archive-org.com » ORG » M » MARKLE.ORG

Total: 1237

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Three Ways The President Can Create Digital Jobs Now | Markle | Advancing America's Future
    Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos About Markle Page Sections About Markle A Message from Zoë Baird Our Principles Our Impact Board of Directors Senior Team Our History Quick Links Conference Space Events Markle in the News Media Releases Past Initiatives President s Letters Rework America Page Sections About Rework America A Message from Rework America Opportunity for All Our Impact Initiative Members Expert Advisors Quick Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos Three Ways The President Can Create Digital Jobs Now Publication Date Tue 10 02 2012 Zoë Baird Markle President reflects on ways Americans can use technology to create jobs As the presidential candidates face off in their first debate we need them to address the substantial changes technology and the Internet are bringing to our economy Each candidate s economic platform must be built on a true picture of

    Original URL path: http://www.markle.org/about-markle/in-the-news/three-ways-president-can-create-digital-jobs-now (2016-02-10)
    Open archived version from archive

  • Homepage News Events | Markle | Advancing America's Future
    Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos About Markle Page Sections About Markle A Message from Zoë Baird Our Principles Our Impact Board of Directors Senior Team Our History Quick Links Conference Space Events Markle in the News Media Releases Past Initiatives President s Letters Rework America Page Sections About Rework America A Message from Rework America Opportunity for All Our Impact Initiative Members Expert Advisors Quick Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos News Events Policy and Technology Checklists for Procurers and Implementers Live Webcast New Markle Resources for Implementing Health Information Sharing The authors of the Policies in Practice will discuss their work during a live webcast at Markle Foundation HIMSS Annual Conference and Exhibition 2012 Markle is presenting during the HIE Symposium on February 20 2012 Symposium Luncheon Session The New Markle Connecting for Health Common Framework Policies in Practice at this annual health information technology conference IJIS Institute 2012 Winter Industry Briefing The IJIS Institute presents an update on the justice public safety and homeland security information sharing and IT market Markle Task Force member Jeff Smith will deliver the keynote address New York eHealth Collaborative 2011 Gala Awards Ceremony The New York eHealth Collaborative honors the Markle Foundation and others for their work in leading the advancement of health IT Club de Madrid s 2011 Annual Conference Digital Technologies for 21st Century Stefaan Verhulst Markle s Chief of Research participates in the breakout session The Changing Nature of Statecraft The Impact of Big Data at this Club de Madrid 2011 Annual Conference Senate Hearing Status Report on Information Sharing Markle Task Force presents testimony at the Senate hearing Ten Years After 9 11 A Status Report on Information Sharing Media in Conflict The Evaluation Imperative Media professionals from around the world present Caux Guiding Principles a guide for improving the monitoring of media interventions in conflict zones McCloskey Speaker Series Ten Years After 9 11 Markle s president Zoë Baird Budinger participates in discussion among a panel of leading policy experts and members of

    Original URL path: http://www.markle.org/about-markle/news-events?page=11 (2016-02-10)
    Open archived version from archive

  • Search | Markle | Advancing America's Future
    Economic Future Initiative s commitment to expand opportunities for all Americans in a networked world Through REWORK AMERICA the Markle Initiative will help drive innovations that expand opportunities for employment and broaden ways for all Americans to learn and train for the work of the future Co chaired by Markle CEO and President Zoë Baird and Starbucks chairman president and ceo Howard Schultz the Markle Initiative brings together a broad collaboration of entrepreneurs technology leaders CEOs educators community and religious leaders and other partners to empower all Americans to succeed in today s digital economy People in the News Appointments and Promotions The Markle Foundation has announced the appointments of Robert Khedouri as managing director and chief operating officer and Wan Lae Cheng as senior director Techonomy Detroit 2014 Was It Just a Dream At Techonomy Detroit Markle joins other leaders and thinkers from business technology and government to share views on how to move the U S and the world into an urbanized technologized inclusive future The conversations focus on how technology can boost U S economic growth job creation and urban revival Was It Just a Dream The American Dream that hard work could lead anyone to prosperity success and upward mobility feels increasingly irrelevant for a growing and frighteningly large group of Americans What will people do to attain economic and social security Will the middle class survive What new policies and strategies could we devise to help keep the American Dream alive Panelists Carol Goss Fellow Advanced Leadership Initiative Harvard University Danae Ringelmann Founder and Chief Development Officer Indiegogo Elizabeth Shuler Secretary Treasurer AFL CIO Philip Zelikow Visiting Managing Director Markle Foundation Moderator David Kirkpatrick Founder and CEO Techonomy Media Markle Foundation Announces Leadership Appointments NEW YORK NY Markle Foundation CEO and President Zoë Baird today announced the appointment of Robert Khedouri as Managing Director and Chief Operating Officer and Wan Lae Cheng as Senior Director Both will build on an already diverse and talented team committed to furthering Markle s mission to improve the economic security health and national security of all Americans Currently Markle is engaged in a nationwide effort to advance transformative strategies that create paths for good and meaningful work for all Americans in the digital age Rework America the Markle Economic Future Initiative is a group of more than 50 leaders from across America focused on driving innovations in business education and training to ensure all Americans have a meaningful place in the new economy Robert and Wan Lae are important appointments for Markle as they bring extensive experience and add the necessary leadership and depth that will help us drive Rework America said Zoë Baird CEO and president of the Markle Foundation Their strength in building teams and developing comprehensive strategies across sectors will be instrumental as our initiative moves forward Markle recognizes that America is in the midst of the greatest economic transformation in over a hundred years said Robert Khedouri Through Rework America Markle has a vision for

    Original URL path: http://www.markle.org/solr-search?keyword=&page=11 (2016-02-10)
    Open archived version from archive

  • Connecting Americans to their Health Care | Markle | Advancing America's Future
    Book America s Moment Archive Media Releases Member Commentary President s Letters Videos About Markle Page Sections About Markle A Message from Zoë Baird Our Principles Our Impact Board of Directors Senior Team Our History Quick Links Conference Space Events Markle in the News Media Releases Past Initiatives President s Letters Rework America Page Sections About Rework America A Message from Rework America Opportunity for All Our Impact Initiative Members Expert Advisors Quick Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos Connecting Americans to their Health Care Final Report Publication Date Thursday July 1 2004 Publication Source Markle Connecting for Health From January 2004 through June 2004 within the framework of Phase II of Connecting for Health the Working Group on Policies for Electronic Information Sharing Between Doctors and Patients examined the barriers to adoption of interoperable health information systems that provide for significant patient access and control The Working Group encountered enthusiastic patients clinicians and technologists united in their passion to permit individuals to be more engaged and successful managers of their own health all of whom recognized that the long term goals of safe affordable and high quality healthcare are unlikely to be achieved without tools that permit patients and families to be more active and successful The review of these early PHR

    Original URL path: http://www.markle.org/publications/1250-connecting-americans-their-health-care (2016-02-10)
    Open archived version from archive

  • Resources | Markle | Advancing America's Future
    authorization to share data Simply put such transactions require trust It will be impossible to trust and rely on any third party s authentication if those third parties practices are not observable either directly among contracted parties or via some industry accepted auditing and validation mechanism Recommendation 4B Ensure a mechanism for enforcement and redress for bad actions There needs to be a commonly accepted mechanism agreed upon in advance to redress unacceptable practices and eject bad actors Discussion Audit enforcement and redress are general issues for Consumer Access Services not just with the task of authentication All this is framed against the larger issues of binding Consumer Access Services to policies and accountability generally and against the general fragmentation of the health care industry a fragmentation that may increase as Consumer Access Services enter the picture Recommendation 4C Consider federation and or other contractual means to address Recommendations 4A and 4B If the Health Data Source Has not done its own identity proofing and token issuing for a consumer and Is considering a request from a Consumer Access Service to pass information on the consumer s behalf and Does not have sufficient direct means to monitor or observe the Consumer Access Service s authentication practices per Recommendations 4A and 4B Then we recommend that The Health Data Source should have strong mechanisms in place for identifying the Consumer Access Service itself The Consumer Access Service should be contractually bound to policies or to a group that sets and enforces shared policies e g the E Authentication Federation EAF Electronic Authentication Partnership EAP or similar The Consumer Access Service should use at least EAP Level 2 or equivalent We believe the EAF EAP is a good framework for a discussion on finding an acceptable degree of authentication certainty and policy enforcement Although some organizations might choose to join the EAF or the EAP there is likely no one size fits all answer Different business relationships and different consumer populations will likely require a variety of authentication services for their transactions Some consumers may even demand higher level authentication stringency for certain services Discussion We emphasize that the above scenario is not the only way to approach the problem See Appendix F for a draft architecture discussion Point to point trust is conceptually simplest from the point of view of any given pair of actors but pairwise trust exposes the system as a whole to daunting complexity Similarly a single national actor coordinating trust on behalf of everyone is not feasible at this time both because of the realities of fragmentation and the business context and also because the policing problem for a single actor is acute If these two extremes are in fact impractical this suggests some sort of chain of trust with mutual policing with various actors monitoring one another possibly in contractually arranged groups Conclusion A Path Forward This paper is driven by a desire to allow U S consumers to access and gain value from their own health information Connecting for Health accepts that much of our valuable personal health data is stored and managed by numerous entities The next key challenge is to establish the rules and techniques that establish trust among participants over a network of networks Policy rules will be needed in a number of areas including patient consent secondary use and data management Identity has quickly emerged as a primary problem in network access particularly given the sensitivity of personal health information A well understood and implemented Common Framework for managing health consumers identity is a prerequisite to networked use of personal health records The recommendations in this paper are based on the technologies and practices current at a particular moment and our desire to stimulate national progress in addressing this particular obstacle to consumers electronic access to their health information The problems of identity proofing and authentication are widely felt by all industries handling sensitive data or electronic transactions and as a result there is rapid evolution in the tools available for authentication Any process of authentication for consumer access anywhere in health care must be regularly re evaluated to factor in both new threats and new capabilities Many health care entities have significant interest in some form of networked personal health records The relationships they forge could have significant impact on possible trust scenarios for consumer authentication In addition there is a critical need to expand consumer education about techniques to safeguard identity in the Information Age Consumers should understand first that there are tradeoffs between security and convenience and second what the tradeoffs mean for them These many trends new threats new business relationships emerging technologies and consumer awareness and behavior all warrant close monitoring They certainly will have more impact on future health information sharing environments than the modest recommendations in this paper We do however hope that this paper contributes to a growing consensus that the path forward on consumer authentication requires careful thinking new research and innovative approaches Appendix A Acknowledgements Connecting for Health thanks the following Work Group members for participating in the rich discussion that resulted in this paper Chair Clay Shirky New York University Graduate Interactive Telecommunications Program Work Group Paula Arcioni New Jersey Office of Information Technology Ernie Argetsinger Omnimedix Institute Siddharth Bajaj VeriSign Inc Dan Combs Global Identity Solutions LLC Jeremy Coote InterComponentWare Inc Maureen Costello Ingenix Phillip D Angio VeriSign Inc James Dempsey JD Center for Democracy and Technology Carol Diamond MD MPH Markle Foundation Martin Fisher MedicAlert Foundation International Thomas Foth Pitney Bowes Inc Christopher Gervais Partners Community HealthCare Inc Mark Gingrich MS RxHub LLC Janlori Goldman JD Health Privacy Project Philip Hagen MD Mayo Clinic Jonathan Hare Resilient Elizabeth Holland Centers for Medicare Medicaid Services Mark Johnson Vanderbilt University and Medical Center Jennifer Kerber Information Technology Association of America Kristy LaLonde Office of E Government Information Policy and Technology U S Office of Management and Budget David Lansky PhD Markle Foundation J P Little RxHub LLC Kathleen Mahan MBA SureScripts Georgia Marsh United States General Services Administration E Authentication Initiative former position Phil Marshall MD MPH WebMD Health Daniel Matthews Lockheed Martin Corporation Damon Miller CapMed Corporation A Division of Bio Imaging Technologies Inc Kim Nazi FACHE United States Department of Veterans Affairs Alison Rein AcademyHealth Eric Sachs Google Health Charles Safran MD Harvard Medical School Scott Schumacher PhD Initiate Systems Inc Donald Simborg MD Independent Consultant Michael Simko RPH Walgreens Pharmacy Services Michael Stokes Microsoft Corporation David Temoshok General Services Administration Office of Governmentwide Policy Robert Tennant MA Medical Group Management Association Jeanette Thornton MPA America s Health Insurance Plans Allison Viola American Health Information Management Association David Yakimischak SureScripts Federal and state employees participated in the Work Group but make no endorsement Participated in Work Group but makes no endorsement per employer policy The Connecting for Health Work Group on Consumer Authentication Policies for Networked Personal Health Information wishes to thank Josh Lemieux for his expertise and tireless help preparing this manuscript In addition we thank Clay Shirky for his leadership and work on this manuscript Without his unique ability to parse very complex issues carefully and adeptly we could not have achieved this paper We also thank Dan Combs and Stefaan Verhulst for their help researching and drafting portions of this document Appendix B Scope and Charge of the Work Group The Work Group on Consumer Authentication and Health Information Exchange was charged with defining a framework to authenticate the identity of individual consumers consistent with Connecting for Health principles This includes identifying a baseline of policies and technologies to assert within acceptable thresholds of accuracy the identity of an individual consumer requesting copies of her personal data in an electronically networked health information environment The recommendations are intended to encourage a fresh approach to foster trust of all network participants and specifically to protect the consumer the health data holders and the Consumer Access Services from the following threats Defense against illegitimate access to health records This is defined in this paper as externally targeted or automated attacks to gain access into an individual s health information The attackers in this scenario could be either known to the consumer as with a relative or colleague looking at material inappropriately a targeted attack by someone not known to the patient as with a private detective trying to access records or an indiscriminate attack someone looking for anyone s health records possibly as a precursor to medical fraud Defense against identity theft The threat here is not to the clinical data per se but to the consumer s identifiers and demographics address date of birth Social Security Number health benefit eligibility number etc Protecting against identity theft is an obvious goal The key complication here is that it is very difficult to protect against family members posing as one another and it is not possible to design a system that covers all state regulations of parental access to their children s data Our Work Group did not focus on proxy access beyond the key principle that the identity of all proxies accessing the system be recorded as well as the identities of people for whom they are proxies so that should a proxy later lose access their authentication tokens can be revoked separately from the main account The following issues fell outside of the scope of this Work Group but we list them here to acknowledge their importance in creating a trusted health information sharing environment for consumers Consumer Issues Consumer Behavior We are not addressing what consumers do with their copies of personal health data We live in an age in which individuals are increasingly self publishing on the Internet intimate details of their personal lives It was outside the scope of this Work Group to attempt to address the complexities of individual behavior and choice Nevertheless these are relevant concepts Consumers own experiences and individual preferences will no doubt shape this emerging area Phishing There is a parallel problem to consumer authentication related to the assurances provided by the entity hosting the consumer s data Mechanisms need to be in place to defend the consumer against phishing attacks where a consumer is directed to log into a seemingly legitimate web site or service but which is really a copy of an existing site with a similar URL The risk of such phishing in medical contexts is high however the defenses against the phishing problem require a different set of strategies than those outlined in this document Data Storage Issues Data Security Methods to encrypt and secure health data repositories are beyond the scope of this paper We focus on defense against unauthorized users defeating authentication systems not attacks on larger data stores For purposes of this paper we accept as a precondition that all actors have good physical security practices The digital signing of records is also outside the scope of this paper Data Policies Also out of scope of this paper are policies for data custodianship and data sharing other than those related to identity proofing and authentication The parallel Connecting for Health Work Group on Consumer Access Policies for Networked Personal Health Information is working on recommendations for privacy policy disclosure and consent secondary use etc For purposes of this paper we accept as a precondition that the consumer has voluntarily initiated a PHR account and authorized all uses and exchanges of personal health data consistent with Connecting for Health principles for privacy 9 Business Issues Business relationships This paper does not address the necessary business relationships that would provide motivations for health data sources and PHR services to share data on the consumer s behalf or for intermediaries to emerge between them In summary this paper focuses on a framework for the authentication process when the individual wants to access or contribute personal health information electronically among health professionals or other health related entities HIPAA covered or not Appendix C Background on Connecting for Health Connecting for Health founded and operated by the Markle Foundation with additional support over the years from the Robert Wood Johnson Foundation is a public private collaborative organization with representatives from more than 100 organizations across the spectrum of health care stakeholders Its purpose is to catalyze the widespread changes necessary to realize the full benefits of health information technology HIT while protecting patient privacy and the security of personal health information Connecting for Health is continuing to tackle the key challenges to creating a networked health information environment that enables secure and private information sharing when and where it s needed to improve health and health care Connecting for Health has produced the following documents that lay the groundwork for this current work product focused on consumer authentication Linking Health Care Information Proposed Methods for Improving Care and Protecting Privacy February 2005 which describes an approach to matching patient records among disparate health care institutions 10 Connecting for Health Common Framework Resources for Implementing Private and Secure Health Information Exchange April 2006 which elaborates and defines a set of policy and technical elements necessary to enable secure exchange of health records among providers across the Internet including a set of principles for privacy and fair information practices in a networked environment The Connecting for Health Common Framework is composed of nine policy documents on topics such as privacy notification audit and authentication of non consumer users of the network and six technical documents that elaborate technical specifications of a network approach based on those policies 11 The Architecture for Privacy in a Networked Health Information Environment April 2006 which describes a set of fair information practices that the Common Framework has endorsed to guide systems that support the exchange of personal health information These principles are Openness and transparency Consumers should be able to know what information exists about them the purpose of its use who can access and use it and where it resides They should also be informed about policies and laws designed to ensure transparency on how privacy is assured Purpose specification and minimization The purposes for which personal data are collected should be specified at the time of collection and the subsequent use should be limited to those purposes or others that are specified on each occasion of change of purpose Collection limitation Personal health information should only be collected for specified purposes and should be obtained by lawful and fair means Where possible consumers should have the knowledge of or provide consent for collection of their personal health information Use limitation Personal data should not be disclosed made available or otherwise used for purposes other than those specified Individual participation and control Consumers should be able to control access to their personal information They should know who is storing what information on them and how that information is being used They should also be able to review the way their information is being used or stored Data quality and integrity All personal data collected should be relevant to the purposes for which they are to be used and should be accurate complete and current Security safeguards and controls Personal data should be protected by reasonable safeguards against such risks as loss or unauthorized access destruction use modification or disclosure Accountability and oversight Entities in control of personal health information must be held accountable for implementing these principles Remedies Legal and financial remedies must exist to address any security breaches or privacy violations Connecting Americans to Their Health Care A Common Framework for Networked Personal Health Information December 2006 which envisions a consumer accessible data stream consisting of electronic copies of personal health data that have been captured at various points on a network e g doctor s offices hospital systems pharmacies and pharmacy benefit managers labs diagnostic imaging services etc 12 Appendix D Other Groups Working on Authentication The following paragraphs list several authentication projects that currently exist This list is based on input from Authentication Work Group members and is not comprehensive Electronic Authentication Partnership EAP Building off the work of the E Authentication Federation see below and other authentication federations EAP has developed as a multi industry partnership working on the vital task of enabling interoperability for electronic authentication among public and private sector organizations It is sort of a federation of federations This group is creating a framework for accrediting and compliance testing of participating Credential Service Providers CSPs and Relying Parties RPs EAP also addresses the issue of liability See http eapartnership org See Trust Framework web site http projectliberty org liberty content download 3736 24651 file liberty identity assurance framework v1 0 pdf E Authentication Federation The E Authentication E Government Initiative is one of the President s 24 cross agency E Government Initiatives Its mission is to put in place the necessary infrastructure to support common unified processes and systems for government wide use E Authentication recently launched the E Authentication Federation EAF a public private partnership that enables citizens businesses and government employees to access online government services using log in IDs issued by trusted third parties both within and outside the government Currently 13 different agency web applications are using the service EAF has focused on the creation of policies systems and relationships that reuse existing credentials to meet the needs of mostly federal government relying parties EAF has created a framework by which a variety of Credential Service Providers currently including federal state and private sector organizations issue credentials to be trusted by Relying Parties in the federal government Quotations taken from E Authentication web site http www cio gov eauthentication Privacy http www cio gov eauthentication documents EAprivacy htm E Authentication Guidance for Federal Agencies M 04 04 http www whitehouse gov omb memoranda fy04 m04 04 pdf NIST 800 63 E Authentication Technical Guidelines http csrc nist gov publications nistpubs 800 63 SP800 63V1 0 2 pdf NIST 800 53 Recommended Security Controls for Federal Information Systems http csrc nist gov publications nistpubs 800 53 Rev3 sp800 53 rev3 final updated errata 05 01 2010 pdf Liberty Alliance Project In 2001 a consortium of 30 organizations formed the Liberty Alliance Project The project s stated mission is to establish an open standard for federated network identity through open technical specifications Over the past few years they have published an open framework for deploying and managing a variety of identity enabled Web Services Liberty Alliance is currently working on a framework for deploying and managing interoperable strong authentication Liberty Alliance is a standards group Liberty Alliance is represented on the EAP and involved either directly or through efforts of members and the products and services they provide with the other efforts Quotations taken from Liberty Alliance Project web site http www projectliberty org eC3 eC3 is an alliance of state and local governmental associations Their mission is to advance the use of electronic commerce by governmental organizations As part of this mission they have published several white papers concerning identity management See http www ec3 org index htm SAFE Biopharma Association This identity management organization maintains and enforces the SAFE framework which permits bio pharmaceutical companies to digitally sign business to business and business to regulator transactions SAFE is a successfully operating federation which has solved a number of important cross boundary issues including those of private public sector and international boundaries Based in the health industry it is familiar with health issues and familiar to current industry participants Representatives of SAFE participate in EAP See http www safe biopharma org HSPD 12 FIPS 201 PIV On August 17 2004 President Bush issued Homeland Security Presidential Directive 12 HSPD 12 This directive called for a common identification standard for all federal employees and contractors Given this directive the National Institutes for Standards and Technology developed the Federal Information Processing Standards Publication 201 FIPS 201 entitled Personal Identity Verification of Federal Employees and Contractors PIV This project will provide credentials to 10 to 12 million people at a relatively high level of verification and authentication and could be rolled out to many others through various extensions See http www whitehouse gov news releases 2004 08 20040827 8 html See Personal Identity Verification web site http csrc nist gov piv program index html Real ID Act The Real ID Act was passed in 2005 by Congress The Act is intended to deter terrorism Among other things the law states that after May 11 2008 no Federal agency may accept for official purposes a state driver s license as proof of identity unless that state s driver s license meets certain requirements defined by the Real ID Act There is a debate as to whether the Act creates a national ID The debate aside unless the law is repealed it will likely have a significant impact on how individuals in America manage their identities Real ID requires issuance of a machine readable credential based upon enhanced identity verification as well as improved security practice and technology There will likely be many different ways to use the Real ID credentials as functions are built to extend the systems or use of the credentials and as States and or the Federal Government extend the infrastructure It is possible that one or more States could choose to issue further electronic credentials PIN s passwords PKI certificates etc in conjunction with Real ID and or join EAF or EAP to provide a channel for citizens to use the credentials across a broader range of our society Shibboleth According to its web site Shibboleth is standards based open source middleware software which provides Web Single SignOn SSO across or within organizational boundaries As part of the Internet2 project Shibboleth is developing architectures policy structures practical technologies and an open source implementation to support inter institutional sharing of web resources subject to access controls In addition Shibboleth will develop a policy framework that will allow inter operation within the higher education community The Shibboleth federation approach is being widely adopted in this country by educational institutions and internationally by government and private sector organizations It is working to align its policies and practices to allow interoperability with EAF EAP and others Examples of initiatives that have adopted Shibboleth technology include InCommon EduCause and LionShare InCommon has set up InQueue as a learning environment for participating organizations See http shibboleth internet2 edu Bylaws http www incommonfederation org docs policies InC SCbylaws html Participant Operational Practices http www incommonfederation org docs policies incommonpop html Federation Operating Practices and Procedures http www incommonfederation org docs policies incommonfopp html Trust Service WebTrust SysTrust The American Institute of Certified Public Accountants initiated the WebTrust SysTrust project The AICPA s Trust Services are defined as a set of professional assurance and advisory services based on a common framework i e a core set of principles and criteria to address the risks and opportunities of IT Essentially the project enables CPAs to offer a new service to clients evaluating web sites that involve data transmission e g personal information such as credit card numbers birth date health information etc Web sites that meet the WebTrust SysTrust requirements can post a seal of approval logo on their web sites See http www webtrust org JA SIG Central Authentication Service CAS CAS is a single sign on service offered by JA SIG Java Architectures It is an open protocol that appears to be used primarily by the academic community It was originally created at Yale University See http www ja sig org products cas OATH As described on its web site OATH is an industry wide collaboration to develop an open reference architecture by leveraging existing open standards for the universal adoption of strong authentication Its vision is to provide a reference architecture for universal strong authentication across all users and all devices over all networks See http www openauthentication org American Health Information Community AHIC Confidentiality Privacy Security Work Group The American Health Information Community AHIC a health IT advisory panel of the U S Department of Health and Human Services in May 2006 established a cross cutting work group on confidentiality privacy and security The Work Group s charge is to make actionable confidentiality privacy and security recommendations to the Community on specific policies that best balance the needs between appropriate information protection and access to support and accelerate the implementation of the consumer empowerment chronic care and electronic health record related breakthroughs See http www hhs gov healthit ahic confidentiality Healthcare Information Technology Standards Panel HITSP HITSP will assist in the development of the U S Nationwide Health Information Network NHIN by selecting standards and publishing specifications to support use cases developed by AHIC and the Office of the National Coordinator for Health Information Technology ONC The Panel is sponsored by the American National Standards Institute ANSI in cooperation with strategic partners such as the Healthcare Information and Management Systems Society HIMSS the Advanced Technology Institute ATI and Booz Allen Hamilton See http www hitsp org Center for Democracy and Technology CDT In March 2007 the Center for Democracy and Technology released draft principles for identity in the Digital Age See http www cdt org security 20070327idprinciples pdf PCI Security Standards Council The PCI Security Standards Council is an open global forum for the ongoing development enhancement storage dissemination and implementation of security standards for account data protection The PCI Security Standards Council s mission is to enhance payment account data security by fostering broad adoption of the PCI Security Standards The organization was founded by American Express Discover Financial Services JCB MasterCard Worldwide and Visa International See https www pcisecuritystandards org Information Technology Association of America ITAA ITAA provides global public policy business networking and national leadership to promote the continued rapid growth of the IT industry The Association represents over 325 information technology companies ITAA has an Identity Management Committee that was created to provide a forum for industry to work with federal state and global governments to develop best practices for the authentication and verification of identity as well as to promote the use of technology to increase the security of our credentialing and access systems Members include companies producing driver s licenses national identity credentials and other identity cards managing federal state and local smart card and identity credentialing programs providing biometric devices radio frequency identification technologies and middleware solutions as well as performing background checks and other identity proofing services See http www itaa org Appendix E EAF EAP Levels The following is a very brief description of the E Authentication Federation EAF among U S government agencies and its companion organization for private sector organizations the E Authentication Partnership EAP Please refer to the EAF home page http www cio gov eauthentication for comprehensive documents and updates The National Institute for Standards and Technology NIST has documented EAF policies standards practices and technology The EAF is designed to create a trust infrastructure for authenticating individuals who wish to connect to Internet based services from federal agencies The EAP which licenses EAF standards is a partnership attempting to enable interoperability for electronic authentication among public and private sector organizations The EAF is further developed than the EAP and for simplicity we will refer to EAF for the rest of this discussion Joining the EAF requires Credential Service Providers and Relying Parties to agree to use the components of the infrastructure and to abide by the Business Rules and Operating Rules and comply with the requirements of the appropriate documents such as NIST SP 800 53 or NIST SP 800 63 Credential Service Provider An organization that offers one or more credential services i e proofs and provides credential to individuals Relying Party A person or agency that relies on the credentials issued by a Credential Service Provider There are many technology security privacy business and operating requirements for all participating organizations covered by the suite of documents and components used to guide the implementation of the EAF The following discussion will focus on those specific to identity proofing and credentials of individual users Relying parties within the EAF self assess the risk associated with reliance upon e authentication credentials 13 Based upon this risk assessment the relying party chooses which of four designated levels of authentication stringency will be required for accessing one or more of its online resources such as web sites applications or information Level 1 has no level specific requirements for proofing or issuance and thus does not have a section in the chart below This level can be employed when the Relying Party does not have a need to ascertain the identity of the person accessing a resource The consumer employs self assertion and she may employ a pseudonym Due to the lack of identity proofing the low level of security provided by Level 1 authentication is inappropriate for use in facilitating access to personal health information Proofing Requirements Under EAF The table below14 summarizes the requirements of Levels 2 4 Both in person and remote identity proofing methods are permitted for Levels 2 and 3 Explicit requirements are specified for each scenario in Levels 2 and 3 Only in person initial proofing is permitted at Level 4 Level 2 In Person Remote Basis for issuing credentials Possession of a valid current primary Government Photo ID that contains applicant s picture and either address of record or nationality e g driver s license or passport Possession of a valid Government ID e g a driver s license or passport number and a financial account number e g checking account savings account loan or credit card with confirmation via records of either number Registration Authority Actions Proofing Inspects Photo ID compares picture to applicant records ID number address and DoB If ID appears valid and photo matches applicant then If ID confirms address of record authorizes or issues credentials and sends notice to address of record or If ID does not confirm address of record issues credentials in a manner that confirms the address of record Inspects both ID number and account number supplied by applicant Verifies information provided by applicant including ID number or account number through record checks either with the applicable agency or institution or through credit bureaus or similar databases and confirms that name DoB address other personal information in records are on balance consistent with the application and sufficient to identify a unique individual Address confirmation and notification Sends notice to an address of record confirmed in the records check or Issues credentials in a manner that confirms the address of record supplied by the applicant or Issues credentials in a manner that confirms the ability of the applicant to receive telephone communications or e mail at number or e mail address associated with the applicant in records Level 3 In Person Remote Basis for issuing credentials Possession of verified current primary Government Photo ID that contains applicant s picture and either address of record or nationality e g driver s license or passport Possession of a valid Government ID e g a driver s license or passport number and a financial account number e g checking account savings account loan or credit card with confirmation via records of both numbers Registration Authority Actions Proofing Inspects Photo ID and verifies via the issuing government agency or through credit bureaus or similar databases Confirms that name DoB address and other personal information in record are consistent with the application Compares picture to applicant records ID number address and DoB If ID is valid and photo matches applicant then If ID confirms address of record authorizes or issues credentials and sends notice to address of record or If ID does not confirm address of record issues credentials in a manner that confirms address of record Verifies information provided by applicant including ID number and account number through record checks either with the applicable agency or institution or through credit bureaus or similar databases and confirms that name DoB address and other personal information in records are consistent with the application and sufficient to identify a unique individual Address confirmation Issues credentials in a manner that confirms the address of record supplied by the applicant or Issues credentials in a manner that confirms the ability of the applicant to receive telephone communications at a number associated with the applicant in records while recording the applicant s voice Level 4 In Person Remote Basis for issuing credentials In person appearance and verification of two independent ID documents or accounts meeting the requirements of Level 3 in person and remote one of which must be current primary Government Photo ID that contains applicant s picture and either address of record or nationality e g driver s license or passport and a new recording of a biometric of the applicant at the time of application Not applicable Registration Authority Actions Proofing Primary Photo ID Inspects Photo ID and verifies via the issuing government agency compares picture to applicant records ID number address and DoB Secondary Government ID or financial account Inspects Photo ID and if apparently valid compares picture to applicant record ID number address and DoB or Verifies financial account number supplied by applicant through record checks or through credit bureaus or similar databases and confirms that name DoB address other personal information in records are on balance consistent with the application and sufficient to identify a unique individual Records Current Biometric Record a current biometric e g photograph or fingerprints to ensure that applicant cannot repudiate application Confirms Address Issues credentials in a manner that confirms address of record Not applicable Ongoing Tokens Under EAF The following tables describe the allowable uses of tokens under EAF levels 2 4 Table 2 shows the types of tokens that may be used at each authentication assurance level Table 3 identifies the protections that are required at each level Table 2 Token Types Allowed at Each Assurance Level Token type Level 1 Level 2 Level 3 Level 4 Hard crypto token One time password device Soft crypto token Passwords PINs Table 3 Required Protections Protect against Level 1 Level 2 Level 3 Level 4 Online guessing Replay Eavesdropper Verifier impersonation Man in the middle Session hijacking Appendix F Two Models of Remote Authentication There are at least two possible architectural solutions to the question of allowing a Health Data Source to accept a Consumer Access Services request for copies of a consumer s health data First the Health Data Source could re authenticate the consumer Collectively we will call this repeated authentication process a two phase authentication not to be confused with two factor authentication Second in lieu of re authenticating the consumer the remote data source could accept an identity assertion from the Consumer Access Service Collectively we will call this scenario authentication plus assertion The diagram text and table below will elaborate on the differences between these two processes In authentication plus assertion right hand model the consumer only authenticates to the Consumer Access Service which then transmits an assertion to the remote source indicating that the consumer is requesting data In addition to this assertion the Consumer Access Service passes along its own organizational credentials The Consumer Access Service authenticates the consumer but asserts to the remote data source that it is acting on the consumer s behalf by presenting the demographic information necessary to match the consumer to data held by the remote data source Therefore authentication plus assertion assumes that a data owner trusts another entity i e the local application to authenticate the consumer In two phase authentication left hand model the consumer has two separate sets of authentication credentials and procedures Both the Consumer Access Service and the remote data source maintain separate authentication information on the consumer Each has gone through a process that initially proofs the consumer s identity and each has an associated method for authenticating the consumer on an ongoing basis The role of the Consumer Access Service is to both locally authenticate the consumer and to transmit the

    Original URL path: http://www.markle.org/publications?term_node_tid_depth=15&tid_1=All&date_filter[value]=&page=11 (2016-02-10)
    Open archived version from archive

  • Resources | Markle | Advancing America's Future
    think tank Some of the work he has led has appeared in academic journals books and the op ed pages of newspapers and business publications around the world including the FT WSJ NYT The Economist and he has spoken and participated at various global technology business and governmental forums Manyika was appointed by President Obama to serve on the President s Global Development Council He serves on the following boards U S Department of Commerce Innovation Advisory Board Aspen Institute Oxford Internet Institute UC Berkeley s School of Information iSchool Harvard s Du Bois Institute for African and African American Research American University in Cairo school of Global Affairs and Public Policy the World Affairs Council and Techonomy He is a Non Resident Senior Fellow of the Brookings Institution and a member of the Council on Foreign Relations Prior to McKinsey Manyika was on the Engineering Faculty at Oxford University a Visiting Scientist at NASA Jet Propulsion Laboratory A Rhodes Scholar Manyika holds DPhil M Sc and M A degrees from Oxford in Engineering Mathematics and Computer Science and BSc in Electrical Engineering from University of Zimbabwe Manyika has served on the California Rhodes selection committee and he is involved with several innovation philanthropy arts organizations and forums Howard Schultz Howard Schultz chairman president and chief executive officer of Starbucks first walked into Starbucks in Seattle s Pike Place Market in 1981 Schultz was invited into conversation with these connoisseurs who took great care in not only finding and roasting the highest quality coffee but also sharing their passion with others Drawn to Seattle and its extraordinary coffee culture Schultz moved from his native New York and joined Starbucks in 1982 as director of operations and marketing when Starbucks had only four stores A year later in 1983 Schultz traveled to Italy and became captivated with Italian coffee bars and the romance of the coffee experience He had a vision to bring the Italian coffeehouse tradition to America He wanted to create a place for human connection conversation and one that fostered a sense of community a third place between work and home He left Starbucks for a short period of time to start his own Il Giornale coffeehouses and returned in August 1987 as chief executive officer to purchase Starbucks with the help of local investors Today Starbucks is the premier purveyor of the finest coffee in the world with more than 18 000 stores in 62 countries serving nearly 70 million customers each week A Company with Soul From the beginning Schultz set out to build a different kind of company One that brings a sense of humanity and demonstrates respect and dignity In these early days Schultz created two landmark programs that form the foundation of Starbucks culture First Starbucks offered comprehensive health coverage for eligible full and part time workers among the first in the retail industry Schultz remains committed to health benefits despite the rising health care costs of the past two decades Second Starbucks offered partners employees equity in the company in the form of stock options called Bean Stock These early investments in people have proven that you can build a business that is profitable while sharing its success with Starbucks partners as well as the community Transforming Starbucks for the Future Chairman since 2000 Schultz resumed the role of president and chief executive officer in January 2008 Since his return he has led a transformation of the company bringing the company to sustainable profitable growth with a renewed focus on Starbucks coffee heritage innovation and the customer experience He has also galvanized leaders both inside and outside the company to take action to help local communities including the effort he spearheaded in 2011 called Create Jobs for USA a campaign designed to stimulate and preserve small business job creation At the heart of the Starbucks Experience today just as it has been from the beginning is Starbucks mission to inspire and nurture the human spirit one person one cup and one neighborhood at a time Honors Schultz has been recognized for his passion his leadership and his efforts to strengthen communities Schultz received the 2013 Kellogg Award for Distinguished Leadership at Northwestern University for his commitment to employees and communities He was named Fortune s 2011 Businessperson of the year for delivering record financial returns for the company while leading an effort to spur job creation in the U S He has also been honored with the Horatio Alger Award for those who have overcome adversity to achieve success the Rev Theodore M Hesburgh Award for Business Ethics given by Notre Dame University s Mendoza College of Business the Botwinick Prize in Business Ethics from Columbia business School and the first ever John Wooden Global Leadership Award from UCLA Anderson School of Management He has also been included in Time magazine s Time 200 a list of the most influential people in the world Schultz is the best selling author of Onward How Starbucks Fought for Its Life without Losing Its Soul 2011 and Pour Your Heart Into It 1997 The profits from the sales of his books are donated to the Starbucks Foundation which supports the company s commitment to community and the CUP Fund which provides financial relief to partners facing emergency situations Schultz earned a bachelor s degree from Northern Michigan University He spent three years in sales and marketing with Xerox Corporation Before joining Starbucks he was Vice President and General Manager of Hammarplast U S A a Swedish housewares company He is co founder of Maveron LLC a venture capital group Michèle A Flournoy Michèle Flournoy is a Senior Advisor at the Boston Consulting Group From 2009 to 2012 she served as the Under Secretary of Defense for Policy the principal adviser to the Secretary of Defense in the formulation of national security and defense policy oversight of military plans and operations and in National Security Council deliberations She led the development of DoD s FY2013 Strategic

    Original URL path: http://www.markle.org/resources/rework-america/video/about-markle/event/general-markle-financial-information/health/rework-america/video/economic/commentary-rework-america-members?term_node_tid_depth=All&tid_1=All&date_filter[value]=&page=12&tid=All (2016-02-10)
    Open archived version from archive

  • Homepage News Events | Markle | Advancing America's Future
    Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos About Markle Page Sections About Markle A Message from Zoë Baird Our Principles Our Impact Board of Directors Senior Team Our History Quick Links Conference Space Events Markle in the News Media Releases Past Initiatives President s Letters Rework America Page Sections About Rework America A Message from Rework America Opportunity for All Our Impact Initiative Members Expert Advisors Quick Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos News Events 2011 State Healthcare IT Connect Summit Markle s Director of Health Meredith Taylor hosts Fostering a Net of Trust in Health Information Exchange a session describing the foundational policies and practices of the Markle Connecting for Health Common Framework Health Care Information Technology Markle s Senior Director of Health Initiatives Laura Bailyn shares her perspectives during a panel discussion focusing on examining technology s potential to influence and improve health care Excellence in Government 2011 The Results Imperative Stefaan Verhulst Markle s Chief of Research participates in a discussion Information Sharing The Unintended Consequences at this full day conference exploring innovative ideas on how technology intersects with human capital and performance management Securing the Cyber Commons A Global Dialogue Markle s Chief of Research Stefaan Verhulst participates on the working group Challenges of Cyberspace Research at this public forum aimed at addressing the challenges of cyber security 2011 Health 2 0 Spring Fling Markle s Managing Director of Health Carol Diamond MD MPH participates on the Wellness 2 0 Prevention Exercise Food panel discussion Getting Health IT Right Under the American Recovery and Reinvestment Act Markle Connecting for Health hosted a discussion forum on strategic priorities for the health IT provisions of the economic stimulus law Wiki Government How Technology Can Make Government Better Democracy Stronger and Citizens More Powerful Professor and author Beth Simone Noveck presents her book Wiki Government EastWest Institute s 7th Annual Worldwide Security Conference Stefaan Verhulst Markle s Chief of Research attends International Pathways to Cybersecurity to participate in discussion on the practicalities of meeting new security threat Counterterrorism 2 0 Using IT to Connect the Dots Membes of the

    Original URL path: http://www.markle.org/about-markle/news-events?page=12 (2016-02-10)
    Open archived version from archive

  • Search | Markle | Advancing America's Future
    environment and so on Some of the Model s terms will be inapplicable to some SNOs The Model shows where some of the variations might be expected to occur M1 Key Topics in a Model Contract for Health Information Exchange Topic List Introduction This document Topic List describes the issues addressed by the Connecting for Health Model Contract for Health Information Exchange Model Background A SNO is to operate as a health information data exchange organization both regional and affinity that operates as a part of the National Health Information Network NHIN a nationwide environment for the electronic exchange of health information Use of Model The Model is based on a number of assumptions which are described in the following discussion The Model is not the answer for all SNOs Instead it is intended to assist in the organization of a SNO by providing a basis upon which to begin drafting that SNO s Terms and Conditions All language provided in the Model is intended for informational and educational purposes only It is not intended nor should it be used as a substitute for legal advice In preparing its own terms and conditions or other legal documents used in connection with its participation in the NHIN an organization should consult with legal counsel Each SNO will have to draft its Terms and Conditions based upon its own organization operations system and services regulatory environment and so on Some of the Model s terms will be inapplicable to some SNOs The Model shows where some of the variations might be expected to occur Debra Burton At age 18 Debra Burton a single mother dropped out of high school A resident of North Philadelphia where opportunities for advancement were scarce she found a job as a nursing aide Looking to advance in her career she began searching for a way to translate her years of on the job training with a recognized credential At age 40 Debra found a little known non profit fund that proved to be the key to advancement the District 1199C Training Upgrading Fund This creative approach enabled Debra to enroll in a behavior health technician program and obtain an associate s degree The program reimbursed her tuition and arranged additional tutoring At age 51 armed with a college degree Debra secured a much better paying job in the North Philadelphia Health System She is the first in her family to obtain a college degree and she continues to give back by mentoring others in her community Tanya Menendez and Matthew Burnett Matthew and Tanya exemplify how some Americans are looking at the new tools that this era of American economic history is offering to them They are seizing ways to use these tools like platforms and new kinds of producer consumer relationships to build new businesses When they look at this digital revolution and the networked economy they see new opportunities Together they founded Maker s Row a domestic sourcing platform making the manufacturing process simple to

    Original URL path: http://www.markle.org/solr-search?keyword=&page=12 (2016-02-10)
    Open archived version from archive



  •