[License-review] Request for approval by license steward: Tidepool Open Access to Health Data Software License

Lawrence Rosen lrosen at rosenlaw.com
Wed Oct 9 00:08:53 UTC 2013


Larry Rosen asked:
> You speak of open /health data/. Is this compatible with HIPPA and similar
laws here and in other countries that protect personally identifiable
information (PII)? 

Jonathon Blake replied:
JB: Situation # 1: The individual whose data it is of, wants a copy of
his/her data;

LR: I believe that every patient is already entitled to his/her own health
data, at least in the US. Do we need a license to protect this right?

JB: Situation # 2: Researcher publishes a paper whose data, and conclusions,
are completely unexpected, and unpredicted. What license can the raw data be
distributed in, so that third parties can check/verify the data, but at the
same time, protect the identity, and other potentially damaging things about
any specific subject, or group of subjects of the research?

LR: Does your license *guarantee* the protection of identity (etc.) and
promise confidentiality protection for that "raw data" as demanded by HIPPA
and related laws? If so, the licensor and all others in the chain of custody
of that data will have difficult confidentiality obligations to meet. I
don't know of any open source licensor I'd trust with my health data! And I
don't want to see that data traveling loosely among the freedom-loving
people of the world.

JB: Tidewater knows where it (the company) wants to go. It simply is unsure
of how to get there.  The first step is determining what "Open Source" and
the Four Freedoms means, in terms of their business solutions.

LR: This list is a good place for that. But please don't ignore other legal
constraints on the handling of health data. Perhaps a strict application of
open source /software/ principles may not be entirely appropriate on privacy
grounds for /health data/, even if it results in enhancing the quality of
peer reviewed medical research. 

/Larry

Lawrence Rosen
Rosenlaw & Einschlag, a technology law firm (www.rosenlaw.com)
3001 King Ranch Rd., Ukiah, CA 95482
Office: 707-485-1242
Linkedin profile: http://linkd.in/XXpHyu 


-----Original Message-----
From: jonathon [mailto:jonathon.blake at gmail.com] 
Sent: Monday, October 07, 2013 10:45 PM
To: license-review at opensource.org
Subject: Re: [License-review] Request for approval by license steward:
Tidepool Open Access to Health Data Software License

On 10/08/2013 02:43 AM, Lawrence Rosen wrote:
> You speak of open /health data/. Is this compatible with HIPPA and similar
laws here and in other countries that protect personally identifiable
information (PII)? 

Situation # 1: The individual whose data it is of, wants a copy of his/her
data;

Situation # 2: Researcher publishes a paper whose data, and conclusions, are
completely unexpected, and unpredicted. What license can the raw data be
distributed in, so that third parties can check/verify the data, but at the
same time, protect the identity, and other potentially damaging things about
any specific subject, or group of subjects of the research?

Tidewater knows where it (the company) wants to go. It simply is unsure of
how to get there.  The first step is determining what "Open Source"
and the Four Freedoms means, in terms of their business solutions.

jonathon
--
email that does not have a status of "Junk", "Bulk", or "List" will be
forwarded to Dave Null, unread.
_______________________________________________
License-review mailing list
License-review at opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-review




More information about the License-review mailing list