License and copyright of archetypes

Dear all,

These days I have been thinking about the legal issues involving the use of existing archetypes. I have seen that openEHR archetypes available on the Clinical Knowledge Manager are all “Copyright (c) 200X openEHR Foundation”. But, what does this exactly implies? I can download them freely, but can I use them in a commercial environment? Must I make public specialized archetypes or adaptations from them? Obviously, “I” is not me but anybody

I have searched the openEHR page and wiki but I have not found anything about this topic, just a point in the copyright notice of the specifications linking to the non-existing page http://www.openehr.org/free_commercial_use.htm

I think it would be good to start a discussion about licensing. I’m not talking about open source implementations, but about the archetype artifacts that anyone can develop. A first approach that can be made is the use of a Creative Common license. I think that one of them can fit the interests of the openEHR community. In my opinion, the main aspects that a license for archetypes must cover are:

• To maintain the attribution to the original author (the openEHR Foundation or whoever)
• To allow a commercial use of archetypes (like or not, health is a business)
• To allow modifications and derivations of the archetype.
• On behalf of the openEHR community, the new derived archetypes should be made public with the same conditions. This is arguable and could be eliminated.

As I said, one of the Creative Commons licenses covers all this properties. It is the Attribution Share Alike license: “This license lets others remix, tweak, and build upon your work even for commercial reasons, as long as they credit you and license their new creations under the identical terms. This license is often compared to open source software licenses. All new works based on yours will carry the same license, so any derivatives will also allow commercial use.”
http://creativecommons.org/about/licenses

Finally, this leads to a secondary point. Maybe, the “copyright” attribute of an archetype should be renamed to “license” to best fit the conditions of usage of archetypes.

What’s your opinion?

There is now a page for discussing this - http://www.openehr.org/wiki/display/oecom/Archetypes±+Copyright+and+Licensing

• thomas beale

David Moner wrote:

Ok, that page didn’t appear to me because I was not logged in the wiki when I made the search

It is good to see thar there are discussed more or less the same points as in my mail.

Best regards,
David

2009/9/1 Thomas Beale <thomas.beale@oceaninformatics.com>

I’m not an expert at all about licenses (and in fact, the more I read about them, the less I understand

As far as I know, CC licenses are in fact a kind of “copyright clauses”. The copyright we all know is that of “all rights reserved”. This includes the attribution right, the use right, the copy right, the distribution right and all that you can imagine. A CC license always maintains the attribution right but allows to transfer some other rights if you wish: distribution, modification and commercialization. So, I understand that the use of copyright + CC is something like “some rights reserved” (which are all those not covered by the CC). For example, one of those reserved rights is the ability of the author to re-license his work or a new version of it.

As you say, the best solution seems to be having both to assure the right of the authors and to show clearly how archetypes can be used (those from the CKM or any other public archetype repository). As I said in my previous mail, this will require to add a “license” field to the archetype description section to include it.

Best regards,
David

2009/9/9 Sam Heard <sam.heard@oceaninformatics.com>

Hi David

Thats one of the best explanations of the CC licences I have seen

Thank you

Tony

Dr. Tony Shannon
Consultant in Emergency Medicine, Leeds Teaching Hospitals
Clinical Lead, Clinical Content Service, NHS Connecting for Health
Chair, Clinical Review Board, openEHR Foundation
+44.789.988 5068 tony.shannon@nhs.net

David Moner wrote:

Hi!

Sam, I remember we've had similar discussions earlier both on- and
off-list, and I believe the result was that CC-BY was clearly the
least encumbering and most suitable option for archetype licensing.

When it comes to copyright I think you might have misunderstood some
things and David's interpretation below seems more correct. There is
no conflict between Copyright and CC-licences.

Best regards,
Erik Sundvall
erik.sundvall@liu.se (previously erisu@imt.liu.se)
http://www.imt.liu.se/~erisu/ Tel: +46-13-227579

We can have all the fun and interesting discussions we want. What we
need is a statement from the Board of Directors. I do not know what the
laws in England require, but in most countries the BoD of organizations
have to produce minutes of at least annual meetings to their membership.

I can't recall ever seeing anything to that effect.

Either way, the statement on the page at:
http://www.openehr.org/about/bod.html says:

"The openEHR Board oversees the proper functioning of the openEHR
Foundation with respect to its charter and status as a not-for-profit
organisation."

I believe that this issue falls under the concepts of proper functioning
since the IP rights of donated artifacts are at stake here.

IMHO; the BoD needs to make a firm statement so that anyone donating
time to the openEHR Foundation knows what they are donating to.

--Tim

Hi!

Thanks for bringing this up on the list as a more fundamental and
general question Tim.

In addition to the archetype licencing some of us have a problem with
the specification related licenses, they ought to be CC-BY (or similar
well recognised and unencumbered license) so that images, texts,
definitions, UML-files etc can be used by anyone, including commercial
companies without the hassles of getting or understanding additional
licenses etc.

I don't see how the openEHR foundation or it's informal community
could lose anything by a broad change to CC-BY for public artifacts. I
think Thomas Beale once said that CC-BY was not that widespread and
familiar when the specifications were first published but that CC-BY
could have been a logical choice nowadays. Correct me if I'm wrong.

From previous discussions om amd off list I sensed that some people

might lose a (false/illusionary) "feeling of control" if "opening up"
licensing.

What is approved/certified by a board (ARB, CRB etc) or not will still
be very clear after changing to a more open, recognized and familiar
licence.

Already today someone can copy or at least closely imitate
openEHR-approaches without openEHR having time/resources to legally
stop it in every country. The question is why anybody would care to do
such an imitation instead of the original and why any country would be
committing to use such a system. So why fear?

When is the next Board of Directors meeting?

Best regards,
Erik Sundvall
erik.sundvall@liu.se (previously erisu@imt.liu.se)
http://www.imt.liu.se/~erisu/ Tel: +46-13-227579

Hi Stef!

Personally I would like to advocate a CC-BY-SA license: everybody is allowed
to use and modify the content as long as they attribute the author (BY part)
and if If one alters, transforms, or builds upon this work, one may
distribute the resulting work only under the same or similar license to this
one (SA part). For more
information: http://creativecommons.org/licenses/by-sa/2.0/

In many cases I like the idea of SA (Share Alike) as a way of
spreading (forcing?) openness to more areas, especially when it comes
to certain software settings, but regarding the openEHR specifications
and archetypes I'd suggest using just CC-BY (
http://creativecommons.org/licenses/by/3.0/ ) in order to avoid hard
questions regarding what "non-open" things are to be regarded as
derivative works, see examples below. We probably want openEHR to be
used in all kinds of mixed private/public settings.

In august 2008 I some of us had an off-list discussion regarding
archetype licensing I quote myself (since I do not know if I have
permission to quote others in that discussion), note that the quoted
text below regards archetypes, not the openEHR specifications...

"What kind of value do you believe the SA requirement will add in the
case of archetypes?

SA does not require you to actively submit anything to any process,
just to license your derivative work under the same license to whoever
happens to get hold of it somehow. People will submit works to a any
review processes they find valuable, and most likely that will include
openEHR's public process.

Requiring SA in addition to BY might add value or it might mostly add
complications and hard-to-interpet situations regarding what a
derivative work is. Is data entered using the archetype a derivative work?
Is a template or screen-form based on the archetype a derivative work?
Is a book using the archetype in an example a derivative work? A
specialization of an archetype intended for top-secret medical
research is most likely a derivative work, is that a problem or not? It
is issues like these that get companies uneasy regarding using things
with SA-licencing-schemes (such as GPL) in some situations.

Another question is if SA is necessary in an openEHR-based health
record exchange system. If you want to exchange archetyped data you're
probably in most cases requested to supply the used archetype too
anyway.

There may very well be good things in having BY-SA instead of only BY,
but could you please clarify what you had in mind?"

...that ends the quote from 2008.

Regarding the specifications additional questions like these arise with SA:
- Can you write a commercial (i.e. a non CC-BY-SA) book or commercial
presentation slides about openEHR?
- Is an openEHR software implementation based on stubs autogenerated
from openEHRs UML files to be considered a derivative work that can
not be "closed" source code? Can it be released under e.g. Apache,
MIT, or BSD license or not?

Best regards,
Erik Sundvall
erik.sundvall@liu.se (previously erisu@imt.liu.se)
http://www.imt.liu.se/~erisu/ Tel: +46-13-227579

Hi openEHRers,

Why don’t we get professional help in this? It is obvious that there is a myriad of licenses etc. But I think the intention is clear: creating high quality archetypes and sharing - without limitation of any kind. That simple! Any business model whatsoever related with IPR has to do with the products/services, not the content. Make sense?

Also I believe the reason that this copyright issue has been brought up after all these years is because we operate on openness and trust - let’s keep it this way.

Cheers,

-koray

Erik Sundvall wrote:

Morally I am all for the CC-BY approach. My practical questions are:

• What does ‘remix’ really mean? We don’t want people adapting an archetype with a given identifier, and putting it out without the identifier changed as well, according to emerging governance rules. This would be against the interests of the community (i.e. it will drive people crazy) - see http://creativecommons.org/licenses/by/3.0/

• Naturally, I am all for people ‘adapting the work’ - as long as the new version has a new appropriate identifier.

• is a new ‘identifier’ in our technical domain the equivalent of a new title or somesuch?

• what copyright statement should be included then? We still have the problem of deciding who to copyright a work to, when the work was the result of a group.

• SEE PARTICULARLY HOW the FSF people do this: http://www.gnu.org/licenses/gpl-faq.html#AssignCopyright
  In more detail (from http://creativecommons.org/licenses/by/3.0/legalcode)…

• CC-BY is saying that “THE WORK IS PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED.”

• see also: “2. Fair Dealing Rights. Nothing in this License is intended to reduce, limit, or restrict any uses free from copyright or rights arising from limitations or exceptions that are provided for in connection with the copyright protection under copyright law or other applicable laws.”

• see also 4b: “If You Distribute, or Publicly Perform the Work or any Adaptations or Collections, You must, unless a request has been made pursuant to Section 4(a), keep intact all copyright notices for the Work and provide, reasonable to the medium or means You are utilizing: (i) the name of the Original Author (or pseudonym, if applicable) if supplied, and/or if the Original Author and/or Licensor designate another party or parties (e.g., a sponsor institute, publishing entity, journal) for attribution (“Attribution Parties”) in Licensor’s copyright notice…”

So we have two questions to resolve:

• how to ensure a modified archetype is not published under its old id (which just messes up life for everyone); this does not seem to be well addressed anywhere;

• what name to put in a copyright notice; possible solution to this one:

• for group-developed archetypes e.g. in CKM environment, make it openEHR.org or the relevant host organisation, e.g. if it were the Swedish government, they might put ‘copyright 2009 SocialStyrelsen (Swedish National Board of Health and Welfare)’…

• for individual submissions provided largely developed, particularly specialist archetypes, allow the copyright to be the original author, unless they prefer to cede it to openEHR.org or some other organisation (e.g. they might want to put ‘copyright 2009 Royal College of General Practitioners’ on it - no reason not to allow that as far as I can see).
  In the end, I think David Moner’s general description is a very good way of seeing it: paraphrasing - Q what is an xxx license? A: something you use to ‘unreserve’ some rights that would normally default to copyright law. So it is the license that takes care of most of the rights we practically care about.

• thomas beale

Erik Sundvall wrote:

Hi Thomas,

Good points. I guess we need a good IP laywer after all:-)

Maybe we should come up with some sort of a hybrid model in which the openEHR identifiers have a ‘good old’ restricted copyright and must be seen separately from the content of the actual archetype. This content falls under the CC-BY licensed and can be modified etc. as long as the unique openEHR identifier isn’t used.

Cheers,

Stef

Some idea's

Maybe something like a domain-authority which guards the identifiers and
its versions, or maybe even incorporate the creators IP-domain-name in the
identifier?

So openEHR-EHR-OBSERVATION.blood_pressure.v1 would become (in my case)
something like: rosa.nl.openEHR-EHR-OBSERVATION.blood_pressure.v1
Also I would like to see added is a checksum of thje archetype-ID and some
other important parts in the archetype, to guarantee that a license is
still original in its version, and the copyright notice did not change.

The disadvantage is that the specs have to change, I would prefer it to
have in version 1.* of the OpenEHR-specs

But there are many advantages, it gives free use and possibility to change
archetypes to anyone, it gives the possibility for a company to have the
arhetypes licensed in other ways.

regards,
Bert Verhees

Bert Verhees wrote:

Some idea's

Maybe something like a domain-authority which guards the identifiers and
its versions, or maybe even incorporate the creators IP-domain-name in the
identifier?

So openEHR-EHR-OBSERVATION.blood_pressure.v1 would become (in my case)
something like: rosa.nl.openEHR-EHR-OBSERVATION.blood_pressure.v1

or in fact

nl.rosa::openEHR-EHR-OBSERVATION.blood_pressure.v1

according to the proposals at http://www.openehr.org/wiki/display/spec/Development+and+Governance+of+Knowledge+Artefacts

Also I would like to see added is a checksum of thje archetype-ID and some
other important parts in the archetype, to guarantee that a license is
still original in its version, and the copyright notice did not change.

you will see some proposal for MD5 of the whole archetype - I have never thought about checksumming the id alone - is there a precedent for doing such a thing? (Note that Java .jars and .Net ‘assemblies’ are a useful thing to compare archetypes to in this kind of thinking, even though they are source artefacts at one level - the flat forms are more like the latter binary artefacts).

I am interested in any detailed feedback on the above proposals.

• thomas beale

Thomas Beale schreef:

Bert Verhees wrote:

Some idea's

Maybe something like a domain-authority which guards the identifiers and
its versions, or maybe even incorporate the creators IP-domain-name in the
identifier?

So openEHR-EHR-OBSERVATION.blood_pressure.v1 would become (in my case)
something like: rosa.nl.openEHR-EHR-OBSERVATION.blood_pressure.v1

or in fact

nl.rosa::openEHR-EHR-OBSERVATION.blood_pressure.v1

according to the proposals at http://www.openehr.org/wiki/display/spec/Development+and+Governance+of+Knowledge+Artefacts

This proposal is better than mine because it makes it possible to have subdomains, good for big organisations or multi-customer organisations.

Also I would like to see added is a checksum of thje archetype-ID and some
other important parts in the archetype, to guarantee that a license is
still original in its version, and the copyright notice did not change.

you will see some proposal for MD5 of the whole archetype - I have never thought about checksumming the id alone - is there a precedent for doing such a thing? (Note that Java .jars and .Net ‘assemblies’ are a useful thing to compare archetypes to in this kind of thinking, even though they are source artefacts at one level - the flat forms are more like the latter binary artefacts).

I was indeed also thinking about checksumming more then only the ID, but I was not sure about what to checksum. Why not the complete archetype? I haven’t thought about that. There could be an authority that keeps the checksums and ID’s so that one could verify if it is an untampered archetype.

Such un authortiy could be very lightweight in first instance, because it only does a little thing. Maybe a little price for registering archetypeID’s and checksums can raise enough money to keep this going. Later it could also be used for copyright-notices belonging to an archetype, so that one can easy find out what the current copyright-status is.

I am interested in any detailed feedback on the above proposals.

Me too.
Bert

Hi!

how to ensure a modified archetype is not published under its old id (which just messes up
life for everyone); this does not seem to be well addressed anywhere;

ID-assignment, ID-control and content validation services is probably
not the job of a licence to do. Isn't that rather the job of the
publishing organisations (like the openEHR foundation and national
institutions/organisations)?

It's for example technically possible for me to print a book and (with
evil intentions or by stupidity) assign it an already existing
ISBN-number, that would mess things up for some and not be a nice
thing to do. But how would you check what book a certain ISBN-number
really belongs to and how would you as user or publisher handle the
situation? The answer we're looking for is probably not in a licence
or contract because that won't stop the "offenders" before they made
the mess (but possibly through legal means some time after the harm is
already done).

Rather than trying to stop lunatics from creating archetypes with
bad/existing IDs we should instead remind users not to trust unknown
sources.

There could be an authority that keeps the checksums and ID's so that
one could verify if it is an untampered archetype.

The authority that publishes an archetype could be the one helping
people to verify the content (by providing downloads or and/or digital
signature). The openEHR clinical review board could verify what they
themselves have published and the NHS in turn could verify what has
been published by the NHS.

We're dealing with digital files here so why not copy the mechanism
used to verify the content of software (e.g. linux distributions):
publish file and digital signature (or possibly checksum) at the same
authoritative place (the relevant authoring organisation) and then
also copy file and signature to some reliable backup/mirror sites (for
example ibiblio.org, archive.org, openehr.org and openhealthtools.org)

It does not take a lot of resources for an authoring organisation to
run a download site (a directory on a web server will do), what is
needed is a simple procedural or technical way to stop people from
adding two things with the same ID to the site and then some
procedures to copy/mirror the content to backup sites.

Best regards,
Erik Sundvall
erik.sundvall@liu.se (previously erisu@imt.liu.se)
http://www.imt.liu.se/~erisu/ Tel: +46-13-227579

P.s. Example for tech-nerds:
http://mirrors.ibiblio.org/pub/mirrors/apache/httpd/ (uses PGP signatures)

Erik Sundvall wrote:

Hi!

how to ensure a modified archetype is not published under its old id (which just messes up
life for everyone); this does not seem to be well addressed anywhere;

ID-assignment, ID-control and content validation services is probably
not the job of a licence to do. Isn't that rather the job of the
publishing organisations (like the openEHR foundation and national
institutions/organisations)?

...
Rather than trying to stop lunatics from creating archetypes with
bad/existing IDs we should instead remind users not to trust unknown
sources.

which is an argument for registered or accredited ‘publishers’ (as per the current governance proposal).

There could be an authority that keeps the checksums and ID's so that
one could verify if it is an untampered archetype.

The authority that publishes an archetype could be the one helping
people to verify the content (by providing downloads or and/or digital
signature). The openEHR clinical review board could verify what they
themselves have published and the NHS in turn could verify what has
been published by the NHS.

again - see the proposal - there is a reasonably well described model of how this could work.

We're dealing with digital files here so why not copy the mechanism
used to verify the content of software (e.g. linux distributions):
publish file and digital signature (or possibly checksum) at the same
authoritative place (the relevant authoring organisation) and then
also copy file and signature to some reliable backup/mirror sites (for
example ibiblio.org, archive.org, openehr.org and openhealthtools.org)

yep - exactly the idea we had as well.

It does not take a lot of resources for an authoring organisation to
run a download site (a directory on a web server will do), what is
needed is a simple procedural or technical way to stop people from
adding two things with the same ID to the site and then some
procedures to copy/mirror the content to backup sites.

yep.

So - let’s assume that the id problem is solved by the above argument, i.e. a) we assume that neither the license nor the copyright try to legislate on artefact identifiers and b) only authoritative sources can tell you what artefact an id belongs to, and can provide the artefact via a tamper-proof mechanism like an MD5.

This just leaves the question of guidelines about who to assign copyright to for group-developed artefacts. My current suggestion would be that it be by default the publisher organisation where the archetype is developed. This would be openEHR.org for international archetypes, and various national organisations for nationally specific archetypes, e.g. sll.se or socialstyrelsen.se for Sweden, nehta.gov.au for Australia and so on. Other than that, it might be a recognised peak body such as rcplondon.org.uk (Royal College of Physicians).

There have been questions about whether companies or corporations could create and copyright archetypes. Clearly they can - an archetype is just an instance of a formalism and there is nothing to stop a company creating and owning them. Whether keeping them private serves anyone’s purpose (including the developers) seems doubtful, since preventing the use of archetypes prevents data interoperability and querying (openEHR templates on the other hand could reasonably be made as both private and public artefacts).

If we could get some agreement on some of the above, we can update the wiki page with a ‘community position’ and get the openEHR board to endorse it as an official guideline, along with the relevant licenses. One remaining question here is whether we should use CC-BY-SA rather than just CC-BY; the former adds the condition that modified versions must be shared under the same license as the original. If the original is shared under CC-BY-SA (which allows commercial use), then a modified versoin must still be under CC-BY-SA, which still allows commercial use; i.e. it is ‘viral’, but only in a business-friendly way, while still guaranteeing openness and shareability… or that’s my understanding.

• thomas beale

Hi Erik,

I see your point and agree. My call for the -SA extension was based on
the idea of reciprocity. So let's go for CC-BY.

Cheers,

Stef

(I sended this reaction earlier but for an unknown reason only to
Eric. So now for the whole group. Although I still believe in the idea
of reciprocity and would like to advocate for it, a license shouldn't
become a hindrance for the broad usage of openEHR archetypes and/or a
'paper tiger' as we call it in the Netherlands: don't create rules
which you can't (or don't want to) follow up)

Hi Eric

An issue that I am concerned about that needs consideration is the
Collection. As a director of the openEHR Foundation, I am concerned that we
do not set up a situation where people merely collect or make minor
adaptations of an archetype and make it commercially available.

Your concern seems largely to relate to the derivative works. I believe that
the Foundation is only concerned here about derivative archetypes. I would
not consider a form or other coded artefact to be a derivative work of the
archetype. So the 'SA' license is really there to ensure that specialised or
adapted archetypes based on openEHR archetypes remain freely available.

I would think we could make a statement to be clear about this on the
licensing page.

I am interested in other people's views and I am sure David and Dipak will
as well.

Cheers, Sam

AGREE!
The target is to keep archetypes available for free. And to put them
under a strict management.
Developers shall then be able to write and sell code and software that
uses these managed archetypes.

Developers might be charged a small licensing fee, similar to what you
pay when you buy a standard from IEEE or CEN or ISO.

Greetings from Vienna,
Stefan Sauermann

Acting Program Director
Biomedical Engineering Sciences (Master)
University of Applied Sciences Technikum Wien
Hoechstaedtplatz 5, 1200 Vienna, Austria
Tel: +43 (1) 333 40 77 - 988
mobile: +43 (664) 6192555
sauermann@technikum-wien.at

http://www.technikum-wien.at
http://www.healthy-interoperability.at

Sam Heard schrieb: