The 'vectors' that are necessary to segment data for various purpose-of-use, and various roles; are many. That is to say sensitivity is not the only vector that is necessary. See <a href="https://healthcaresecprivacy.blogspot.com/2016/08/vectors-through-consent-to-control-big.html">https://healthcaresecprivacy.blogspot.com/2016/08/vectors-through-consent-to-control-big.html</a> <o:p></o:p></p><div><div><p class=MsoNormal style='line-height:13.85pt'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Data Identity - unique identifier of the data<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Folder Identity this data sits within<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>When was the data created<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>When was the data last updated<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Who authored the data<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Who verified the data<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Where was the data authored<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Availability, has the data been replaced or refuted<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>What kind of treating facility authored the data<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>What kind of care practice setting authored the data<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Predecessor data that was used in the authoring of this data (e.g. Order)<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Successor data that was created based on this data (e.g. Discharge Summary)<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Relationships to other data (e.g. folder identifier)<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Type of data object<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Type of clinical content implied by the data (e.g. Pregnant, Cancer, Addict)<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:3.0pt;margin-left:0in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>etc<o:p></o:p></span></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>I will note that the struggle to automatically determine what data might be sensitive from what data might be normal healthdata is the topic of a 'service' in a specification from HL7. That is to note that regardless of the technical details, one really needs a service to carry out that labeling task in an automated way. That service might get the list of sensitive topics from a Healthcare organization, or might get them from the Patient; possibly both. This isolates the labeling from the Access Control decision and enforcement. -- Look for HL7 Security Labeling Service<o:p></o:p></p></div></div></div><div><p class=MsoNormal><br clear=all><o:p></o:p></p><div><div><div><p class=MsoNormal>John Moehrke<br>Principal Engineering Architect: Standards - Interoperability, Privacy, and Security<br>CyberPrivacy – Enabling authorized communications while respecting Privacy<br>M +1 920-564-2067<br><a href="mailto:JohnMoehrke@gmail.com" target="_blank">JohnMoehrke@gmail.com</a><br><a href="https://www.linkedin.com/in/johnmoehrke" target="_blank">https://www.linkedin.com/in/johnmoehrke</a><br><a href="https://healthcaresecprivacy.blogspot.com" target="_blank">https://healthcaresecprivacy.blogspot.com</a><br>"Quis custodiet ipsos custodes?" ("Who watches the watchers?")<o:p></o:p></p></div></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>On Sat, Mar 25, 2017 at 10:33 AM, Aaron Seib <<a href="mailto:aaron.seib@nate-trust.org" target="_blank">aaron.seib@nate-trust.org</a>> wrote:<o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'>Nancy</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'>At the end of the day I am of the opinion that relying on a coding scheme to identify what falls into a sensitive “category” and what doesn’t ends up being arbitrary and often dangerously imprecise. </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'>There is no way to apriori tag what any one consumer considers sensitive and what is considered sensitive by one consumer is not to another. </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'>In short – I am worried that if there isn’t a way for the consumer to mark what they are comfortable being shared any mechanism to make it “easy” for a data-holder to share with a third party while “respecting” the preferences of the consumer is insufficient and represents a legacy perspective. </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'>When we enable the consumer to tag their own data and constrain what is shared by the 3<sup>rd</sup> parties that disclose data “on their behalf” we don’t fall into the trap of trying to create one size fits all LOVs that are inaccurate and only reflect the requirements of a regulatory requirement established decades in the past.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'>We have to figure out how to enable the consumer to define what they want segmented if we are attempting to be respectful of the consumer’s preference. We all know that these preferences change over time and the consumer should be able to update them. </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'>I believe data segmenation without the consumer’s ‘corrections’ leaves too many inaccuracies that inevitably result in disclosures not consistent with the individuals preferences. </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'>We can certainly create categories as an aid to building a consumer specific segmentation rules set but relying on pre-defined code sets to indicate what is sensitive (driven by legacy policies) will miss the mark.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'>Aaron</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'> </span><o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'>Aaron Seib, CEO</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'>@CaptBlueButton </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'> (o) <a href="tel:(301)%20540-2311" target="_blank">301-540-2311</a></span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'>(m) <a href="tel:(301)%20326-6843" target="_blank">301-326-6843</a></span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a href="http://nate-trust.org" target="_blank"><span style='color:#1F497D;text-decoration:none'><img border=0 width=205 height=48 id="m_1865437489803582208_x005f_x0000_i1026" src="cid:image002.jpg@01D2A57A.30D033F0"></span></a><o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'> </span><o:p></o:p></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Openid-specs-heart [mailto:<a href="mailto:openid-specs-heart-bounces@lists.openid.net" target="_blank">openid-specs-heart-bounces@lists.openid.net</a>] <b>On Behalf Of </b>Nancy Lush<br><b>Sent:</b> Friday, March 24, 2017 5:05 PM<br><b>To:</b> <a href="mailto:openid-specs-heart@lists.openid.net" target="_blank">openid-specs-heart@lists.openid.net</a><br><b>Subject:</b> [Openid-specs-heart] HEART profiling for sensitive data</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F3864'>Hello all,</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F3864'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F3864'>Attached is a document which includes background and suggestions for profiling sensitive data. Comments welcome. </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F3864'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F3864'>Thanks, and have a great weekend.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F3864'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F3864'>-Nancy</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F3864'> </span><o:p></o:p></p><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 style='border-collapse:collapse'><tr style='height:1.0pt'><td width=428 colspan=2 valign=top style='width:256.7pt;padding:0in 5.75pt 0in 5.75pt;height:1.0pt'><div style='border:none;border-bottom:solid windowtext 1.5pt;padding:0in 0in 1.0pt 0in'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:115%'><span style='font-size:8.0pt;line-height:115%;color:#1F3864'> </span><o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-line-height-alt:1.0pt'><span style='font-size:8.0pt;color:#1F3864'> </span><o:p></o:p></p></td></tr><tr style='height:1.0pt'><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt;height:1.0pt'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-line-height-alt:1.0pt'><b><span style='font-size:10.0pt;color:#222A35'>Nancy Lush </span></b><o:p></o:p></p></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt;height:1.0pt'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-line-height-alt:1.0pt'><span style='font-size:10.0pt;color:#1F3864'><a href="mailto:nancy.lush@lgisoftware.com" target="_blank">nancy.lush@lgisoftware.com</a></span><o:p></o:p></p></td></tr><tr style='height:1.0pt'><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt;height:1.0pt'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-line-height-alt:1.0pt'><b><span style='font-size:10.0pt;color:#222A35'>Lush Group, Inc</span></b><o:p></o:p></p></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt;height:1.0pt'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-line-height-alt:1.0pt'><span style='font-size:10.0pt;color:#1F3864'>Office: <a href="tel:(401)%20423-9111" target="_blank">(401) 423-9111</a></span><o:p></o:p></p></td></tr><tr style='height:1.0pt'><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt;height:1.0pt'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:115%'><span style='font-size:10.0pt;line-height:115%;color:#1F3864'>28 Narragansett Ave</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-line-height-alt:1.0pt'><span style='font-size:10.0pt;color:#1F3864'>PO Box 651</span><o:p></o:p></p></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt;height:1.0pt'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:115%'><span style='font-size:10.0pt;line-height:115%;color:#1F3864'><a href="http://www.lgisoftware.com" target="_blank">www.lgisoftware.com</a> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-line-height-alt:1.0pt'><span style='font-size:10.0pt;color:#1F3864'>Cell:<a href="tel:(401)%20965-9347" target="_blank">(401) 965-9347</a></span><o:p></o:p></p></td></tr><tr style='height:1.0pt'><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt;height:1.0pt'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-line-height-alt:1.0pt'><span style='font-size:10.0pt;color:#1F3864'>Jamestown, RI 02835</span><o:p></o:p></p></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt;height:1.0pt'></td></tr><tr><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt'></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:115%'><span style='font-size:10.0pt;line-height:115%;color:#1F3864'> </span><o:p></o:p></p></td></tr><tr><td width=428 colspan=2 valign=top style='width:256.7pt;padding:0in 5.75pt 0in 5.75pt'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:115%'><span style='font-size:10.0pt;line-height:115%;color:#1F3864'><img border=0 width=153 height=50 id="m_1865437489803582208Picture_x0020_1" src="cid:image003.gif@01D2A57A.30D033F0" alt="LGI_logo_small"></span><o:p></o:p></p></td></tr><tr><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt'></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt'></td></tr><tr><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt'></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt'></td></tr><tr><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt'></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt'></td></tr><tr><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt'></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt'></td></tr><tr><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt'></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt'></td></tr><tr><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt'></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt'></td></tr><tr><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt'></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt'></td></tr><tr><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt'></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt'></td></tr><tr><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt'></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt'></td></tr><tr><td width=174 valign=top style='width:1.45in;padding:0in 5.75pt 0in 5.75pt'></td><td width=254 valign=top style='width:152.3pt;padding:0in 5.75pt 0in 5.75pt'></td></tr><tr><td width=428 colspan=2 valign=bottom style='width:256.7pt;padding:0in 5.75pt 0in 5.75pt'></td></tr></table><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F3864'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div></div></div></div><p class=MsoNormal style='margin-bottom:12.0pt'><br>_______________________________________________<br>Openid-specs-heart mailing list<br><a href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.openid.net</a><br><a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>