Upload File

hit standards committee privacy and security workgroup: privacy and security workgroup: update dixie...

  • Home
  • Documents
  • HIT Standards Committee Privacy and Security Workgroup: Privacy and Security Workgroup: Update Dixie Baker, SAIC Steve Findlay, Consumers Union March 24,
8
HIT Standards Committee HIT Standards Committee Privacy and Security Workgroup: Privacy and Security Workgroup: Update Dixie Baker, SAIC Steve Findlay, Consumers Union March 24, 2009

Upload: hilda-wilkerson

Post on 02-Jan-2016

222 views

Category:

Documents


2 download

Report

Tags:

TRANSCRIPT

Page 1: HIT Standards Committee Privacy and Security Workgroup: Privacy and Security Workgroup: Update Dixie Baker, SAIC Steve Findlay, Consumers Union March 24,

HIT Standards CommitteeHIT Standards Committee

Privacy and Security Workgroup: Privacy and Security Workgroup: Update

Dixie Baker, SAIC

Steve Findlay, Consumers Union

March 24, 2009

Page 2: HIT Standards Committee Privacy and Security Workgroup: Privacy and Security Workgroup: Update Dixie Baker, SAIC Steve Findlay, Consumers Union March 24,

2

Privacy and Security Workgroup Members

• Dixie Baker, SAIC• Anne Castro, BlueCross BlueShield of South Carolina• Aneesh Chopra, Federal Chief Technology Officer• Ed Larsen, HITSP• David McCallie, Cerner Corporation• John Moehrke, HITSP• Steve Findlay, Consumers Union• Gina Perez, Delaware Health Information Network• Wes Rishel, Gartner • Walter Suarez, Kaiser Permanente• Sharon Terry, Genetic Alliance

Page 3: HIT Standards Committee Privacy and Security Workgroup: Privacy and Security Workgroup: Update Dixie Baker, SAIC Steve Findlay, Consumers Union March 24,

3

Progress

• Updated IFR Review to incorporate comments from the HIT Standards Committee – submitted to HITSC Chairs

• Supporting HIT Policy Committee’s Privacy and Security Policy Workgroup, and aligning our standards efforts to their priorities– Consent management– Review of existing security policy inherent in HIPAA Security

Rule

• Launching educational sessions on standards activities around consent management

Page 4: HIT Standards Committee Privacy and Security Workgroup: Privacy and Security Workgroup: Update Dixie Baker, SAIC Steve Findlay, Consumers Union March 24,

4

Consumer Health Permissions

• Privacy Consent (or Consent Directive) – Consumer’s written or verbal permission to collect, use, and/or disclose individually identifiable health information (IIHI)

• Privacy Authorization – A signed, written document that contains all of the elements required by the HIPAA Privacy Rule and that gives a covered entity permission to use or disclose specified IIHI for specified purposes

• Informed Consent – Consumer’s written permission to perform a specific medical procedure, or to participate in a specific research study or clinical trial, that is given only after the consumer has been fully informed of the purposes, risks, benefits, confidentiality protections, and other relevant aspects of the activity

Page 5: HIT Standards Committee Privacy and Security Workgroup: Privacy and Security Workgroup: Update Dixie Baker, SAIC Steve Findlay, Consumers Union March 24,

Consent Management Today

Consumer permissions captured as manual signature on paper form

Paper forms filed in each organization who holds consumer’s private health information

5

Consent/AuthorizationConsent/Authorization

Page 6: HIT Standards Committee Privacy and Security Workgroup: Privacy and Security Workgroup: Update Dixie Baker, SAIC Steve Findlay, Consumers Union March 24,

Consent Management Tomorrow

6

Rules inexorably tied to information exchanged – updates propagated to all data instances throughout life cycle

Permissions cross-validated & translated into consent rules enforced by security access control mechanisms

Consent Rule 1

Consent Rule 2

Consent Rule n

...Chris’ EHR

Permissions and updates captured as part of health record

Permissions interpretable by humans & computers

Consent/AuthorizationConsent/Authorization

Consumer digitally signs consent or authorization

Page 7: HIT Standards Committee Privacy and Security Workgroup: Privacy and Security Workgroup: Update Dixie Baker, SAIC Steve Findlay, Consumers Union March 24,

Standards Needed

Consent Rule 1

Consent Rule 2

Consent Rule n

...Chris’ EHR

Consent/AuthorizationConsent/Authorization

• Digital signatures

• Privacy policies• Data model & schema• Permission syntax & vocabulary

• Cross-validation of consumer permissions

• Maintaining and retrieving permissions

• Translating permissions into access-control rules

• Enforcement and auditing of permission-related activities

• Exchanging permissions & access rules

• Propagating permission revocations & modifications

7

Page 8: HIT Standards Committee Privacy and Security Workgroup: Privacy and Security Workgroup: Update Dixie Baker, SAIC Steve Findlay, Consumers Union March 24,

Educational Sessions re Standardardization Efforts Relating to Consent Management

• April 1, 2:00-4:00pm ET: Organization for the Advancement of Structured Information Standards (OASIS) / International Security Trust and Privacy Alliance (ISTPA) Privacy Management Reference Model (PMRM); Speakers – John Sabo, Michael Willett

• April 23, 2:00-4:00pm ET: Integrating the Healthcare Enterprise (IHE) Basic Patient Privacy Consents (BPPC) Profile; Speaker – John Moehrke

• [Schedule TBD]: Health Level 7 (HL7) Version 3 Domain Analysis Model: Medical Records; Composite Privacy Consent Directive – Speaker (TBD)

• [Schedule TBD]: OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) and eXtensible Access Control Markup Language (XACML) – Speaker (TBD)

8


Li Xiong CS573 Data Privacy and Security Healthcare privacy and security: Genomic data privacy

HIT Policy Committee Privacy & Security Workgroup Update Deven McGraw Center for Democracy & Technology Rachel Block Office of Health Information Technology

HMIS Security & Privacy Plan - sacramentostepsforward.org · HMIS PRIVACY & SECURITY PLAN Sacramento County CoC PRIVACY & SECURITY Privacy refers to the protection of the client's

HIT Standards Committee Privacy and Security Workgroup: Standards for Consumer Engagement Dixie Baker, SAIC Steve Findlay, Consumers Union April 28, 2009

Interoperability Roadmap Comments Privacy and Security Workgroup Deven McGraw, chair Stanley Crosley, co-chair April 7, 2015

Privacy & Security Tiger Team: Input on C/A workgroup recommendations for behavioral health & CEHRT May 27, 2014

Notice of Proposed Rulemaking (NRPM) Comments Privacy and Security Workgroup Deven McGraw, Chair Stanley Crosley, Co-chair May 12, 2015

1 HIT Standards Committee Privacy and Security Workgroup: Reformatted Standards Recommendations & Implementation Guidance Dixie Baker, SAIC Steven Findlay,

the usable security & privacy group · the usable security & privacy group. overview • framing privacy and security decisions • privacy and IoT • privacy on mobile devices

Privacy & Security Training for Senior Staff. Agenda What is privacy? Privacy & security, what’s the difference? The Future of privacy & security in Ohio

1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union July 21, 2009

1 HIT Policy Committee HIT Standards Committee Privacy and Security Workgroup: Status Report Dixie Baker, SAIC July 16, 2009

Computable Privacy: State-Focused Activities Privacy and Security Workgroup ONC Update October 26, 2015

PROJECT WORKGROUP UPDATES - publichealth.lacounty.govpublichealth.lacounty.gov/ip/ICLAC/materials/WorkgroupUpdates... · Adolescent Workgroup Background •Due to privacy concerns,

Privacy and Security Workgroup

HIT Policy Committee Privacy & Security Policy Workgroup Deven McGraw, Chair Center for Democracy & Technology Rachel Block, Co-Chair NYS Department of

Federal: Privacy and Security - SCPMCS Privacy & Security 031914… · security so that patient privacy is protected. Following good privacy and security practices is also good sense

Update on Health Big Data Deliberations Privacy and Security Workgroup March 10, 2015

HIT Standards Committee Privacy and Security Workgroup: Update Dixie Baker Dixie Baker, SAIC Steve Findlay Steve Findlay, Consumers Union December 18,

HIPAA Privacy Rule Access Right: Assessing Fees When an Individual Requests Electronic Access to PHI Privacy and Security Workgroup Stan Crosley, Chair

Personal Security and Privacy inPersonal Security and Privacy

Privacy & Security Tiger Team: Update on C/A workgroup recommendations for behavioral health & CEHRT May 6, 2014

IoT Security & Privacy - SentryBay - Security that works security and privacy_040715.pdfPage 3: © 2015 SentryBay Corporation / IoT Security & Privacy!!! IoT Security & Privacy The

Health Big Data Discussion Privacy and Security Workgroup Deven McGraw, Chair Stanley Crosley, Co-chair June 22, 2015

Notice of Proposed Rulemaking (NPRM) Comments Privacy and Security Workgroup Deven McGraw, chair Stan Crosley, co-chair April 27, 2015

Interoperability Roadmap Comments Privacy and Security Workgroup March 16, 2015

June 25, 2013 Maryland Children’s Online Privacy Workgroup Amanda Lenhart

Privacy and Security Workgroup October 14, 2014 Deven McGraw, chair Stan Crosley, co-chair

HIT Standards Committee HIT Standards Committee Privacy and Security Workgroup joint meeting with Clinical Operations Workgroup: Digital Signatures for

Security & Privacy

HIT Standards Committee Privacy and Security Workgroup

HIT Standards Committee Privacy and Security Workgroup Recommendations on Certification of EHR Modules Dixie Baker, Chair Walter Suarez, Co-Chair December

Consumer Privacy using HITSP TP30 John Moehrke – GE Healthcare Co-Chair HITSP Security/Privacy/Infrastructure Co-Chair HL7 Security Workgroup Member IHE

Privacy and Security Workgroup: Summary of Big Data Public Hearings January 26, 2015 Deven McGraw, chair Stan Crosley, co-chair

What IHE Delivers Basic Patient Privacy Consents HIT-Standards – Privacy & Security Workgroup John Moehrke GE Healthcare