[Med-privacy] Health Data
peter marshall
pwm@comcast.net
Fri, 26 Jun 2009 11:32:02 -0700
--Apple-Mail-35--701533174
Content-Type: text/plain;
charset=ISO-8859-1;
format=flowed;
delsp=yes
Content-Transfer-Encoding: quoted-printable
A Briefing On Public Policy Issues Affecting Civil Liberties
Online from The Center For Democracy and Technology
This Policy Post is online: =
http://cdt.org/publications/policyposts/2009/11
Stronger Protections for, and Encouraging the Use of,
De-Identified (and "Anonymized") Health Data
1) The Importance of De-Identified Health Data
2) De-Identification, Limited Data Set Requirements of the HIPAA =20
Privacy Rule
3) Why a Re-Examination of De-Identification Policy is Needed
4) Some Recommendations for Reform
___________________________________________
1) The Importance of De-Identified Health Data
The trend towards adoption of health information technology (health =20
IT) offers substantial benefits not only to individuals in terms of =20
improving health care quality and increasing efficiency, but also to =20
medical research, public health and other functions that derive value =20=
from large sets of health-related data.
At the same time, increased electronic flows of health data pose =20
significant risks to privacy. Among the many challenges that will =20
require attention as health IT is promoted through implementation of =20
the stimulus legislation and other means is how to strip health data =20
of personal identifiers in order to eliminate or reduce privacy =20
concerns, while still retaining useful information.
Numerous public and private entities currently use de-identified =20
health data. Among the most widespread applications of de-identified =20
data are quality improvement, public health (including syndromic =20
surveillance), research (including clinical and epidemiological =20
research), and a variety of commercial uses, such as improving the =20
efficiency of operations, and understanding risks to patients.
Health Privacy Project De-identification Paper: =
http://www.cdt.org/healthprivacy/20090625_deidentify.pdf=20
(June 2009)
___________________________________________
2) De-Identification and Limited Data Set Requirements of the HIPAA =20
Privacy Rule
Under the Health Insurance Portability and Accountability Act (HIPAA) =20=
Privacy Rule, health data is categorized in one of three ways: =20
protected health information, de-identified data, and the limited data =20=
set. Health data that is fully identifiable--that contains patient =20
names, addresses or other identifiers--is "protected health =20
information" and is subject to some restrictions on access, use, and =20
disclosure.
Two additional classes of data are stripped of identifiers and are =20
either exempted from, or treated differently under, the Privacy Rule. =20=
First, "de-identified" data has been so stripped of common identifiers =20=
that there is no "reasonable basis" to believe it can be traced back =20
to the subject. Data that qualifies as "de-identified" under the =20
Privacy Rule is not regulated at all; there are no restrictions on who =20=
can acquire it or the purposes for which it can be accessed, used, or =20=
disclosed.
A "limited data set," by contrast, is stripped of many categories of =20
identifying information but retains information often needed for =20
public health and research (such as birth dates, dates of treatment, =20
and some geographic data). Entities covered by HIPAA may share a =20
limited data set for research, public health and health care =20
operations purposes permitted by the Privacy Rule, so long as all =20
recipients are bound by a data use agreement with the originator of =20
the data.
___________________________________________
3) Why a Re-Examination of De-Identification Policy is Needed
Although the intentions underlying the Privacy Rule's three-part =20
approach (protected health information, de-identified data, and the =20
limited data set) were laudable, the framework has been rendered less =20=
satisfactory as a result of technology changes and a growing =20
sophistication in the use of data. At least three challenges arise. =20
First, not all uses of de-identified health data or a limited data set =20=
require identical levels of identity masking. Ideally, a broader =20
spectrum of data "anonymization" options would better meet the needs =20
of different contexts and ensure that data is accessed or disclosed in =20=
the least identifiable form possible for any given purpose. We use =20
the term "anonymized" to refer to data that is intended to be =20
anonymous to data recipients.
Second, the Privacy Rule, by permitting use of fully identified data =20
for treatment, payment, health care operations, and a range of other =20
health-related activities, provides little incentive for covered =20
entities to use data that is less than fully identifiable. Of =20
particular concern is the category of health care operations, which =20
includes some tasks that arguably could be fulfilled with data that is =20=
less than fully identifiable. Covered entities are required under the =20=
Rule to use the "minimum necessary" amount of data needed to =20
accomplish health care operations tasks, but CDT is unaware of any =20
circumstances in which this standard has been expressly interpreted to =20=
set limits on the identifiability of data used for a particular =20
function.
Third, the de-identification provisions of the Privacy Rule may no =20
longer be as effective as they once were at protecting privacy. =20
Changes in society and technology, including a vast explosion in the =20
volume of digital data, have made the re-identification of health =20
information easier and cheaper than ever before. In addition, the =20
Privacy Rule has never included mechanisms for holding all recipients =20=
of de-identified data accountable for re-identification.
___________________________________________
4) Some Recommendations for Reform
CDT proposes several ways to strengthen the Privacy Rule's de-=20
identification standards and to encourage the use of de-identified =20
data through complimentary policies. We also recommend that the =20
Department of Health and Human Services (HHS) consider creating =20
additional data anonymization options (beyond de-identification and =20
the limited data set), either by regulation or through guidance on how =20=
to apply the minimum necessary standard to routine uses and =20
disclosures of data beyond treatment. We offer the following specific =20=
recommendations to balance the twin interests of flexibility and data =20=
protection:
=B7 Strengthen accountability by requiring data use agreements
HHS should consider requiring HIPAA covered entities to enter into =20
data use agreements with recipients of de-identified data. Such =20
agreements need not rise to the level of business associate =20
agreements, which are needed to protect fully identifiable data. =20
Instead, they can be more limited in scope, similar to those used for =20=
limited data sets. In addition, HHS and Congress should consider how =20
to hold entities disclosing and/or receiving de-identified data =20
accountable when data is inappropriately re-identified.
=B7 Expand data anonymization options under the Privacy Rule
Different levels of data protections are appropriate in different =20
contexts. Providing only two options for masking data may limit the =20
value that can be derived from data, leaving researchers and others =20
seeking aggregate data with few alternatives beyond the use of fully =20
identifiable data. HHS should consider developing additional data =20
anonymization options that can be used for a broader range of =20
activities and that are appropriately protected against re-=20
identification.
=B7 Provide incentives to use less than fully identifiable data for =
=20
certain purposes
Fully identifiable data may not be needed to accomplish all of the =20
activities currently included in the Privacy Rule under "health care =20
operations." Ideally, the degree of protection for data should =20
increase with its degree of identifiability. While drafting specific =20
yet sufficiently flexible rules to accomplish a sliding scale of =20
protections will be a challenge, the limited data set may serve as a =20
good model for handling data that is not fully identifiable. At a =20
minimum, protections to ensure that data is not inappropriately re-=20
identified are critical. CDT encourages HHS to incorporate these =20
points in the guidance on the Privacy Rule's minimum necessary =20
standard that the stimulus legislation requires be issued by August =20
17, 2010.
=B7 Provide support through "Centers of Excellence" in de-=20
identification
Given that many HIPAA covered entities do not have sufficient in-house =20=
expertise to de-identify data using sophisticated methodologies, HHS =20
should consider designating certain existing or new organizations =20
"Centers of Excellence" with respect to data de-identification. =20
Covered entities seeking to release de-identified data could be =20
required or given incentives to consult with these entities to gain =20
the necessary expertise, or could outsource the work of de-=20
identification to them. In developing this process, HHS should =20
consider partnering with the National Institute for Standards and =20
Technology (NIST), which has significant expertise on data =20
anonymization techniques.
=B7 Require or encourage the use of limited access datasets and =20
other technical solutions
HHS should consider requiring or encouraging the use of innovative =20
technical solutions to protect data. One promising approach is the use =20=
of "limited access datasets," which give users access only to =20
aggregate data that is relevant to specific questions they pose. =20
Information that is not essential to a particular inquiry, including =20
patient identifiers, is never shared, making it much more difficult to =20=
associate data with a particular individual. Such technical solutions =20=
should be applied to existing databases rather than creating new ones. =20=
Allowing data to remain in its place of origin and bringing critical =20
research questions to the data, is the most efficient and effective =20
way to meet the diverse needs of our health system while protecting =20
privacy and security.
=B7 Require education and training of staff de-identifying data
Any staff involved in de-identifying health data or working with it =20
should participate in basic training about how best to use procedural =20=
and technical means to protect privacy and security. Staff training, =20
perhaps supported by the Centers of Excellence described above, would =20=
help to minimize the likelihood of breaches and other misuses of data.
=B7 Consider increasing public transparency regarding uses of de-=20=
identified data
As discussed, data that has been de-identified according to the =20
Privacy Rule's provisions is free from restrictions on use and =20
disclosure. If it is rigorously de-identified and sufficiently =20
protected against re-identification, such data does not raise a =20
privacy risk to individuals. However, some have expressed other policy =20=
concerns about the ways that de-identified data is currently being =20
used. To address these concerns, policymakers could encourage or =20
require a greater degree of public transparency about how data =20
(including de-identified data) is used. Greater transparency could =20
contribute to the development of guidelines regarding data use.
___________________________________________
.
This document may be redistributed freely in full or linked to =
http://cdt.org/publications/policyposts/2009/11
Excerpts may be re-posted with prior permission of brock@cdt.org
Policy Post 15.11 Copyright 2009 Center for Democracy & Technology
_______________________________________________
--Apple-Mail-35--701533174
Content-Type: text/html;
charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><div><div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; min-height: 14px; "><br></div> </div><div =
style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><span class=3D"Apple-style-span" =
style=3D"font-family: Arial; "><p class=3D"MsoNormal"><span =
style=3D"font-family: Arial; ">A Briefing On Public Policy Issues =
Affecting Civil Liberties<br>Online from The Center For Democracy and =
Technology<o:p></o:p></span></p><p class=3D"MsoNormal"><span =
style=3D"font-family: Arial; ">This Policy Post is online: <a =
href=3D"http://cdt.org/publications/policyposts/2009/11">http://cdt.org/pu=
blications/policyposts/2009/11</a><o:p></o:p></span></p><p =
class=3D"MsoNormal"><span style=3D"font-family: Arial; ">Stronger =
Protections for, and Encouraging the Use of, <br>De-Identified (and =
"Anonymized") Health Data<o:p></o:p></span></p><p =
class=3D"MsoNormal"><span style=3D"font-family: Arial; ">1) The =
Importance of De-Identified Health Data <br>2) De-Identification, =
Limited Data Set Requirements of the HIPAA Privacy Rule<br>3) Why a =
Re-Examination of De-Identification Policy is Needed<br>4) Some =
Recommendations for Reform<o:p></o:p></span></p><p =
class=3D"MsoNormal"><b><span style=3D"font-family: Arial; =
">___________________________________________<o:p></o:p></span></b></p><p =
class=3D"MsoNormal"><span style=3D"font-family: Arial; ">1) The =
Importance of De-Identified Health Data<o:p></o:p></span></p><p =
class=3D"MsoNormal"><span style=3D"font-family: Arial; ">The trend =
towards adoption of health information technology (health IT) offers =
substantial benefits not only to individuals in terms of improving =
health care quality and increasing efficiency, but also to medical =
research, public health and other functions that derive value from large =
sets of health-related data.<o:p></o:p></span></p><p =
class=3D"MsoNormal"><span style=3D"font-family: Arial; ">At the same =
time, increased electronic flows of health data pose significant risks =
to privacy. Among the many challenges that will require attention as =
health IT is promoted through implementation of the stimulus legislation =
and other means is how to strip health data of personal identifiers in =
order to eliminate or reduce privacy concerns, while still retaining =
useful information.<o:p></o:p></span></p><p class=3D"MsoNormal"><span =
style=3D"font-family: Arial; ">Numerous public and private entities =
currently use de-identified health data. Among the most widespread =
applications of de-identified data are quality improvement, public =
health (including syndromic surveillance), research (including clinical =
and epidemiological research), and a variety of commercial uses, such as =
improving the efficiency of operations, and understanding risks to =
patients.<o:p></o:p></span></p><p class=3D"MsoNormal"><span =
style=3D"font-family: Arial; ">Health Privacy Project De-identification =
Paper:<span> </span><a =
href=3D"http://www.cdt.org/healthprivacy/20090625_deidentify.pdf">http://w=
ww.cdt.org/healthprivacy/20090625_deidentify.pdf</a> (June =
2009)<o:p></o:p></span></p><p class=3D"MsoNormal"><b><span =
style=3D"font-family: Arial; =
">___________________________________________<o:p></o:p></span></b></p><p =
class=3D"MsoNormal"><span style=3D"font-family: Arial; ">2) =
De-Identification and Limited Data Set Requirements of the HIPAA Privacy =
Rule<o:p></o:p></span></p><p class=3D"MsoNormal"><span =
style=3D"font-family: Arial; ">Under the Health Insurance Portability =
and Accountability Act (HIPAA) Privacy Rule, health data is categorized =
in one of three ways: protected health information, de-identified data, =
and the limited data set. Health data that is fully </span><span =
style=3D"font-family: Arial; ">identifiable--that contains patient =
names, addresses or other identifiers--is "protected health information" =
and is subject to some restrictions on access, use, and =
disclosure.<o:p></o:p></span></p><p class=3D"MsoNormal"><span =
style=3D"font-family: Arial; ">Two additional classes of data are =
stripped of identifiers and are either exempted from, or treated =
differently under, the Privacy Rule. First, </span><span =
style=3D"font-family: Arial; ">"de-identified" data has been so stripped =
of common identifiers that there is no "reasonable basis" to believe it =
can be traced back to the subject. Data that </span><span =
style=3D"font-family: Arial; ">qualifies as "de-identified" under the =
Privacy Rule is not regulated at all; there are no restrictions on who =
can acquire it or the purposes for which it can be accessed, used, or =
disclosed.<o:p></o:p></span></p><p class=3D"MsoNormal"><span =
style=3D"font-family: Arial; ">A "limited data set," by =
contrast, </span><span style=3D"font-family: Arial; ">is stripped =
of many categories of identifying information but retains information =
often needed for public health and research (such as birth dates, dates =
of treatment, and some geographic data). </span><span =
style=3D"font-family: Arial; ">Entities covered by HIPAA may share a =
limited data set for research, public health and health care operations =
purposes permitted by the Privacy Rule, so long as all recipients are =
bound by a data use agreement with the originator of the =
data.<span> </span><o:p></o:p></span></p><p =
class=3D"MsoNormal"><b><span style=3D"font-family: Arial; =
">___________________________________________<o:p></o:p></span></b></p><p =
class=3D"MsoNormal"><span style=3D"font-family: Arial; ">3) Why a =
Re-Examination of De-Identification Policy is =
Needed<o:p></o:p></span></p><p class=3D"MsoNormal"><span =
style=3D"font-family: Arial; ">Although the intentions underlying the =
Privacy Rule's three-part approach (protected health information, =
de-identified data, and the limited data set) were laudable, the =
framework has been rendered less satisfactory as a result of technology =
changes and a growing sophistication in the use of data. At least three =
challenges arise. First, not all uses of de-identified health data or a =
limited data set require identical levels of identity masking. Ideally, =
a broader spectrum of data "anonymization" options would better meet the =
needs of different contexts and ensure that data is accessed or =
disclosed in the least identifiable form possible for any given =
purpose.<span> </span>We use the term "anonymized" to refer =
to data that is intended to be anonymous to data =
recipients.<o:p></o:p></span></p><p class=3D"MsoNormal"><span =
style=3D"font-family: Arial; ">Second, the Privacy Rule, by permitting =
use of fully identified data for treatment, payment, health care =
operations, and a range of other health-related activities, provides =
little incentive for covered entities to use data that is less than =
fully identifiable. Of particular concern is the category of health care =
operations, which includes some tasks that arguably could be fulfilled =
with data that is less than fully identifiable. Covered entities are =
required under the Rule to use the "minimum necessary" amount of data =
needed to accomplish health care operations tasks, but CDT is unaware of =
any circumstances in which this standard has been expressly interpreted =
to set limits on the identifiability of data used for a particular =
function.<o:p></o:p></span></p><p class=3D"MsoNormal"><span =
style=3D"font-family: Arial; ">Third, the de-identification provisions =
of the Privacy Rule may no longer be as effective as they once were at =
protecting privacy. Changes in society and technology, including a vast =
explosion in the volume of digital data, have made the re-identification =
of health information easier and cheaper than ever before. In addition, =
the Privacy Rule has never included mechanisms for holding all =
recipients of de-identified data accountable for =
re-identification.<o:p></o:p></span></p><p class=3D"MsoNormal"><b><span =
style=3D"font-family: Arial; =
">___________________________________________<o:p></o:p></span></b></p><p =
class=3D"MsoNormal"><span style=3D"font-family: Arial; ">4) Some =
Recommendations for Reform<o:p></o:p></span></p><p class=3D"MsoNormal" =
style=3D"line-height: 15pt; "><span style=3D"font-family: Arial; ">CDT =
proposes several ways to strengthen the Privacy Rule's de-identification =
standards and to encourage the use of de-identified data through =
complimentary policies. We also recommend that the Department of Health =
and Human Services (HHS) consider creating additional data anonymization =
options (beyond de-identification and the limited data set), either by =
regulation or through guidance on how to apply the minimum necessary =
standard to routine uses and disclosures of data beyond =
treatment. </span><span style=3D"font-family: Arial; ">We offer the =
following specific recommendations to balance the twin interests of =
flexibility and data protection:<o:p></o:p></span></p><p =
class=3D"MsoListParagraphCxSpFirst" style=3D"margin-left: 0.25in; =
text-indent: -0.25in; line-height: 15pt; "><span style=3D"font-family: =
Symbol; "><span>=B7<span style=3D"font: normal normal normal 7pt/normal =
'Times New Roman'; =
"> </span></span></span><span =
style=3D"font-family: Arial; ">Strengthen accountability by requiring =
data use agreements<br></span><span style=3D"font-family: Arial; ">HHS =
should consider requiring HIPAA covered entities to enter into data use =
agreements with recipients of de-identified data. Such agreements need =
not rise to the level of business associate agreements, which are needed =
to protect fully identifiable data. Instead, they can be more limited in =
scope, similar to those used for limited data sets. In addition, HHS and =
Congress should consider how to hold entities disclosing and/or =
receiving de-identified data accountable when data is inappropriately =
re-identified.<br><br><o:p></o:p></span></p><p =
class=3D"MsoListParagraphCxSpMiddle" style=3D"margin-left: 0.25in; =
text-indent: -0.25in; line-height: 15pt; "><span style=3D"font-family: =
Symbol; "><span>=B7<span style=3D"font: normal normal normal 7pt/normal =
'Times New Roman'; =
"> </span></span></span><span =
style=3D"font-family: Arial; ">Expand data anonymization options under =
the Privacy Rule<b><i><br></i></b></span><span style=3D"font-family: =
Arial; ">Different levels of data protections are appropriate in =
different contexts. Providing only two options for masking data may =
limit the value that can be derived from data, leaving researchers and =
others seeking aggregate data with few alternatives beyond the use of =
fully identifiable data. HHS should consider developing additional data =
anonymization options that can be used for a broader range of activities =
and that are appropriately protected against =
re-identification.<span> </span><br><br><o:p></o:p></span></p><=
p class=3D"MsoListParagraphCxSpMiddle" style=3D"margin-left: 0.25in; =
text-indent: -0.25in; line-height: 15pt; "><span style=3D"font-family: =
Symbol; "><span>=B7<span style=3D"font: normal normal normal 7pt/normal =
'Times New Roman'; =
"> </span></span></span><span =
style=3D"font-family: Arial; ">Provide incentives to use less than fully =
identifiable data for certain purposes<b><i><br></i></b>Fully =
identifiable data may not be needed to accomplish all of the activities =
currently included in the Privacy Rule under "health care operations." =
Ideally, the degree of protection for data should increase with its =
degree of identifiability. While drafting specific yet sufficiently =
flexible rules to accomplish a sliding scale of protections will be a =
challenge, the limited data set may serve as a good model for handling =
data that is not fully identifiable. At a minimum, protections to ensure =
that data is not inappropriately re-identified are critical. CDT =
encourages HHS to incorporate these points in the guidance on the =
Privacy Rule's minimum necessary standard that the stimulus legislation =
requires be issued by August 17, 2010.<br><br></span><span =
style=3D"font-family: Arial; "><o:p></o:p></span></p><p =
class=3D"MsoListParagraphCxSpLast" style=3D"margin-left: 0.25in; =
text-indent: -0.25in; line-height: 15pt; "><span style=3D"font-family: =
Symbol; "><span>=B7<span style=3D"font: normal normal normal 7pt/normal =
'Times New Roman'; =
"> </span></span></span><span =
style=3D"font-family: Arial; ">Provide support through "Centers of =
Excellence" in de-identification<br></span><span style=3D"font-family: =
Arial; ">Given that many HIPAA covered entities do not have sufficient =
in-house expertise to de-identify data using sophisticated =
methodologies, HHS should consider designating certain existing or new =
organizations "Centers of Excellence" with respect to data =
de-identification. Covered entities seeking to release de-identified =
data could be required or given incentives to consult with these =
entities to gain the necessary expertise, or could outsource the work of =
de-identification to them. In developing this process, HHS should =
consider partnering with the National Institute for Standards and =
Technology (NIST), which has significant expertise on data anonymization =
techniques. <br><br><o:p></o:p></span></p><p class=3D"MsoNormal" =
style=3D"margin-top: 0in; margin-right: 4.5pt; margin-bottom: 10pt; =
margin-left: 0.25in; text-indent: -0.25in; line-height: 15pt; "><span =
style=3D"font-family: Symbol; "><span>=B7<span style=3D"font: normal =
normal normal 7pt/normal 'Times New Roman'; =
"> </span></span></span><span =
style=3D"font-family: Arial; ">Require or encourage the use of limited =
access datasets and other technical solutions<br></span><span =
style=3D"font-family: Arial; ">HHS should consider requiring or =
encouraging the use of innovative technical solutions to protect data. =
One promising approach is the use of "limited access datasets," which =
give users access only to aggregate data that is relevant to specific =
questions they pose. Information that is not essential to a particular =
inquiry, including patient identifiers, is never shared, making it much =
more difficult to associate data with a particular individual. Such =
technical solutions should be applied to existing databases rather than =
creating new ones. Allowing data to remain in its place of origin and =
bringing critical research questions to the data, is the most efficient =
and effective way to meet the diverse needs of our health system while =
protecting privacy and security.<o:p></o:p></span></p><p =
class=3D"MsoNormal" style=3D"margin-left: 0.25in; text-indent: -0.25in; =
line-height: 15pt; "><span style=3D"font-family: Symbol; "><span>=B7<span =
style=3D"font: normal normal normal 7pt/normal 'Times New Roman'; =
"> </span></span></span><span =
style=3D"font-family: Arial; ">Require education and training of staff =
de-identifying data<b><i><br></i></b></span><span style=3D"font-family: =
Arial; ">Any staff involved in de-identifying health data or working =
with it should participate in basic training about how best to use =
procedural and technical means to protect privacy and security. Staff =
training, perhaps supported by the Centers of Excellence described =
above, would help to minimize the likelihood of breaches and other =
misuses of data.</span><span style=3D"font-family: Arial; =
"><o:p></o:p></span></p><p class=3D"MsoNormal" style=3D"margin-left: =
0.25in; text-indent: -0.25in; line-height: 15pt; "><span =
style=3D"font-family: Symbol; "><span>=B7<span style=3D"font: normal =
normal normal 7pt/normal 'Times New Roman'; =
"> </span></span></span><span =
style=3D"font-family: Arial; ">Consider increasing public transparency =
regarding uses of de-identified data<b><i><br></i></b>As discussed, data =
that has been de-identified according to the Privacy Rule's provisions =
is free from restrictions on use and =
disclosure.<span> </span>If it is rigorously de-identified =
and sufficiently protected against re-identification, such data does not =
raise a privacy risk to individuals. However, some have expressed other =
policy concerns about the ways that de-identified data is currently =
being used. To address these concerns, </span><span =
style=3D"font-family: Arial; ">policymakers could encourage or require a =
greater degree of public transparency about how data (including =
de-identified data) is used. Greater transparency could contribute to =
the development of guidelines regarding data use.</span><b><i><span =
style=3D"font-family: Arial; "><o:p></o:p></span></i></b></p><p =
class=3D"MsoNormal"><b><span style=3D"font-family: Arial; =
">___________________________________________<o:p></o:p></span></b></p><p =
class=3D"MsoNormal" style=3D"margin-bottom: 0.0001pt; line-height: 15pt; =
"><span style=3D"font-family: Arial; ">.<o:p></o:p></span></p><p =
class=3D"MsoNormal" style=3D"margin-bottom: 0.0001pt; line-height: 15pt; =
"><span style=3D"font-family: Arial; ">This document may be =
redistributed freely in full or linked to <a =
href=3D"http://cdt.org/publications/policyposts/2009/11">http://cdt.org/pu=
blications/policyposts/2009/11</a><o:p></o:p></span></p><p =
class=3D"MsoNormal" style=3D"margin-bottom: 0.0001pt; line-height: 15pt; =
"><span style=3D"font-family: Arial; "><o:p> </o:p></span></p><p =
class=3D"MsoNormal" style=3D"margin-bottom: 0.0001pt; line-height: 15pt; =
"><span style=3D"font-family: Arial; ">Excerpts may be re-posted with =
prior permission of <a =
href=3D"mailto:brock@cdt.org">brock@cdt.org</a><o:p></o:p></span></p><p =
class=3D"MsoNormal" style=3D"margin-bottom: 0.0001pt; line-height: 15pt; =
"><span style=3D"font-family: Arial; ">Policy Post 15.11 Copyright 2009 =
Center for Democracy & =
Technology</span></p></span></div>________________________________________=
_______<br></div></body></html>=
--Apple-Mail-35--701533174--