160 likes | 331 Views
Healthcare Privacy and Security Classification System (HCS) Guide. Mike Davis Security Architect Department of Veterans Affairs. Data Segmentation for Privacy 23 Jan 2013. HCS Security Domain. Ontology of Clearances and Security Labels. OASIS XACML Policy Model.
E N D
Healthcare Privacy and Security Classification System (HCS) Guide Mike Davis Security Architect Department of Veterans Affairs Data Segmentation for Privacy 23 Jan 2013
OASIS XACML Policy Model Security label field values equate to the access control information (ACI) used by an Access Control System to match a user’s request for permissions to perform certain actions on a particular resource. OASIS XSPA profiles provide a health care specific approach to using ACI.
Access Control Electronic Health Record Document Request 3 Authorization Decisions 6 7 8 Security Labeling Service (SLS) 5 4 External Authority Document Orchestration 1 Decomposed Clinical Document (CLINICAL FACTS) Label Rules Generation Mapped Clinical Facts Raw CDA Document Authorization Obligations Rules Engine Security Risk Assessment / Policy Labeling Rules Transform Template(s) 2 Transform Actions Redact, Annotate, Mask(Encrypt) Annotated (classified) Document • Patient Restrictions • Jurisdictional Policy • Organizational Policy • HL7 Security and Privacy Vocabulary • SNOMED-CT • RxNORM • ICD • LOINC • HL7 Vocabularies -OR- Document Packaging (Encrypt) Annotated (classified) Composite Documents Clinical Administration -------------------- Clinician • Security/Privacy • Administration • ----------------------------- • Privacy Office • Release of Information Office • Business Stakeholder • Security Administration • Clinical Facts extracted from source documentation • Clinical Facts mapped to EHR objects e.g., Lab Report{HIV…} • Label Rules created based on Risk Assessment • Label Rules installed in SLS Rules Engine • Clinical Facts extracted from source document • SLS applies labeling rules and document transforms • Authorization Decision made based on Security Label • Package forwarded for delivery
NIST FIPS PUB 188 Standard Security Label • General structure of the NIST label structure consists of a set of fields • Each field comprises a globally unique Tag Set Name, plus a set of security tags
HCS Security Label • To support privacy metadata, the HCS defines a quadruplet (4-tuple) of resource label fields, which are security attributes about clinical facts • Confidentiality • Sensitivity • Integrity and, • Compartment • HCS Security Label includes a security policy-based label (privacy mark) for handling caveat label field to convey Purpose of Use, Obligations, and Refrain Policies to which custodians and recipients of clinical facts must comply. • Handling Caveat • These labels define the classification of each item and constituent components (inner envelope, cover sheet, body, and section(s) and sub-sections or segments)
W3C Provenance Class Properties • wasAttributedTo: Attribution is the ascribing of an entity to an agent • wasDerivedFrom: A derivation is a transformation of an entity into another, a construction of an entity into another, or an update of an entity, resulting in a new one. • wasGeneratedBy: Generation is the completion of production of a new entity by an activity. This entity did not exist before generation and becomes available for usage after this generation. • wasInformedBy: Communication is the exchange of an entity by two activities, one activity using the entity generated by the other. • wasInfluencedBy: Influence is the capacity of an entity, activity, or agent to have an effect on the character, development, or behavior of another by means of usage, start, end, generation, invalidation, communication, derivation, attribution, association, or delegation. • hadPrimarySource: A primary source for a topic refers to something produced by some agent with direct experience and knowledge about the topic, at the time of the topic's study, without benefit from hindsight. Because of the directness of primary sources, they 'speak for themselves' in ways that cannot be captured through the filter of secondary sources. As such, it is important for secondary sources to reference those primary sources from which they were derived, so that their reliability can be investigated. A primary source relation is a particular case of derivation of secondary materials from their primary sources. It is recognized that the determination of primary sources can be up to interpretation, and should be done according to conventions accepted within the application's domain. • wasInvalidatedBy: Invalidation is the start of the destruction, cessation, or expiry of an existing entity by an activity. The entity is no longer available for use (or further invalidation) after invalidation. Any generation or usage of an entity precedes its invalidation. • wasQuotedFrom: quotation is the repeat of (some or all of) an entity, such as text or image, by someone who may or may not be its original author. Quotation is a particular case of derivation. • wasRevisionOf: A revision is a derivation for which the resulting entity is a revised version of some original. The implication here is that the resulting entity contains substantial content from the original. Revision is a particular case of derivation.