Presentation is loading. Please wait.

Presentation is loading. Please wait.

Refrain Policy Vocabulary HL7 Security WG Kathleen Connor VA (ESC) January 2012.

Published byEarl Thomas Johnson Modified over 8 years ago

Similar presentations

Presentation on theme: "Refrain Policy Vocabulary HL7 Security WG Kathleen Connor VA (ESC) January 2012."— Presentation transcript:

1 Refrain Policy Vocabulary HL7 Security WG Kathleen Connor VA (ESC) January 2012

2 Refrain Policy Vocabulary Proposal Propose that HL7 develop a “Refrain Policy” Code System to be used as Security Metadata Used to encode types of Refrain Policies Would require adding a code to the Refrain Policy Class for Refrain Policy Type values

3 Relation between Obligation and Refrain Policies Ambiguity about functions of Obligation Policy and Refrain Policy HL7 DAM definition for Obligation Policy: – May be used to indicate that the receiver of an information object may not be allowed to re-disclose or persist that information object indefinitely ISO 22600-2 specifies that an Obligation Policy is “event- triggered and define actions to be performed by manager agent” HL7 DAM definition for Refrain Policy: – Indicates that a specific action is prohibited based on specific access control attributes e.g., purpose of use, information type, user role, etc. ISO 22600-2 species that a Refrain Policy “defines actions the subjects must refrain from performing”

4 Relation between Obligation and Refrain Policies Obligation Policy: A mandated action with a work flow Refrain Policy: A prohibited action. Period. Although a Refrain Policy can be stated affirmatively as an Obligation Policy, including both in the same code system (e.g., all as Obligation Policy Codes) could lead to semantic conflicts if more than one instance of an Obligation Policy is permitted in a Composite Policy For example, an Obligation Policy requiring that disclosed information be encrypted would be incompatible with a Refrain Policy mandating that the information not be disclosed

5 Relation between Obligation and Refrain Policies An Obligation may stem from a Permitted Operation An Obligation may stem from a Refrain Policy on a Permitted Operation

6 Refrain CodesRefrain Definition NOAUTHProhibition on disclosure without information subject's authorization. NOCOLLECTProhibition on collection or storage of the information. NOINTEGRATEProhibition on Integration into other records. NOLLISTProhibition on disclosure except to individuals on specific access list. NOMOU Prohibition on disclosure without an interagency service agreement or memorandum of understanding (MOU) NOORGPOLProhibition on disclosure without organizational authorization. NOPERSIST Prohibition on collection of the information beyond time necessary to accomplish authorized purpose of use is prohibited. NOPROMISE Prohibition on disclosure to an external organization unless agreement to a specific obligation has been obtained. NOREDISCLOSEProhibition on disclosure without authorization under jurisdictional law. NORELINK Prohibition on associating de-identified or pseudonymized information with other information in a manner that could or does result in disclosing information intended to be masked. NORESTRICTIONProhibition on disclosure without organizational approved patient restriction. NOREUSE Prohibition on use of the information beyond the purpose of use initially authorized. NOVIP Prohibition on disclosure except to principals with access permission to specific VIP information. ORCONProhibition on disclosure except as permitted by the information originator. Possible Refrain Policy Type Codes

7 Added Directed Association between Obligation and Refrain

Download ppt "Refrain Policy Vocabulary HL7 Security WG Kathleen Connor VA (ESC) January 2012."

Similar presentations

LOCAL IPP REGULATIONS SEWER USE ORDINANCES Sandra Diorka Director of Public Services Delhi Charter Township.

LOCAL IPP REGULATIONS SEWER USE ORDINANCES Sandra Diorka Director of Public Services Delhi Charter Township.
AN OVERVIEW OF DATA PROTECTION LAW IN THE GCC NICK OCONNELL, Senior Associate – TMT JUNE 2013.

AN OVERVIEW OF DATA PROTECTION LAW IN THE GCC NICK OCONNELL, Senior Associate – TMT JUNE 2013.
Digital Assets Presented by Sharon Rivenson Mark, Esq. and Shirley B. Whitenack, Esq. Adapted from Presentation by Catherine A. Seal, Esq.

Digital Assets Presented by Sharon Rivenson Mark, Esq. and Shirley B. Whitenack, Esq. Adapted from Presentation by Catherine A. Seal, Esq.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.

PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.
Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.

Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
FORA’s Role in Land Use Decisions September 13, 2013 FORA Board Meeting Jon Giffen Authority Counsel.

FORA’s Role in Land Use Decisions September 13, 2013 FORA Board Meeting Jon Giffen Authority Counsel.
Privacy and Information Security Essentials

Privacy and Information Security Essentials
SIU School of Medicine Identity Protection Act and Associated SIU Policy.

SIU School of Medicine Identity Protection Act and Associated SIU Policy.
Complying with Privacy to Enable Innovation & Research

Complying with Privacy to Enable Innovation & Research
Obligation Vocabulary Work in Progress HL7 Security WG Kathleen Connor VA (ESC) January 2012.

Obligation Vocabulary Work in Progress HL7 Security WG Kathleen Connor VA (ESC) January 2012.
Privacy and Security Tiger Team Today’s Discussion: Query/Response Models for Health Information Exchange January 7, 2013.

Privacy and Security Tiger Team Today’s Discussion: Query/Response Models for Health Information Exchange January 7, 2013.
University of Miami1 HIPAA Survival Skills An Introduction to HIPAA and Research University of Miami Human Subjects Research Office October 31, 2006 Evelyne.

University of Miami1 HIPAA Survival Skills An Introduction to HIPAA and Research University of Miami Human Subjects Research Office October 31, 2006 Evelyne.
Code of Federal Regulations Title 42, Chapter 1, Subchapter A Part 2 – CONFIDENTIALITY OF ALCOHOL AND DRUG ABUSE PATIENTS BRYANT D. MILLER CAC II, MAC,

Code of Federal Regulations Title 42, Chapter 1, Subchapter A Part 2 – CONFIDENTIALITY OF ALCOHOL AND DRUG ABUSE PATIENTS BRYANT D. MILLER CAC II, MAC,
Data Segmentation Model 17 Jan 2012 John (Mike) Davis HL7 Security Co-Chair.

Data Segmentation Model 17 Jan 2012 John (Mike) Davis HL7 Security Co-Chair.
Hong Kong Privacy Code on Human Resource Management

Hong Kong Privacy Code on Human Resource Management
2/16/2010 The Family Educational Records and Privacy Act.

2/16/2010 The Family Educational Records and Privacy Act.
Version 6.0 Approved by HIPAA Implementation Team April 14, 2003 1 HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Similar presentations

Ads by Google