Presentation is loading. Please wait.

Presentation is loading. Please wait.

Harmonized Privacy and Security Domain Analysis Model Draft for Peer Review

Published byColin Dunkum Modified over 10 years ago

Similar presentations

Presentation on theme: "Harmonized Privacy and Security Domain Analysis Model Draft for Peer Review"— Presentation transcript:

1 Harmonized Privacy and Security Domain Analysis Model Draft for Peer Review http://gforge.hl7.org/gf/project/security/frs/

2 Overview Draft DocumentPeer Review Form http://gforge.hl7.org/gf/project/security/frs/

3 Changes Harmonization – Security and Privacy view points identified and related to each other – Common classes resolved ProviderOrganization  Organization – Removed overlaps – Consolidated Security Privacy Use Cases and class definitions – Alignment with ISO 22600 (Part 2 Formal Models) Health informatics — Privilege Mgmt and Access Control Reconciliation January 2010 Ballot To do: – Alignment with ISO/IEC 15816 (SECURITY INFORMATION OBJECTS FOR ACCESS CONTROL)

4 Security Viewpoint

5 Privacy Viewpoint

6 Consent Directive and Security Policy Abstract Implementation

7 Consent Directive and Security Policy Abstract Class, Base class Concrete Specialization classes Related classes

8 Role-based Access Control Classes

9 Business Use Cases

10

11

12

13 System Interactions

14

15 Consent Directive State Machine Identifies business triggers

16 Based on State Machine

17

18 Negotiate

19 Evaluated Default Policy vs. Consent Directive

20 Outstanding items Clinician-centric/business view-point – Security view-point – Privacy view-point Clarify differences

21 Use Case: Negotiate Policy Sam Jones has been provided with a form to register his privacy preferences. He indicates tha t he does not want Dr. Bob to access his records. Sunnybrook Hospital has a rule that provide s access to all patient records to treating physicians. Mr. Jones is alerted to this rule when he enters his preferences. Although Dr. Bob is not Mr. Jones’ primary physician, there may be oc casions when Dr. Bob would be granted access to Mr. Jones’ medical record. Mr. Jones does not agree to the policy and does not sign the consent form. Because the hospi tal cannot provide service to Mr. Jones without a signed consent form, a privacy officer at the hospital is alerted to this and contacts Mr. Jones. The privacy officer explains the situation to Mr. Jones and explains the different options that are available and their consequences. Mr. Jones either selects an option that he is comfortab le with or suggests an alternative option. The privacy officer then complies with Mr. Jones’ d ecision or evaluates the alternative option. This process continues until a mutually satisfactory option is reached. All jurisdictional policies are complied with and neither organizational policy nor consent dire ctive has been changed without the stakeholders’ knowledge. One possible resolution to the conflict could be that the hospital and patient have not come to an agreement and the patie nt has decided to seek healthcare services at another hospital.

22 Use Cases Business Technical Interactions elaborated

23

24 Interactions

25

26 Related Information

27 Associations

28

Download ppt "Harmonized Privacy and Security Domain Analysis Model Draft for Peer Review"

Similar presentations

September, 2005What IHE Delivers 1 Basic Patient Privacy Consents (BPPC) IHE Vendors Workshop 2006 IHE Patient Care Coordination Education

September, 2005What IHE Delivers 1 Basic Patient Privacy Consents (BPPC) IHE Vendors Workshop 2006 IHE Patient Care Coordination Education
HL7 Security TC Sessions at Group Meeting in Cologne 2007 Security Standardization at ISO and CEN Bernd Blobel Deputy Head of Delegation to ISO and CEN.

HL7 Security TC Sessions at Group Meeting in Cologne 2007 Security Standardization at ISO and CEN Bernd Blobel Deputy Head of Delegation to ISO and CEN.
1 HL7 Educational Session – eHealth Week Budapest 2011 © 2002-2011 Health Level Seven International, Inc. All Rights Reserved. HL7 and Health Level Seven.

1 HL7 Educational Session – eHealth Week Budapest 2011 © Health Level Seven International, Inc. All Rights Reserved. HL7 and Health Level Seven.
HL7 Security TC Sessions at Group Meeting in Cologne 2007 Security Standardization at ISO and CEN Bernd Blobel Deputy Head of Delegation to ISO and CEN.

HL7 Security TC Sessions at Group Meeting in Cologne 2007 Security Standardization at ISO and CEN Bernd Blobel Deputy Head of Delegation to ISO and CEN.
BIE SPECIAL EDUCATION ACADEMY PRESENTERS: JUDY WILEY AND NARCY KAWON I ntroduction to Procedural Safeguards Bureau of Indian Education.

BIE SPECIAL EDUCATION ACADEMY PRESENTERS: JUDY WILEY AND NARCY KAWON I ntroduction to Procedural Safeguards Bureau of Indian Education.
Online Course Module 3 Patients Right to Object to Disclosures (Opt Out) START Click to begin…

Online Course Module 3 Patients Right to Object to Disclosures (Opt Out) START Click to begin…
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective.

MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
Patient Rights and Confidentiality. Inform Patient of their Rights  Upon admissions  Written information available in English and Spanish  Non-English.

Patient Rights and Confidentiality. Inform Patient of their Rights  Upon admissions  Written information available in English and Spanish  Non-English.
EVital Records Initiative What we learned and what comes next.

EVital Records Initiative What we learned and what comes next.
Medical Ethics, Law and compliance

Medical Ethics, Law and compliance
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.

Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.
Obligation Vocabulary Work in Progress HL7 Security WG Kathleen Connor VA (ESC) January 2012.

Obligation Vocabulary Work in Progress HL7 Security WG Kathleen Connor VA (ESC) January 2012.
The Chaplain as Spiritual Guide in Ethics Consults 2006.

The Chaplain as Spiritual Guide in Ethics Consults 2006.
The Patient as Steward of Healthcare Data Managing Consent Preferences John D. Halamka MD Louis Sullivan Lecture.

The Patient as Steward of Healthcare Data Managing Consent Preferences John D. Halamka MD Louis Sullivan Lecture.
Chapter 7 Conflict Resolution Lesson 3 Resolving Conflicts Next >> Click for: >> Main Menu >> Chapter 7 Assessment Teacher’s notes are available in the.

Chapter 7 Conflict Resolution Lesson 3 Resolving Conflicts Next >> Click for: >> Main Menu >> Chapter 7 Assessment Teacher’s notes are available in the.
Informed Consent and HIPAA Tim Noe Coordinating Center.

Informed Consent and HIPAA Tim Noe Coordinating Center.
DR EBTISSAM AL-MADI Management of Information in health care organizations.

DR EBTISSAM AL-MADI Management of Information in health care organizations.

Similar presentations

Ads by Google