EP3 Smart Data Smart Cities : simplebooklet.com

2 EP3 Foundation JACK LEWIN, MDChair, National Coalition on Healthcare MARSALI HANCOCKCEO & PresidentJOHN TEETER Former CIO HHSCARLOS BUSTAMANTEChair Stanford Dept. BMDSSANDRA ELLIOTT Chief Education OfficerLEE BARRETTExec. Director, EHNACALEX CARLISLEChair & CEONADPHJOY PRITTSFormer Chief Privacy Officer, HHSPATRICIA HAMMAR Chief Compliance OfficerJIM NASRFormer Chief Data Architect, CDCJONATHAN HARECEO, Webshield JIM ROUTHChair, NH-ISACCSO, ETHNA Empowering People with Data, Privacy, and Personalization

Page 3

EMPOWERING PEOPLE WITH PRIVACY & PERSONALIZATIONEP3 Foundation, a 501(c)3 nonprofit, is a multi-sector community of standards organizations, industry leaders, researchers, and government agencies committed to privacy-preserving data sharing. 177 Park Avenue, Suite 200San Jose, CA 94113www.EP3Foundation.org info@e3pfoundation.orgOur mission is to improve health, education, and wellness by empowering people with privacy and personalization. We believe that new data paradigms, architecture, and technologies offer actionable data. It is possible for individuals and communities to find and aggregate, comprehensive data. New privacy-preserved networks bridge data silos and ensure compliance while also giving people data intelligence to make decisions that improve our health, education, and wellness outcomes.EP3 FOUNDATION3

Page 4

“Hiding within those mounds of data is knowledge that could change the life of a patient, or change the world” - Atul Butte, UCSF“Information is the oil of the 21st century, and analytics is the combustion engine.” - Peter Sondergaard, Gartner Research PROMISE OF ANALYTICS “Big data is not about the data,” -Gary King, Harvard University, making the point that while data is plentiful and easy to collect, the real value is in the analytics.

Page 5

3211. RESEARCHWe conduct, facilitate andparticipate in peer reviewedresearch.2. PROGRAMSWe build and supportevidence based programs.3. CREDENTIALSWe establish and facilitatetrust criteria, frameworks,and credentials.

WHAT WE

Page 6

Page 7

○ Provide security and identity credentials to exchange data while protecting privacy andconfidentiality○ Enable an interoperable system that allows information exchanges and supports services and coordination. ○ Provide providers the ability to access allowable information ○ Provide a secure, real-time data system of records accessible across agencies orinstitutions.EP3 FOUNDATION SMART CITIESHEALTHSERVICESPUBLICSAFETYEDUCATION

Page 8

1-in-5 youth currently have or at some point will have a serious mental disorder. Over 75 % of mental disorders begin before the age of 25.Maria, a 12-year-old, is depressed and anxious over her school performance. She self-medicates. While intoxicated, she is sexually molested by older teens. She goes to her school counselor for help. 1-in-4 teens contract a sexually transmitted disease in the U.S. every year.PROTECT PRIVACY & COORDINATE CAREThe U.S. has the highest rate of STD infection in the industrialized world.

Page 9

Page 10

PRIVACY-PRESERVED DATA LIQUIDITYPROTECTprivacy andconfidentialityVERIFYidentity & roles acrossmany networksLINKprivacy-protected dataat granular levelsSHAREinformation onlywhen allowedENFORCE policies automaticallyAttribute data governance unleashes the value of the cloud to:

Page 11

The internet was designed for two-way, global communication in self-healing, decentralized networks. It was never designed for to be private or secure. The EP3 Foundation and our community of industry, policy and compliance leaders create the additional trust- protocols and credentials required to protect data and establish vendor-neutral, trusted networks. TRUST PROTOCOLS “The internet is a design philosophy and architecture expressed in a set of protocols..” - Vint CerfProtocols are the rules and standards that allow people to use the network and talk to each other. 11

Page 12

UNLOCKDATA SILOSPOPULATION HEALTHIncrease patient and healthcare system rights and privacy. Public Data Improving the CommunityGive the right people the right information at the right time to improve health, safety, and education outcomes. Existing, legacy systems receive and exchange privacy-protected, actionable data. RESEARCHEmpower communities with decision intelligence. PUBLIC SAFETYImprove community outcomes.

Page 13

EDUCATIONBetter use of and increased access to quality, privacy-protected, and comprehensive data. While Protecting Individual PrivacyACTIONABLEDATAEstablish open framework and trust models to unlock data silos and provide real-time, actionable information. New, open frameworks and data architectures support privacy preserving data exchange.PUBLIC HEALTHImprove core public health reporting, Meaningful Use, situation awareness and surveillance.EMERGENCY RESPONSEProvide first responders and clinicians access to lifesaving health information and personalized decision support, and contribute timely information back to public health systems. 13

Page 14

We set the rules that automate data governance and comply with policies, licensing, privacy and cybersecurity requirements.Opportunities:● Enable interoperability● Support easy onboarding● Assure trusted environment where privacy and security requirements are maintainedThe TNAP aligns with the 21st Century Cures Act, and addresses the ONC's requirements to provide third-party accreditation for healthcare stakeholders, including HINs, HIES, ACOS, Data Registers, Lab, Providers, Payers, Vendors, and Suppliers.TRUSTED NETWORK ACCREDITATION PROGRAMNational Framework for an Interoperable Health SystemFOUNDING MEMBERS14

Page 15

GUIDING PRINCIPLES PRIVACYQUALITY DATA MANAGEMENTSAFETYSECURITY● TNAP represents and demonstrates all of the guiding principles, and use cases covered in the Draft Trusted Exchange Framework issued by the Office of the National Coordinator for Health Information Technology in 2018. ● TNAP provides a standard setting bar related to the handling of healthcare data which requires each participant to follow privacy and security requirements, to use enabling technologies in a consistent way and to make information available in a consistent method to all who need it for care coordination including the patient.● Adopters demonstrate adherence to a higher standard of quality, privacy, security and confidentiality as well as interoperability and data management.15

Page 16

Page 17

Hancock Privacy Pattern and FrameworkThe Hancock Privacy Pattern provides use-case frameworks to ethical data governance, standards and accreditations for data models that protect privacy, comply with laws, and improve our ability to make choices. The internet is a design philosophy and architecture expressed in protocols. It was not designed to be secure or private. The architecture was designed to keep two-way communication open without a centralized network, even during disasters. Protocols are the rules and standards that ensure we can connect, communicate, and participate. Information and content about our location, device, application, and behaviors are transmitted via data packets. The created while online are combined with the data created by others such as social networks, schools, banks, and governments. These data are shared (duplicated) and used by many types of organizations. How data is used and by whom have life-long implications.17

Page 18

Page 19

Page 20

Tust BlockCRITERIAENFORCEMENTSCREDENTIALSDESCRIPTIONS COMPLIANCEPAYMENT & LICENSING IDENTITY & CYBERSECURITYINTEROPERABILITYAUTHORIZED RECIPIENTS & PURPOSESPROVENANCERATINGS & REPUTATIONAUDIT & CERTIFICATIONASSESSMENT METHODOLOGIES TRUST AUTHORITIES & GOVERNANCEPOLICY INTENTENFORCEMENT REQUIREMENTSENFORCEMENT MECHANISMSCRITERIACREDENTIALS RESOURCE DESCRIPTIONTRUST BLOCK PROCESS20*WebShield

Page 21

Page 22

1. LOCATIONThe location of connection establishes the regulatory requirements and provides context for how data can be used by governments, industries, schools, health providers, financial services and others.o Legal frameworkso Compliance requirementso Enforcement expectationso Social norms and ethical choicesWhere is the individual? What nationality? What device and for what purpose?National, state, and local regulatory requirements. Network capacities and providers, government surveillance, consumer privacy and expectations, student and child privacy, health information, substance use and treatment info, reproductive health, advertising, cybersecurity capacity, and social norms.

Page 23

2. NETWORKIP addresses provide geographic information establishing likely income, political and religious affiliation, ethnic background, purchasing power, and others.○ Legal requirements for providers and users.○ Security expectations.○ Consumer expectations.○ Security opportunities and weakness.What networks connect to the device selected by the consumer and by others?○Point-to-point connections allow one device to directly communicate with exactly one other device.○Broadcast/multicast connections allow a device to send one message out to the network and have copies of that message delivered to multiple recipients.○Multipoint connections allow one device to directly connect and deliver messages to multiple devices in parallel.Fixed broadband, Wi-Fi hotspot, fixed wireless broadband, cellular, satellite internet, Virtual Private Network (VPN), Intranet, Local Area Network (LAN), Bluetooth, peer-to-peer, Serial port, USB, Infrared, clouds service, servers, and cloud services.23

Page 24

3. DEVICEIP address, unique device identifiers, digital fingerprints, and other device features provide information enriching users personal habits, identity, interests, and social networks.Personal information entered, collected, stored, processed, or shared via a device.o Requirements for device manufacturers and users.o Consumer expectations.o Security opportunities and weakness.o Default settings and consumer choices.Computers, mobile devices, motion sensors,automobiles, tablets, watches, smart home devices, cameras, locks, printers, modems, servers, HVAC, fences, blinds, Robots, payment devices and chips, SIM cards, USB drives, hard drives, RAM, Ports, personal health devices,What are the open ports, processes, and services? What information is stored, gathered, accessed, used, or shared via the device, network, or other connection?○ Unique Identifier○ Digital fingerprinting○ Facial ID○ Bio-metric such as fingerprints, eye scan, voice, walking metrics including distance and gate○ Passwords○ Geo-location capability○ Photos on the device with the location of photos identified○ IoT devices○ Smart home devices – locks, HVAC, fences, doors, windows, blinds○ Payment and financial info○ Firmware

Page 25

4. APPLICATIONPreferred operating systems, personal preferences for entertainment, financial services, business applications, music styles, and preferences.Application software, platforms, operating systems○ Requirements for device manufacturers and users.○ Consumer expectations.○ Security opportunities and weakness.○ Default settings and consumer choices.What applications use open ports, processes, and services? What information is shared with the app platform and developers? What apps find, use, create, gather or share information via the devices? What are the default settings and what are consumer choices?○ Firmware○ Voice search○ Unique Identifier - behaviour○ Eye tracking○ Search algorithms○ Browsers ○ SEO○ Digital fingerprinting○ Backlinks○ Cross-device tracking ○ Machine learning and AI○ Cookies○ Web Beacons ○ Identity software and authentication○ GPS○ Bluetooth○ Smart home devices, services and platforms○ Real-time Ad dispatch software○ XAPI○ Dynamic Creative Optimization○ Learning management software○ Advertising technology platforms○ Identity software including two-step authorization○ Pixel○ Audience Segmentation○ Server, modem, router, software and switch○ Targeted Ads○ Facial recognition25

Page 26

5. HUMAN BEHAVIOROur behaviors create profiles of locations, friends, and family.Information includes strong emotional connections andfears, our closest friends and human networks. What we search for. The people that matter the most to us. Our human networks, reading speed, eye patterns, languages, and favorite activities.User’s choices on connected devices, social networks, platforms, activities, human and virtual networksTheir actions, preferences, permissions, keyboards and entry patterns, languages, fonts, privacy settings choices in browser, settings, plugins, software, operating systems.Behaviors, preferences, and interactions with connected devices○ Social networks○ Manage health and medical information and services○ Permissions and settings,○ Entertainment○ Usernames and passwords○ Creative content such as photos, artwork, videos, music, fanfiction, avatars, icons○ Game platforms and applications○ Financial, banking, investments, payments○ Education, attendance, schoolmanagement system, learning management software, flashcards, meal preferences, and purchases○ Maps, directions○ Calendars and schedules○ Smart home device usage, preferences, and habits○ Shopping patterns○ Travel patterns

Page 27

Stanford MediaX Distinguished Visiting ScholarChair, IEEE Standards for Child and Student Data governance Working Group and editorial advisor IEEE for policy newsletter.Chair, Adaptable Security, Nonprofit only security assessment and social platform designed to empower consumers and small nonprofit and businesses.MARSALI HANCOCKEP3 Foundation CEO & President Chair, Family, Adolescent, and Children Sub committee on Santa Clara County Behavioral Health Board.Commissioner with Global Information Infrastructure commission.Mhancock@EP3Foundation.org703.678.3848Info@EP3Foundation.orgEP3foundation.org 27

Page 28

WHAT MEMBERS ARE SAYING“..The new accreditation program will continue the much-needed focus on interoperability as well as assure a trusted environment where privacy and security requirements are maintained” Lee Barrett, EHNAC Executive Director“SAFE-BioPharma is pleased to be a part of this effort to leverage standards in healthcare, which will lead to improved patient safety, privacy and, a better user experience.”Matt King, Director of SAFE-BioPharma Association“This program aligns closely with the efforts of WEDI members and workgroups to facilitate secure and trusted data exchange through blockchain and other enabling technologies”Charles Stellar, WEDI President & CEO.Quotes for illustration purposes only

EP3 Smart Data Smart Cities

Page 1

Page 2