[WG-InfoSharing] [projectvrm] Semantic (healthcare) stake in the ground (was The Administration perspective...)
dsearls at cyber.law.harvard.edu
Sat Dec 18 13:32:12 EST 2010
At 6:56 PM -1000 12/17/10, J. Clark wrote:
>Adrian, VRMistas, Info Sharers,
>I'm cc'ing this to the Kantara Info Sharing group as I believe there
>are members on that list who might contribute to this.
>Thanks for your summary and suggestions. To your three suggestions
>below, example comments that we might consider in order to support
>or modify PCAST to allow Personal Data Stores (placeholders here):
>1. VRM has a significant identity management component.
>I'm curious to see if anyone would challenge this. The nature(s) of
>the component is under exploration in a number of camps. I'd like to
>see others weigh in to help identify appropriate identity trust
I'd say VRM can include, identity management. But I also see VRM as a
broad category that might be thought of as a toolbox. It can include
lots of tools, but none of the tools are themselves required. And in
fact there is at least one VRM development, The Mine! Project
<http://themineproject.org>. that purposefully does not start with
identity (and avoids identity as a required dependency. Maybe Adriana
or Alec can weigh in here on that.
>2. PCAST seeks to make the metadata vocabulary expandable.
>Again there are several groups--including Kantara working
>groups--that might help here.
>3. VRM has a perspective on governance and the ability of
>individuals, cooperatives and small groups to host their own PDS
>(personal data store) nodes.
>Doc has at least one thought on this. Others will likely contribute,
Self-hosting should be an option. See what Joe says about User Driven
... especially #6:
Writing this on a moving bus without my glasses, so I'll stick just
with the above.
>Thanks Adrian for your continued efforts to increase inclusivity.
>On 12/16/10 1:33 PM, Adrian Gropper wrote:
>>The PCAST report is 91 pages.
>>The technology part starts on page 41. Here's my oversimplified
>>summary from the VRM perspective:
>>Private data in PDS are encoded as XML with standardized and
>>Metadata accompanies the data that includes at least:
>>person (the subject of the data)
>>provenance (the author of the data)
>>privacy (who can see the data with person or anonymous)
>>The data and the metadata are encrypted separately and managed
>>separately by the PDS
>>An infrastructure of Data Element Access Services (DEAS) will crawl
>>and index metadata and manage authentication and authorization but
>>will _not_ be allowed to see the data itself. DEAS and the separate
>>metadata encryption are designed to be easily regulated.
>>The goal is to allow aggregation of data across multiple PDS
>>on-demand subject to the authorization constraints of the subject
>>The design allows for aggregation of identified data as well as
>>anonymized data (for research)
>>It's a safe bet that if the PCAST architecture moves forward, a
>>regulatory system will be put in place to manage identity and
>>privacy in this healthcare context.
>>Example comments that we might consider in order to support or
>>modify PCAST to allow Personal Data Stores:
>>VRM has a significant identity management component. The
>>healthcare-oriented Direct Project
>><http://directproject.org/>http://directproject.org/ experience in
>>setting up a secure email system that includes both persons and
>>institutions can inform how users are identified in PCAST metadata.
>>PCAST needs to be compatible with identity trust anchors that are
>>not strictly tied to healthcare.
>>PCAST seeks to make the metadata vocabulary expandable. How would
>>the VRM community like to manage controlled vocabularies and what
>>does HHS need to do to make sure that they retain compatibility
>>VRM has a perspective on governance and the ability of individuals,
>>cooperatives and small groups to host their own PDS nodes. PCAST
>>assumes there will be relatively few privacy control points (DEAS)
>>serving an unlimited number of PDS. Is this too much central
>>control? Can VRM live with this kind of centralization in return
>>for lubricating the broad adoption of PDS infrastructure?
>>The goal of our comments would be to jump-start PDS adoption by
>>piggybacking on the regulations, software and services that will be
>>created to serve the massive needs healthcare.
>>Adrian Gropper MD
>><mailto:agropper at medcommons.net>agropper at medcommons.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the WG-InfoSharing