archive-org.com » ORG » M » MARKLE.ORG

Total: 1237

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Resources | Markle | Advancing America's Future
    audit record elements for any or all types of actions B Categories of Logging and Audit Controls In addition to the checklist there are additional logging and audit control functions that are generally recommended at the SNO and RLS level Some of these functions are included in other papers of the Markle Connecting for Health Policy Subcommittee such as tracking of authentication or responses to security breaches but the list here errs on the side of inclusion 3 Audit of VIP records Procedures for follow up on suspicious activity such as indications of possible privacy or security breaches Review of network intrusion detection system activity logs Review of system administrator authorizations and activity Review of physical access to data centers Other review of technical physical and administrative safeguards as established by the policies of the organization Beyond these sorts of compliance efforts it is recommended that SNOs and the RLS have random audits of demographic and clinical records based on the level of risk for that portion of the system SNOs may wish to provide for some level of random audits sampling of the participants in the SNOs Random audits should be done for records held at the SNO level and within the RLS For the RLS and where appropriate for each SNO an independent third party should perform such random audits with public reporting of at least the principal results Conclusion This paper provides a general template for assessing where excellent logging and audit practices are especially essential at the SNO and RLS levels It then recommends a checklist for audits as well as a supplementary list of measures to be taken at the SNO and RLS levels to ensure an overall high quality of audit and accountability Under the HIPAA Privacy and Security Rules a legal argument can be made that the high quality practices set forth in the Specific Logging and Audit Recommendations section of this paper are approximately what is required by the scalable requirements of those rules Whether or not this legal position is correct the practices set forth in this paper provide significant detail to assist organizations in developing their own logging and audit practices A transparent and effective logging and audit control approach can help assure trust in the expanded use of electronic health records by patients and the general public A sub network organization SNO operates as a health information data exchange organization whether regional or affinity based that operates as a part of the National Health Information Network NHIN a nationwide environment for the electronic exchange of health information made up of a network of networks One helpful published source of information on audits is Security and Privacy Auditing in Health Care Information Technology This paper was published in 2001 by the Joint Security and Privacy Committee of three organizations the National Electrical Manufacturers Association the European Coordination Committee of the Radiological and Electromedical Industry and the Japan Industries Association of Radiological Systems available at http www nema org medical The paper provides a useful synopsis in six pages of the elements of an audit for health care information technology For additional background there is a recent paper on Immutable Audit Logs by Jeff Jonas and Peter Swire for the Markle Task Force on National Security in the Information Age See http www markle org The paper analyzes the heightened auditing procedures that can be used to increase public confidence about systems that are not transparent to the public For more information on industry best practices in healthcare security auditing see RFC 3881 http www faqs org rfcs rfc3881 html Security Audit and Access Accountability Message XML Data Definitions for Healthcare Applications See Markle Connecting for Health Authentication of System Users and Breaches of Confidential Health Information Markle Connecting for Health thanks Peter Swire C William O Neill Professor of Law Moritz College of Law Ohio State University for drafting this paper 2006 2012 Markle Foundation These works were originally published as part of the Markle Connecting for Health Common Framework Resources for Implementing Private and Secure Health Information Exchange They are made available free of charge but subject to the terms of a License You may make copies of these works however by copying or exercising any other rights to the works you accept and agree to be bound by the terms of the License All copies of these works must reproduce this copyright information and notice Download P7 Auditing Access to and Use of a Health Information Exchange P5 This document describes the policy considerations for handling identity authentication and authorization issues in the Markle Connecting for Health Common Framework Every sub network organization SNO 1 will need to define particular policies related to these issues which must take into account both the basic requirements laid out here and the local conditions among the SNO s members Identity authentication and authorization can be thought of as the answers to a quartet of questions Who am I Identity How is that identity represented Identifiers How can I prove who I am Authentication What can I do when I ve proved who I am Authorization Though the differences among these questions are relatively simple they are often confused in the literature It is critical that any SNO implementing the Markle Connecting for Health Common Framework make plans to address all four questions and to handle them separately with regard to their unique characteristics described below under Definitions This document describes the requirements of governance not implementation It does not cover HIPAA requirements of either the participating members or of the SNO itself The federal HIPAA Privacy and Security Rules provide the baseline for the Markle Connecting for Health Common Framework although in some cases greater privacy protections and individual rights are recommended by the Markle Connecting for Health Policy Subcommittee Importantly the Markle Connecting for Health Common Framework permits SNO participants to establish and follow their own more protective data management privacy and security policies and procedures In addition some customization may be necessary at the SNO and participant level to ensure consistency and compliance with applicable state and local laws Similarly this document does not cover technical issues of security of either the participating members or of the SNO itself The variability of systems in place for securing data and the differences in regulatory regimes for the kind of data to be secured for example use or non use of Social Security Numbers SSNs makes modeling the threats and possible security responses a local requirement 2 Other than the policy minimums specified here security issues are subject to local control Each SNO will need to decide how much or little to require uniformly of its members always assuming HIPAA compliance Procedures such as password recovery log in protections or two factor authentication can be set by each entity or standardized across the SNO Because of the sensitivity of patient data unauthorized users of any electronic system for discovering transmitting or viewing patient data must be prevented from unauthorized access and the users of such a system who do have authorization must be accountable for how that information is used or misused The issuance of identifiers that point uniquely and unambiguously to persons allowed to access patient data and the handling of both authentication and authorization for those users are challenging problems For the purposes of this document identity identifiers authorization and authentication are defined in the next section There is no obvious parallel in the world today for an electronic health care information system in the US Highly secure systems such as those used by defense agencies have control of both the users and the technology systems with multiple participants and a high degree of end user access such as the credit card clear system are tolerant of a degree of fraud that would be unacceptable in a medical context and all such systems exclude large numbers of individuals The current health care system is large heterogeneous and fragmented There is no one entity or small coordinated group responsible for it yet it covers all consumers of health care services Furthermore it is governed by HIPAA which sets strong national minimums for privacy and security protections of health care information but allows local deviations to stronger protections and in all cases has very high requirements for deterring misuse As a result any local solution is likely to be both contextual and temporary The solutions adopted by any given SNO will be largely guided by the degree of technical investment already made in the region and by any local requirements that are more stringent than HIPAA and are more likely to be adopted in response to available technologies that may change in the near future Given these characteristics the policies around identity authentication and authorization are going to be aimed in the direction of assuring compliance with the spirit of the Markle Connecting for Health Common Framework and avoiding a small number of known errors A more comprehensive and definitional framework will have to wait for more robust technology and more extensive real world experience Definitions Identity Identity is in this context an individual person or institution that needs access to health care data for any purpose Crucially an identity is not merely a role if you want to know the identity of someone who authorized a particular prescription you want to know that it was Dr Smith not just that it was a doctor Identifier An identifier is an attribute that points unambiguously and uniquely to an identity In practice the person identifier will often be an employee ID number or possibly a log in name guaranteed unique within the scope of the institution It is critical that such identifiers not be re issued to other later users If jsmith is used as an identifier all future John or Jane Smiths must be issued a different identifier Note that this policy will require a tightening of existing policy for those institutions that currently allow for re use of identifiers An identifier is an abstract attribute and generated attribute of a particular person or entity in the case of institutional identifiers Tokens that refer to roles such as Primary Care Physician or those referring to institutional relations such as Admitting Privileges at General Hospital are not considered identifiers in this context The problem is often expressed in terms of issuing identities which means in practice issuing unique identifiers that correspond uniquely and unambiguously to an existing identity in the manner of providing an employee ID or unique login Authentication Authentication requires an identifier and is required for authorization Authentication is a way of allowing a user to prove that he is who he claims to be The simplest form of authentication is in the providing of an identifying token plus a secret of some sort such as a bank card PIN or a username password or phrase An example of how not to handle authentication is the SSN One of the reasons the SSN has turned out to be a bad identifier is that one number is meant to provide the function of both the public and secret parts of authentication you have an SSN that points uniquely to you but you must reveal it as proof that you have it Without being accompanied by a second secret token such as a PIN the SSN is damaged in regard to authentication by the very use that makes it otherwise worthwhile Authorization After a user claiming a given identity has been authenticated an authorization mechanism needs to determine what data the user is allowed to access and what functions may be performed by the user on that data e g to view copy or update data Authorization is typically role based that is the different operations available are tied to the role of the user such as physician administrative support etc One individual can have many roles within the system for example Primary Care Physician Admitting Physician Specialist etc In the event of a health care emergency some method may be provided to allow access in the event of an authentication failure as a kind of Break the Glass function on an existing account However role based authorization is not sufficient for use of the system no access to the system should be allowed for any such role without a human identifier attached It is not enough to ask that someone prove that they have admitting privileges at General Hospital they must also provide their actual identity so that should a later audit be required a person can be associated with the audited actions not just a role A Note on Auditing Though the handling of identity identifiers authentication and authorization is often lumped together with issues of auditing these issues are best approached separately Auditing is required simply to have the ability to determine who accessed the system after the fact Auditing as a technology is largely orthogonal to the technologies required for identity identifiers authentication and authorization and auditing is also used for unrelated requirements such as statistical sampling of use patterns and needs and trends analysis The Markle Connecting for Health Policy Subcommittee is publishing a separate piece on auditing requirements 3 Requirements Every transaction involving patient data between institutions in a SNO will operate by transitive trust often based in the legal requirements of a contract The institutional members of a SNO trust one another and therefore they trust requests from the authenticated and authorized employees of those institutions The backbone of the transitive trust model is the ability to identify anyone violating that trust and to link them unambiguously to the entity that gave them access Transitive trust is a practical rather than ideal system Though there has been work on more elaborate federated identity systems none are yet at a level of practicality necessary for this work nor are they simple enough to be implemented broadly The advantages of transitive trust are thus largely practical it allows systems to scale upwards in the number of employees covered without forcing each institution to know about every other employee in every remote institution The design and implementation of even a simple system of transitive trust is complex and will be highly dependent on existing technological tools and frameworks but all such systems should have the following basic policy restrictions A SNO must have identifiers for all its participating institutions These identifiers can be issued by the SNO or they can be adopted from an external source e g HIPAA mandated identifiers4 as long as that source guarantees the uniqueness and persistence of any given identifier All users must be authenticated before they are given access to any SNO wide resource containing patient data This may take a number of different forms the local institutions can ask users to log in and communicate the authenticated identifiers to other participants in the SNO or the SNO can run authentication services itself getting lists of users and roles from the participating institutions This latter strategy may suffer from scaling problems but may be useful for getting a SNO off the ground Any request for data from a remote institution an institution other than the one the user is logged in to must be accompanied by at least two pieces of identifying information which institution authenticated the requesting user and an identifier for that user There are a number of ways such a system could be implemented technically but the basic policy prescription is that for any given request from a remote institution the local institution should know where the request came from and who authorized it A method may be provided to allow access to patient data in the event of an authorization failure a so called Break the Glass function Access failure for someone who should be authorized can happen for a number of reasons he or she does not remember or have the required information or tokens for authentication or he or she does not have permission from the system to look at or interact with the data they are requesting Any request that allows a known user to request data they believe they need e g a physician attempting to access the medication history of a patient when the system would not otherwise give that person access should be accompanied by a brief description of the rationale for the request No matter what the cause of the authorization failure in the Break the Glass scenario any system access must be accompanied by an identifier for that user In no case is an otherwise unidentified Emergency account to be used on the grounds that it amounts to the provisioning of a role without an accompanying person identifier Any request that allows a known user to request data they believe they need when the system would not otherwise give them access must be accompanied by enhanced auditing and timely human review The Record Locator Service itself may not offer a Break the Glass function all such requests must go to the institutions hosting the clinical data In the case of a SNO providing a method for a patient or patient representative to access his or her own records some bootstrapping will be required The initial issuing of the patient access capability must be done by a participating institution or by a third party recognized by the SNO The patient can then be given a SNO specific identifier accompanied by an authentication method with authorization limited to looking at his or her own material Depending on implementation within the SNO the patient could then access his or her records directly after having been issued such credentials subject to local terms and conditions and to periodic review SNO wide patient access requests however handled otherwise must carry the name of the institution that initially created the patient s identifier Authentication methods can be as simple or complex as the SNO requires however the SNO should publish minimum standards for authentication adhered to by all participating institutions or be ready to add an additional layer of SNO hosted authentication The issue here to be handled SNO by SNO is that the less secure an authentication system is the likelier it is to suffer from misuse but the more secure it is the likelier it is to suffer from non use Authorization presents similar issues to authentication The more granular such a role based authorization system is the better a fit can be imagined between a set of roles and any given situation e g a patient s primary care physician accessing data from a hospital where they refer patients but where they do not have admitting privileges However with each added element come both management complexity and the possibility of subtle and unpredictable errors Authorization can also be as simple as the SNO desires with two caveats there must be restrictions on who if anyone can add to or alter a record as opposed to simply viewing it and there must be restrictions on who can trigger any available Break the Glass functions When implementing identity authentication and authorization policies SNOs will need to balance defensiveness flexibility and practicality Defensiveness is the quality that leads a SNO to actively model and protect against threats of accidental or malicious access to or misuse of data Flexibility is necessary because medicine is not banking when there is a judgment call it should be in favor of getting patient data to a clinician who needs it to provide care even when such provisioning requires Break the Glass functionality Such uses of the system must be accompanied by enhanced auditing and timely human review Finally practicality is that set of choices which balances heightened security with adoptability It is possible to design a system so well defended against misuse that it is defended against legitimate uses as well As this cannot be allowed to happen each SNO will have considerable discretion in designing its identification authentication and authorization policies as long as those policies conform to the minimum standards listed here and are subjected to annual review to ensure that they are continually improved where such improvement is practical Such annual review is probably best done in conjunction with the mandated HIPAA security audit A sub network organization SNO shall operate as a health information data exchange organization whether regionally or affinity based that operates as a part of the National Health Information Network NHIN a nationwide environment for the electronic exchange of health information made up of a network of networks ISO 15408 Common Criteria for IT Security Evaluations represents industry best practices for such modeling See Markle Connecting for Health Auditing Access to and Use of a Health Information Exchange 45 CFR 162 404 a HIPAA requires that covered health care providers comply with the specifications in 162 410 regarding implementation of the standard unique health identifiers no later than May 23 2007 Markle Connecting for Health thanks Clay Shirky Adjunct Professor New York University Graduate Interactive Telecommunications Program for drafting this paper 2006 2012 Markle Foundation These works were originally published as part of the Markle Connecting for Health Common Framework Resources for Implementing Private and Secure Health Information Exchange They are made available free of charge but subject to the terms of a License You may make copies of these works however by copying or exercising any other rights to the works you accept and agree to be bound by the terms of the License All copies of these works must reproduce this copyright information and notice Download P5 Authentication of System Users P4 Introduction Health institutions with large numbers of records must rely on probability to declare that a given record or set of records matches a set of identifiers name gender date of birth etc The risk of this strategy of course is that the matches so recorded may not be accurate There is some risk of false negatives records that pertain to a patient but are not found There is a much greater risk however from false positives matches with records that do not pertain to the subject patient but are wrongly returned in a search False positive matches carry two forms of risk privacy risk and clinical risk The privacy risk is that records pertaining to patients not under the care of a particular clinician will be delivered exposing personal details to those who have no need for them The clinical risk is that a clinician will make a decision based on information that is erroneous because it is actually information about a different person not the subject patient Although clinicians are trained to make allowances for the fact that there is a significant error rate in clinical information when they make important decisions the technology for handling such matches still needs to be optimized for a high degree of certainty and where incorrect matching does occur the system should err on the side of returning false negatives rather than false positives In addition to the technology however there also need to be policies spelling out how systems containing patient information should operate This document outlines a set of policies for matching patient records with patient demographic details so as to minimize incidental disclosures of personal health information within the nationwide electronic health information exchange This document was developed by the Markle Connecting for Health Policy Subcommittee Part of the Markle Connecting for Health effort is to define and develop the Common Framework the set of technical and policy specifications designed to help sub network organizations including regionally based networks and national networks such as the VA create data exchanges among their participating members while creating interoperability between sub network organizations SNOs 1 see P2 Model Privacy Policies and Procedures for Health Information Exchange The goal of the Common Framework is to define a minimal set of commonly adhered to standards and policies that allow for the SNO based implementation of health information networks that are nationally interoperable One component of this system is the Record Locator Service RLS which is a file of the location of patient records queryable only by authorized participants The RLS is the White Pages of any given sub network the coordinating entity that allows institutions within that sub network to know whether other institutions hold records relevant to a particular patient The RLS is designed to take a query from authorized users in the form of demographic details and return only the location of one or more matching records The RLS must implement a matching algorithm for queries using a sometimes incomplete subset of the possible constellation of demographic details Authorized queriers present a set of demographic details and receive in return zero or more matching record locations Probability weighted matching can improve the quality of record matching by taking the specific characteristics of records in particular databases into account Issue the false positive match and the RLS What should our recommendations or requirements be for optimizing matching probabilities so as to minimize incidental disclosures and clinical risk caused by false positive matches within the RLS Example Attempt to match John Q Public 1043 W Easy St Phoenix AZ 85535 5556060 10 24 1950 482891822 Which of the potential matches should be returned in response to this query Sample Data Listed in Order of Probability of Match Comparison Scoring Part of Initiate s Identity Hub Software This example from their literature Rec Name Address Phone DOB SSN Example Score 101 John Q Public 1043 W Easy St Phoenix AZ 85535 5556060 10 24 1950 482891822 20 0 102 Jon Public 1043 W Easy St Phoenix AZ 85535 5556060 10 24 1950 482891822 18 0 103 J Public 5553232 10 25 1950 482891822 11 0 104 John Q Long 552 Green Dr Phoenix AZ 85535 11 15 1962 57265225 5 0 105 Danny Smith 5552745 10 24 1950 48289244 5 0 106 Kevin Dohert 1028 W Easy Ave Phoenix AZ 85535 5554289 48224857 4 0 Note The example score on a scale of 1 to 20 is an arbitrary placeholder for different levels of matching for purposes of discussion but does not represent an absolute scale of probability Questions Does this false positive match scenario qualify as an incidental disclosure pursuant to HIPAA What should our recommendations be regarding prevention of such disclosures What should our recommendations be regarding what actions to take when such disclosures occur Is this a Common Framework issue HIPAA Pursuant to HIPAA privacy regulations a covered entity is permitted to use or disclose protected health information for treatment payment or health care operations 2 An entity is also permitted to use or disclose protected health information incident to an otherwise permitted use or disclosure provided that it has complied with applicable requirements of the minimum necessary standard and required security safeguards 3 In proposing the addition of the incidental disclosure provision to the Privacy Rule in its 2002 guidance the United States Department of Health Human Services HHS described an incidental use or disclosure as a secondary use or disclosure that cannot reasonably be prevented is limited in nature and that occurs as a by product of an otherwise permitted use or disclosure As described in the preamble to the Privacy Rule an incidental use or disclosure is permissible only to the extent that the covered entity has applied reasonable safeguards and implemented the minimum necessary standard In addition covered entities are not required to document permitted incidental disclosures in an accounting of disclosures 4 HIPAA s minimum necessary standard requires covered entities to limit how much protected health information is used disclosed and requested for certain purposes These minimum necessary policies and procedures also reasonably must limit who within the entity has access to protected health information and under what conditions based on job responsibilities and the nature of the business The minimum necessary standard does not apply to disclosures including oral disclosures among health care providers for treatment purposes 5 HIPAA security standards require that a covered entity must have in place appropriate administrative technical and physical safeguards that protect against uses and disclosures not permitted by the Privacy Rule and that limit incidental uses and disclosures 6 It is not expected that a covered entity s safeguards guarantee the privacy of protected health information from any and all potential risks An incidental use or disclosure that occurs as a result of a failure to apply reasonable safeguards or the minimum necessary standard where required is a violation of the Privacy Rule Failure to comply with HIPAA regulations can result in general fines of up to 25 000 per incident 7 1 Does the false positive match scenario qualify as an incidental disclosure pursuant to HIPAA Recommendations The Markle Connecting for Health Policy Subcommittee assumes that the RLS false positive match is an incidental disclosure pursuant to HIPAA with the understanding that such a disclosure is permissible under the law only to the extent that the covered entity or entities involved have applied reasonable safeguards and implemented the minimum necessary standard The parameters recommended in this document for such matches are believed to require such safeguards NB It has been noted that as a legal matter it is unclear whether false positive match disclosures are incidental according to HIPAA There may be a legal argument that they can be considered permissible treatment disclosures In either case the disclosure would be permissible under HIPAA so the result would be the same At the time of this writing there has been no authoritative guidance on the issue from HHS although it is possible that an FAQ on the topic could be sought in the future 2 What should our recommendations be regarding prevention of such disclosures Recommendations The Markle Connecting for Health Policy Subcommittee assumes that the covered entities who could be involved in a request for information from the RLS including the requester of information the RLS which could be defined as a business associate pursuant to HIPAA8 and the entity holding information pointed to by the index are in compliance with HIPAA s minimum necessary standard and required security safeguards Indeed if the entities are not in compliance with HIPAA s requirements and disclosures of protected health information occur they are in violation of federal law and subject to the penalties described above 9 Beyond the strictures of HIPAA the false positive match scenario may still produce incidental disclosures albeit permissible ones according to the law For example in the sample data presented above it is possible that J Public is not the person for whom information was requested If J Public had perhaps visited a psychiatric hospital and that information was both recorded in the index even without any additional clinical information and returned to the requester J Public might feel that his privacy had been violated despite the entities compliance with the letter of the law Therefore the Markle Connecting for Health Policy Subcommittee recommends the setting of a minimum level of certainty before the RLS returns information to the requester and that whenever that level of certainty is not reached the RLS could request additional demographic fields until either the level of certainty is reached or no record can be returned This recommendation is based on ethical and public policy reasons as opposed to the merely legal requirements of the HIPAA reasonable safeguards standard It is also based on the need to reduce errors in record linkage For example if a requester submits information in five demographic fields for a patient to the RLS but the RLS does not find a match with a certain level of certainty on any one record the RLS will report back that there is no match In the case that the RLS can return no matches with the specified certainty level the RLS could require additional demographic data in order to determine a match For example at this point the requester could be asked to supply data for additional demographic fields These levels could be set in order to minimize to the extent possible incidental disclosures of protected health information in an effort to respect the privacy of patients for ethical and public policy reasons Issues considered in formulating these recommendations include Should the Policy Subcommittee specify a level of accuracy for matching Yes Should the level of accuracy be different for different use cases No The Policy Subcommittee made it clear that the RLS will not accept wild card queries and can only respond to attempts to locate records on an individually identifiable patient Other than that the RLS has no mechanism to distinguish one use case from another so the level of accuracy should not change Assuming the Policy Subcommittee specifies a level of accuracy for matching how should it be determined At least for external requests for matches the level of certainty should be high enough that the probability of data being returned on the wrong patient would be very unlikely One in 100 000 and one in a million were mentioned as potential levels but the level could be different for different databases The Policy Subcommittee recommends that the figure of one in 100 000 be set as the initial maximum probability of a false positive error when querying an RLS It is expected that this set point may be adjusted as experience with operational RLSs gives us more real data with which to judge whether it continues to be appropriate The Policy Subcommittee also recommends that a large test data set and standard set of queries be developed so that vendors of matching algorithms can test against this standard 10 Under what circumstances if any would it be acceptable to lower a matching threshold the Break the Glass scenario For normal external requests a Break the Glass scenario assumes that the requester can make better judgments about unreliable data than the probabilistic matching algorithm The Policy Subcommittee concluded that this was a useful escape mechanism in the past but that the increasing sophistication of matching algorithms might make such a mechanism anachronistic in the future Special circumstances such as internal research or audits were considered to be situations when the high probability level for the matching algorithm might be reduced Breaking the Glass is fraught with technical practical and operational problems and may have greater potential for harm than benefit The Policy Subcommittee concludes that such a mechanism has no place in the RLS When such special circumstances arise a requester should go directly to the source of the clinical data and work through local mechanisms for dealing with them 3 What should our recommendations be regarding what actions to take when incidental disclosures occur Recommendations The Markle Connecting for Health Policy Subcommittee assumes that the covered entities who could be involved in a request for information from the RLS are in compliance with HIPAA s minimum necessary standard and required security safeguards The incidental disclosures in this scenario would be permissible according to the law However as discussed above the false positive match scenario may still produce incidental disclosures even if the RLS requires a high level of certainty in order to return information from the index Given the above recommendations of this Subcommittee if a match meets the criteria for a positive match they are permissible disclosures and cannot possibly be prevented without making the threshold for a positive match so high that it would create an unacceptable level of false negative matches The Markle Connecting for Health Policy Subcommittee adopts the following position In the case in which a requester of information recognizes that information received from the RLS does not apply to the patient about whom information was requested the requester should take reasonable steps to immediately destroy that information including where applicable deleting the electronic version of that portion of the RLS response and or any paper copies thereof 4 Is this a Common Framework issue Recommendations Yes If the false positive match scenario is not approached as

    Original URL path: http://www.markle.org/publications?term_node_tid_depth=15&tid_1=All&date_filter[value]=&page=6 (2016-02-10)
    Open archived version from archive


  • Remodeling the US Government for Energy Security: Initial Findings from the Big Energy Map | Markle | Advancing America's Future
    Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos About Markle Page Sections About Markle A Message from Zoë Baird Our Principles Our Impact Board of Directors Senior Team Our History Quick Links Conference Space Events Markle in the News Media Releases Past Initiatives President s Letters Rework America Page Sections About Rework America A Message from Rework America Opportunity for All Our Impact Initiative Members Expert Advisors Quick Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos Remodeling the US Government for Energy Security Initial Findings from the Big Energy Map Publication Date Monday December 1 2008 This working paper covers energy security strategy the role of the executive office of the president and the federal agency infrastructure for implementing strategy The President Elect outlined the main elements of a strategy to stem the risks of climate change and shift the nation away from geostrategic energy supply vulnerability In keeping with his campaign speeches his vision centered on Innovation in basic research into alternative and renewable fuels end use technologies and propagation and commercialization of science and technology Job creation green

    Original URL path: http://www.markle.org/publications/210-remodeling-us-government-energy-security-initial-findings-big-energy-map (2016-02-10)
    Open archived version from archive

  • Resources | Markle | Advancing America's Future
    illuminate many of the dramatic changes that transformed the economy throughout the twentieth century Read the rest of the paper in the PDF CGI Annual Meeting 2014 Delivering Low Cost Degrees to 40 million People Moderated by Zoë Baird CEO and President of Markle this Clinton Global Initiative Small Group Discussion featured remarks by Anant Agarwal Chief Executive Officer edX and Tim Bozik President Higher Education at Pearson Description There is an increasing need to expand the talent pool around the world to meet the professional challenges of the 21st century However access to and the affordability of higher education continue to widen the gap between those seeking to become career ready and the employers seeking skilled talent to fill current and future workforce demands Massive open online courses MOOCs have enormous potential to provide access to high quality coursework to tens of millions of students around the world and offer an untraditional pathway to attaining employable skills critical to diminishing the existing skills gap In this session CGI members will learn strategies for harnessing this innovative learning model with the support of third party accreditation to build a highly skilled global workforce Big Data Data Analytics and America s Economic Future This paper was prepared for the Markle Economic Future Initiative Imagine a man who has worked as a welder for twenty years in Northeast Ohio One day after work he is unexpectedly laid off from his job He goes home that day to tell his wife the news They sit their two children down to tell them that they will have to start making big changes in how the family spends money The next morning he begins searching online for welding jobs in Northeast Ohio For weeks he sends his resume to generic human resources email inboxes It takes him days to find any available opportunity that might work and weeks to hear back if he ever does at all Meanwhile the family s savings dwindles and they wonder what options they have left This is a scenario playing out across the country every single day Read the rest of the paper in the PDF Rework America In today s networked economy we need to unleash opportunities for Americans to learn and train in innovative ways and seize the growth potential of world markets and shared data How might we shape new models of learning and work Markle Initiative members share their vision of a new and hopeful future for America REWORK AMERICA Markle Economic Future Initiative NEW YORK NY During the closing plenary of the 2014 Clinton Global Initiative CGI Annual Meeting President Bill Clinton today announced REWORK AMERICA the Markle Economic Future Initiative s CGI Commitment to Action REWORK AMERICA is an extraordinary partnership focused on the changes brought about by today s networked world The Markle Economic Future Initiative will help drive innovations that expand opportunities for employment and broaden ways for all Americans to learn and train for the work of the future Co chaired by Markle CEO and President Zoë Baird and Starbucks chairman president and ceo Howard Schultz the Markle Economic Future Initiative brings together a broad collaboration of entrepreneurs technology leaders CEOs educators community and religious leaders and other partners to empower all Americans to succeed in today s digital economy The members believe it will take strong leadership in these transformational times to advance actions that help all Americans gain access to the resources they need to share in the benefits of the new economy Markle is committing 50 million dollars to REWORK AMERICA The members of REWORK AMERICA share a vision of a hopeful future for our nation one in which the changes brought about by a networked world work for us and where more Americans are optimistic about their chances for learning training and employment In a collective point of view reworkamerica org the members offer their thoughts for pairing ideas with powerful actions to accelerate innovations that return opportunities to all Americans While uncertainty and pessimism about the future remain high there is a strong foundation on which to rebuild In fact 70 percent of middle class Americans in a recent Markle commissioned national survey said they want the chance to advance their education and training to learn new skills in math science and technology Eighty six percent agreed that learning throughout one s lifetime is critical to keeping up in today s world And nearly 9 out of 10 middle class Americans expressed support for access to resources that can help American small businesses expand into new markets There is no challenge more important for the strength of our nation than the challenge of advancing economic opportunity for all Americans said Markle CEO and President and Markle Economic Future Initiative co chair Zoë Baird Americans are known for their creativity and entrepreneurship By mastering innovations in learning and business growth we can reach for a better future in which all Americans prosper in the networked world Technology is making it easier than ever to tap into learning that is more flexible affordable and personalized It also is creating new ways for Americans to work or to start and grow a business aided by tech platforms that can bring the world s growing middle class as potential customers to our tablets We need to enable Americans to connect with buyers around the world and to bring the operational power and insight of large businesses into the hands of small entrepreneurs and main street businesses And 21st century learning options are needed to develop credentials that correlate with work that will carry Americans into the future and enable people to keep learning throughout their lives I have long believed the best investment a leader can make is in their own people and their futures said Howard Schultz chairman president and ceo of Starbucks and co chair of the Markle Economic Future Initiative Today too many of our youth believe the American Dream is impossible to achieve It s

    Original URL path: http://www.markle.org/resources/rework-america/video/about-markle/event/general-markle-financial-information/health/rework-america/video/economic/commentary-rework-america-members?term_node_tid_depth=All&tid_1=All&date_filter[value]=&page=7&tid=All (2016-02-10)
    Open archived version from archive

  • Colorado, Markle Foundation Launching Digital Jobs Platform | Markle | Advancing America's Future
    Advisors Quick Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos About Markle Page Sections About Markle A Message from Zoë Baird Our Principles Our Impact Board of Directors Senior Team Our History Quick Links Conference Space Events Markle in the News Media Releases Past Initiatives President s Letters Rework America Page Sections About Rework America A Message from Rework America Opportunity for All Our Impact Initiative Members Expert Advisors Quick Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos Colorado Markle Foundation Launching Digital Jobs Platform Publication Date Tue 06 23 2015 Colorado and the Markle Foundation are launching an initiative to connect state employers and educators with individuals looking for job opportunities through Rework America Connected article link http www bizjournals com denver news 2015 06 23 colorado markle foundation

    Original URL path: http://www.markle.org/about-markle/in-the-news/colorado-markle-foundation-launching-digital-jobs-platform (2016-02-10)
    Open archived version from archive

  • Embracing the New No-collar Worker | Markle | Advancing America's Future
    Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos About Markle Page Sections About Markle A Message from Zoë Baird Our Principles Our Impact Board of Directors Senior Team Our History Quick Links Conference Space Events Markle in the News Media Releases Past Initiatives President s Letters Rework America Page Sections About Rework America A Message from Rework America Opportunity for All Our Impact Initiative Members Expert Advisors Quick Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos Embracing the New No collar Worker Publication Date Fri 06 19 2015 The book s authors jointly written by members of the Markle Foundation including LinkedIn CEO Jeff Weiner and Starbucks Howard Schultz see a change in the employment market unlike anything since the Industrial Revolution article link http www theglobeandmail com report on business

    Original URL path: http://www.markle.org/about-markle/in-the-news/embracing-new-no-collar-worker (2016-02-10)
    Open archived version from archive

  • ‘Moment’ Is Now to Rework American Economy Says Zoë Baird | Markle | Advancing America's Future
    Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos About Markle Page Sections About Markle A Message from Zoë Baird Our Principles Our Impact Board of Directors Senior Team Our History Quick Links Conference Space Events Markle in the News Media Releases Past Initiatives President s Letters Rework America Page Sections About Rework America A Message from Rework America Opportunity for All Our Impact Initiative Members Expert Advisors Quick Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos Moment Is Now to Rework American Economy Says Zoë Baird Publication Date Fri 06 19 2015 Zoë Baird CEO of the Markle Foundation and contributor to America s Moment said Americans should take advantage of this dislocation in the economy not fear it article link http www thestreet com video 13192992 moment is now

    Original URL path: http://www.markle.org/about-markle/in-the-news/moment-now-rework-american-economy-says-zo-baird (2016-02-10)
    Open archived version from archive

  • Maxwell Dean Jim Steinberg on Rework America | Markle | Advancing America's Future
    Initiative Members Expert Advisors Quick Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos About Markle Page Sections About Markle A Message from Zoë Baird Our Principles Our Impact Board of Directors Senior Team Our History Quick Links Conference Space Events Markle in the News Media Releases Past Initiatives President s Letters Rework America Page Sections About Rework America A Message from Rework America Opportunity for All Our Impact Initiative Members Expert Advisors Quick Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos Maxwell Dean Jim Steinberg on Rework America Publication Date Fri 06 19 2015 Rework America is a broad collaboration including Dean Jim Steinberg of entrepreneurs educators technology leaders CEOs and others committed to advancing the American Dream article link https www maxwell syr edu news aspx id 124554058570 Our

    Original URL path: http://www.markle.org/about-markle/in-the-news/maxwell-dean-jim-steinberg-rework-america (2016-02-10)
    Open archived version from archive

  • Homepage News Events | Markle | Advancing America's Future
    Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos About Markle Page Sections About Markle A Message from Zoë Baird Our Principles Our Impact Board of Directors Senior Team Our History Quick Links Conference Space Events Markle in the News Media Releases Past Initiatives President s Letters Rework America Page Sections About Rework America A Message from Rework America Opportunity for All Our Impact Initiative Members Expert Advisors Quick Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos News Events Everyone Has a Meaningful Place in the New Economy One thing that hasn t changed is the fundamental belief that has driven this country since its inception that the American Dream should be within reach for everyone Aspen Ideas Festival 2015 At the 2015 Aspen Ideas Festival Markle CEO and President Zoë Baird and members of Rework America will outline a bold vision for a new way forward in their panel discussions Techonomy Policy Philip Zelikow Visiting Managing Director at Markle will preview some of the bold approaches and key ideas outlined in Rework America s new book America s Moment Creating Opportunity in the Connected Age We Need to Rework American Higher Education to Help Get Americans Back to Work By Zoë Baird Allen Blue and Michael Crow June 1 2015 A Surprising New Source of American Jobs China By Zoë Baird and Emily Parker May 29 2015 How JPMorgan Chase Wants to Tap Account Holder Data to Jump start the Economy Zoë Baird CEO and President of the Markle Foundation participated in a panel discussion on individual income and consumption volatility at the JPMorgan Chase Institute launch JPMorgan Chase Institute Launch At the launch of the JPMorgan Chase Institute Zoë Baird CEO and President of the Markle Foundation participated in a panel discussion on individual income and consumption volatility People in the News Appointments and Promotions The Markle Foundation has announced the appointments of Robert Khedouri as managing director and chief operating officer and Wan Lae Cheng as senior director Markle Foundation Announces Leadership Appointments Markle Foundation CEO and President Zoë Baird today announced the appointment of

    Original URL path: http://www.markle.org/about-markle/news-events?page=7 (2016-02-10)
    Open archived version from archive



  •