[License-review] 2nd resubmission of the new MGB 1.0 license

Fri Mar 7 01:01:40 UTC 2025

Hi Marvin,

I don't understand the value of saying any of this:

> Licensor does not have any obligation under this License to provide 
> any protected health information (hereinafter referred to as *“PHI”*), 
> as defined in accordance with 45 CFR §160.103 of the Health Insurance 
> Portability and Accountability Act (HIPAA),or other personal 
> information, or to validate any data generated by the use of the Work. 
> ... Licensor has attempted to delete all copies of such personal 
> information in the data, and will undertake to ensure that the Work 
> does not contain any data with personal information.
>
What in the document, or in industry practice, suggests that you /would/ 
have an obligation to provide PII or validate data? Aren't you just 
stating what would be true whether you say it or not?

And why would you promise to ensure that the Work does not contain PII? 
I don't think that's a problem with whether the license is open source, 
it just seems odd to me to undertake an obligation, and potentially be 
liable for your failure, that you have no duty to undertake.

Pam

Pamela S. Chestek (in my personal capacity)
Chestek Legal
PLEASE NOTE OUR NEW MAILING ADDRESS
4641 Post St.
Unit 4316
El Dorado Hills, CA 95762
+1 919-800-8033
pamela at chesteklegal
www.chesteklegal.com

On 3/4/2025 9:02 AM, Barksdale, Marvin wrote:
>
> > Hi Marvin
>
> > I for one would be very grateful if you would concisely highlight 
> what you have changed here please.
>
> > Thanks
>
> >Simon
>
> No problem Simon and thanks for the assist Mccoy.  I’ll briefly 
> summarize the significant changes to the License and Proposal in text, 
> as it was important for us to put forth a clean proposal representing 
> the most current version of the document for review:
>
> 1.Alignment of the License’s grants:  Expressly aligned the patent 
> rights granted with the license’s grant of rights , via one of Mccoy’s 
> notes.
>
> 2.Clarification of Anti-Proliferation critical license differences 
> between Apache 2.0 and MGB 1.0
>
> a.MGB 1.0 Limits express the Patent Grant to the licensed software 
> itself eg. claims embodied by the work
>
> b.MGB 1.0 addresses (HIPAA) guidelines pertaining to the work’s 
>  potential inclusion of patient personal information
>
> 3.Clarification that MGB 1.0’s patent approach in narrowing the scope 
> of the grant to the software itself eg the use of “embodied” over 
> “infringed”, is similar to the patent grant mechanism utilized by the 
> osi approved AFL and the GNU v3 license, which narrows the claims 
> granted only to “essential patent claims,”  not including “claims that 
> would be infringed only as a consequence of further modification of 
> the contributor version.”   Similarly these licenses intend to narrow 
> their patent grants to claims that are essential to open source 
> distribution of the licensed copyrighted IP, and not to claims that 
> aren’t embodied by the copyrighted IP or that would be infringed only 
> as a consequence of further modification of the contributor version.  
> Our chosen approach was akin to the AFL
>
> a.Note: The intent of MGB 1.0 is not “contracting around DoE to 
> reserve patent rights against the code released under an open source 
> license,” as patent rights as preserved against the code released 
> under the license vs  sperate code that was not.
>
> 4.Simplified the Marketing Derivative Works Authorship Notice of 
> Section 5b to essential notice reqs.
>
> 5.Simplified the Section 6 HIPAA acknowledgement to 3 terms:
>
> a. The Work may include Data, which You may use
>
> b.However Author is not required to verify Data or provide PHI and 
> personal information (according to HIPAA)
>
> c.Author will use best efforts to remove personal information
>
> 6.Maintained Sublicensing rights while reducing implications and 
> express terms of sublicensee control.
>
> 7.Simplified Limitation of Liability Section 10 to essential terms
>
> a.In no event will Licensor / Contributor / Staff be liable to You / 
> Contributor
>
> b.Explicit Explanation of Limit to the liability.
>
> Happy to provide any clarification and needed and thanks for reviewing 
> the full text of both docs.
>
> *__________________*
>
> Marvin Barksdale
>
> The information in this e-mail is intended only for the person to whom 
> it is addressed.  If you believe this e-mail was sent to you in error 
> and the e-mail contains patient information, please contact the Mass 
> General Brigham Compliance HelpLine at 
> https://www.massgeneralbrigham.org/complianceline .
>
>
> Please note that this e-mail is not secure (encrypted).  If you do not 
> wish to continue communication over unencrypted e-mail, please notify 
> the sender of this message immediately.  Continuing to send or respond 
> to e-mail after receiving this message means you understand and accept 
> this risk and wish to continue to communicate over unencrypted e-mail.
>
>
> _______________________________________________
> The opinions expressed in this email are those of the sender and not necessarily those of the Open Source Initiative. Communication from the Open Source Initiative will be sent from an opensource.org email address.
>
> License-review mailing list
> License-review at lists.opensource.org
> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20250306/6a91446d/attachment.htm>