1 HIT Standards Committee HIT Standards Committee Privacy and Security Workgroup: Privacy and Security Workgroup: Update Update Dixie Baker, SAIC Steven Findlay, Consumers Union October 14, 2009
HIT Standards Committee
Jan 05, 2016
HIT Standards Committee. Privacy and Security Workgroup: Update Dixie Baker, SAIC Steven Findlay, Consumers Union October 14, 2009. Privacy and Security Workgroup Members. Dixie Baker, SAIC Anne Castro, BlueCross BlueShield of South Carolina - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
HIT Standards CommitteeHIT Standards Committee
Privacy and Security Workgroup: UpdatePrivacy and Security Workgroup: Update
Dixie Baker, SAIC
Steven Findlay, Consumers Union
October 14, 2009
22
Privacy and Security Workgroup Members
• Dixie Baker, SAIC• Anne Castro, BlueCross BlueShield of South Carolina• Aneesh Chopra, Federal Chief Technology Officer• Ed Larsen, HITSP• David McCallie, Cerner Corporation• John Moehrke, HITSP• Steve Findley, Consumers Union• Gina Perez, Delaware Health Information Network• Wes Rishel, Gartner • Sharon Terry, Genetic Alliance
3
Progress Update
• Participated in HIT Policy Committee’s Privacy Hearing• Began Planning for HIT Standards Committee Security
Hearing to be held November 19• Updated Certification Recommendations• Identified Gaps
4
Certification Recommendations Update
• SOAP Version change from 1.1 to 1.2– No Version 1.1 implementations of IHE profiles – therefore no need for
legacy reach-back
• Kerberos and IHE Enterprise User Authentication (EUA) eliminated from recommendation – NIST SP 800-63-1 (draft) will disallow Kerberos for federal systems
implemented in 2011 and beyond– Intent was to “allow” Kerberos and EUA for 2011, but not for 2013-
2015– Eliminated Kerberos and EUA from standards recommendation, and
added assurance requirements derived from SP 800-63-1 “Level 2” requirements as certification criteria for 2013-2015
• Allows (but does not require) Kerberos in 2011• Disallows Kerberos in 2013-2015• NIST SP 800-63-1 cited as implementation guidance
5
Gaps Identified – To Be Addressed for 2013
• Standard, healthcare-specific XML schema and vocabulary for representing subject, resource, action, and environmental attributes in security assertions
• Standard XML schema and vocabulary for representing consumer consents
• Standard baseline (low-water mark) security and privacy policies for the exchange of EHR information
• Standards for exchanges between the healthcare enterprise and the consumer
• Specification of Health Information Exchange (HIE) assumptions (definition), and associated privacy and security policy
6
Workgroup Planning
• HIT Standards Committee hearing on Security issues – planning for the November meeting
• Identification of policy needs for standard baseline (low-water mark) security and privacy for the exchange of EHR information– Identification of technical/architectural requirements for uniform
adoption or exchange in a standard way, with uniform methods of interpretation
– Ongoing communication and coordination between the HIT Policy Committee and the HIT Standards Committee
• Definition of needs, and roadmap toward, a unified approach to consumer consent management and enforcement
7
Update to Standards Recommendations
• See HIT web portal for latest version of recommendations:
http://healthit.hhs.gov/portal/server.pt Federal Advisory Committees
Health IT Standards Committee
Related Documents
