1 HIT Standards Committee Privacy and Security Workgroup: Reformatted Standards Recommendations & Implementation Guidance Dixie Baker, SAIC Steven Findlay,

Slides:

Advertisements

Similar presentations

Integrating the Healthcare Enterprise IHE Overview Keith W. Boone Interoperability Architect, GE Healthcare Co-chair, IHE Patient Care Coordination PC.

Advertisements

XDM / XDR Point-to-Point Push of Documents

IHE IT Infrastructure Outreach to Patient Care Coordination Domain Michael Nusbaum IT Infrastructure Planning Committee December 13 th, 2010.

NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.

HIT Standards Committee Privacy and Security Workgroup Recommendations for Electronic Health Record (EHR) Query of Provider Directories Dixie Baker, Chair.

Continuity of Change: Where We Have Come From, Where We Are Going New Orleans, LA June 5 th – 9 th, 2011 The Future Role of Vital Records’ Systems An Overview.

Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015.

Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.

1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.

HITSP – enabling healthcare interoperability 1 enabling healthcare interoperability 1 Standards Harmonization HITSP’s efforts to address HIT-related provisions.

Interoperability Roadmap Comments Package Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair February 24, 2015.

Health Information Technology Standards Panel Ed Mikoski 19MAR09 TIA Healthcare ICT Section Teleconference.

ISO/IEC MFI-4 Extended Registry Masaharu Obayashi SC32/WG

Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

HITSP – enabling healthcare interoperability 1 enabling healthcare interoperability 1 Standards Harmonization HITSP’s efforts to address HIT-related provisions.

User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.

HIT Standards Committee Privacy and Security Workgroup: Standards for Consumer Engagement Dixie Baker, SAIC Steve Findlay, Consumers Union May 26, 2010.

Privacy and Security Tiger Team Meeting Recommendations regarding a framework of security protections for EHRs December 7, 2011.

HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair Provider Authentication Recommendations November 19, 2010.

Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research.

HIT Standards Committee Implementation Workgroup Judy Murphy, Aurora Health Care, Co-Chair Liz Johnson, Tenet Healthcare, Co-Chair September 21, 2010.

What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin – Medicity/THSA.

1 HIT Policy Committee HIT Standards Committee Privacy and Security Workgroup: Status Report Dixie Baker, SAIC July 16, 2009.

Privacy and Security Tiger Team Subgroup Discussion: MU3 RFC July 29, 2013.

HIT Standards Committee Privacy and Security Workgroup: Update Dixie Baker Dixie Baker, SAIC Steve Findlay Steve Findlay, Consumers Union December 18,

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Robert Horn Agfa Healthcare.

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.

HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair Walter Suarez, Co-Chair June 22, 2011.

WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.

September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.

September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.

HIT Standards Committee Privacy and Security Workgroup: Standards for Consumer Engagement Dixie Baker, SAIC Steve Findlay, Consumers Union April 28, 2009.

HITSP’s Scope  The Panel’s mission is to assist in the development of a Nationwide Health Information Network (NHIN) by addressing the standards-related.

What IHE Delivers Security and Privacy Overview & BPPC September 23, Chris Lindop – IHE Australia July 2011.

Privacy and Security Tiger Team Today’s Discussion: MU3 RFC Comments May 8, 2013.

Update on Interoperability Roadmap Comments Sections G, F and E Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

HIT Standards Committee Privacy and Security Workgroup Recommendations on Certification of EHR Modules Dixie Baker, Chair Walter Suarez, Co-Chair December.

Cross-Enterprise User Assertion IHE Educational Workshop 2007 Cross-Enterprise User Assertion IHE Educational Workshop 2007 John F. Moehrke GE Healthcare.

HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.

September, 2005What IHE Delivers 1 An Overview of the IHE IT Infrastructure IHE Vendors Workshop 2006 IHE IT Infrastructure Education Glen F. Marshall.

September, 2005What IHE Delivers 1 IT Infrastructure Planning Committee Chris Kenworthy - Siemens XDM / XDR Point-to-Point Push of Documents.

1 HITSP – enabling healthcare interoperability Current Framework and Fundamental Concepts  For those unfamiliar with the HITSP Harmonization Framework.

HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair, Privacy and Security Workgroup Walter Suarez, Co-Chair, Privacy and Security.

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.

HIT Policy Committee Privacy & Security Tiger Team Update Deven McGraw, Co-Chair Center for Democracy & Technology Paul Egerman, Co-Chair June 25, 2010.

HIT Standards Committee Privacy and Security Workgroup: Privacy and Security Workgroup: Update Dixie Baker, SAIC Steve Findlay, Consumers Union March 24,

February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare.

0 Connectathon 2009 Registration Bob Yencha Webinar | August 28, 2008 enabling healthcare interoperability.

HIT Policy Committee Report from HIT Standards Committee Privacy and Security Workgroup Dixie Baker, SAIC December 15, 2009.

Cross-Enterprise User Authentication John F. Moehrke GE Healthcare IT Infrastructure Technical Committee.

HIT Standards Committee Privacy and Security Workgroup Final Recommendations for NwHIN Governance RFI Assigned Questions Dixie Baker, Chair Walter Suarez,

HIT Standards Committee Technical Review of The Direct Project Dixie Baker December 17, 2010.

Privacy, Security and Data Exchange Committee Annual Report 2009 PHDSC Home Page  PHDSC Annual Meeting November 12, 2009.

HIT Standards Committee Clinical Operations Workgroup Jamie Ferguson, Kaiser Permanente John Halamka, Harvard Medical School June 23, 2009.

HIT Standards Committee Overview and Progress Report March 17, 2010.

HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair, Privacy and Security Workgroup Walter Suarez, Co-Chair, Privacy and Security.

HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair October 20,

HIT Standards Committee Implementation Workgroup Aneesh Chopra Chief Technology Officer Office of Science & Technology Policy (OSTP) October 29, 2009.

1 Changes to Privacy Regulations under ARRA May 4, 2009 Melissa Goldstein, J.D. The George Washington University School of Public Health and Health Services.

Healthcare Information Standards Panel 2007,2008, and Beyond John D. Halamka MD Chair, HITSP.

Discussion - HITSC / HITPC Joint Meeting Transport & Security Standards Workgroup October 22, 2014.

Privacy and Security Tiger Team Potential Questions for Request for Comment Meaningful Use Stage 3 October 3, 2012.

HIT Standards Committee Implementation Workgroup Liz Johnson, Tenet Healthcare, Co-Chair Judy Murphy, Aurora Health Care, Co-Chair November 16, 2011.

1 HIT Standards Committee Hearing on Health Information Technology Security Issues, Challenges, Threats, and Solutions - Introduction Dixie Baker, SAIC.

HIT Standards Committee Privacy and Security Workgroup Progress Report on Review of Governance RFI Dixie Baker, Chair Walter Suarez, Co-Chair May 24, 2012.

HIT Standards Committee Privacy and Security Workgroup Task Update: Standards and Certification Criteria for Certifying EHR Modules Dixie Baker, Chair.

HIT Standards Committee NwHIN Power Team Dixie Baker, Chair July 20,

Kentucky e-Health Network Board Meeting August 5, 2009.

IT Infrastructure Plans

Presentation transcript:

1 HIT Standards Committee Privacy and Security Workgroup: Reformatted Standards Recommendations & Implementation Guidance Dixie Baker, SAIC Steven Findlay, Consumers Union September 15, 2009

22 Privacy and Security Workgroup Members Dixie Baker, SAIC Anne Castro, BlueCross BlueShield of South Carolina Aneesh Chopra, Federal Chief Technology Officer David McCallie, Cerner Corporation John Moehrke, HITSP Steve Findley, Consumers Union Gina Perez, Delaware Health Information Network Sharon Terry, Genetic Alliance Wes Rishel, Gartner John Moehrke, HITSP Ed Larsen, HITSP

33 Tasks from August 2009 Standards Committee Meeting 1.Reformat certification standards recommendations to: –Incorporate the technical requirements from the HIPAA Security and Privacy Rules (plus ARRA) that comprise the baseline (2011) requirements for product certification –Clarify where options exist – that is, standards that are required jointly (e.g., standard A + standard B) and standards for which the implementer is given a choice (e.g., standard A or standard B) –Include high-level certification criteria statements 2.Identify and recommend implementation guidance documents to help system developers and integrators implement the recommended standards

4 Work Products Presented to the Committee Today Handout #1 Reformatted Standards, Timeline, and Certification Criteria –Requirements for certifying that products provide the capabilities required to support HIPAA/ARRA security and privacy requirements and best practices for meaningful use –Update submitted for approval by the full Committee Handout #2 Implementation guidelines for recommended standards –Submitted for approval by the full Committee

Reformatted Standards – Handout #1 Product Certification Standards (derived from HIPAA Privacy and Security Rules). Includes regulatory standards, standards developed by Standards Development Organizations (SDOs), and standards developed by Profile-Enforcement Organizations (PEOs). Minimal standards for targeted year. Earlier implementation of standards specified for 2013 or 2015 is encouraged. Infrastructure Certification Standards (needed to support meaningful use). 5 Minimal standards for targeted year. Earlier implementation of standards specified for 2013 or 2015 is encouraged. Includes regulatory standards, standards developed by Standards Development Organizations (SDOs), and standards developed by Profile-Enforcement Organizations (PEOs). Product Certification Standards (derived from HIPAA Privacy and Security Rules) Infrastructure Certification Standards (needed to support meaningful use)

6 Notable Changes ChangeJustification IHE ATNA required for 2011ARRA requirement for accounting of disclosures Kerberos/EU authentication allowed only in 2011 Pending change in federal policy will prohibit the use of Kerberos for authentication in federal systems Choice among XDS suite (XDS.b, RegQuery, ebXML RIM, and ebRS); XDR; XCA; and XDM for reliably exchanging electronic health records; Basic SC112 for 2011 Need for clarification among choices for document exchanges; need to add basic document exchange for 2011 (SC112) Allow (SOAP + WS-Security) or REST for profiles that provide implementation guidance Need to constrain use of REST

77 Implementation Guidance Selection Recommend clear guidance that is most likely to produce real interoperability between enterprises Draw from any of the following documentation sets (from highest to lowest priority): 1.HITSP Tiger Team products (capabilities, service collaborations) 2.HITSP use-case-based constructs (Interoperability Specifications, Transaction Packages, Transactions, Components) 3.IHE Profiles or profiles produced by other profiler-enforcer organizations 4.Standards published by SDOs

Recommended Implementation Guidance – Handout #2 Implementation guidance for those standards required by Implementation guidance for those standards required for , and optional for Implementation guidance for those standards required by 2011 Implementation guidance for those standards required for , and optional for 2011

9 Selected Guidelines – HITSP Tiger Team Products HITSP Capabilities –CAP119 – Communicate Structured Document –CAP120 – Communicate Unstructured Document –CAP143 – Managing Consumer Preferences & Consents HITSP Service Collaborations –SC108 – Access Control –SC109 – Security Audit –SC112 – Healthcare Document Management

10 Selected Guidelines – HITSP Constructs HITSP Components –C19 – Entity Identity Assertion –C25 – Anonymize (for Biosurveillance and Quality) –C26 – Nonrepudiation of Origin –C87 – Anonymize Public Health Case Reporting Data –C88 – Anonymize Immunizations and Response Management Data HITSP Transactions –T16 – Consistent Time –T17 – Secure Communications Channel –T24 – Pseudonymize –T64 – Personnel White Pages

11 Selected Guidelines – Other IHE –EUA Integration Profile –ITI-TF Volume 2: Appendix V (Web Services for IHE Transactions) NIST SP Guide to Storage Encryption Technologies for End User Devices