1 / 7

XACML 2.0 Interop 2008

www.oasis-open.org. XACML 2.0 Interop 2008. Anticipated Participants Axiomatics BEA Systems IBM Oracle Red Hat Cisco Sun U.S dept of Veterans Affairs. Goals

shay-kim
Download Presentation

XACML 2.0 Interop 2008

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. www.oasis-open.org XACML 2.0 Interop 2008

  2. Anticipated Participants • Axiomatics • BEA Systems • IBM • Oracle • Red Hat • Cisco • Sun • U.S dept of Veterans Affairs

  3. Goals • The interop will demonstrate the use of XACML V2.0 capabilities in a healthcare scenario involving the election and enforcement INCITS compliant clinical roles and patient privacy directives.

  4. Features/Highlights • Privacy and security in XACML policy • HL7 role-based • Use of HL7 consent code • Over-ride of patient election by declaring an emergency • Use of obligations to continue to enforce dynamic patent privacy directives even after release to another system

  5. Scenario Discharge Summaries Lab Results … Emergency Dept Referral History & Physical … ? Hospital Community Clinic • Challenges to healthcare data exchange: • Proper Authorization & Privacy

  6. Scenario • In the scenario, examples of likely patient privacy directives are stored in a shared policy administration point (central repository). • Each participant will act as a healthcare enterprise (partner facility) within an identity federation sharing a common repository of patient privacy preferences and consent directives. • Partner/users (clinicians) request protected patient information from their healthcare facility. Before the release of protected patient medical information to the clinician, each participant will evaluate the clinician roles (in the form of HL7 clinical permissions) and the patient privacy directives stored in the central repository.

  7. Scenario (continued) • Access to patient information will not be “all or nothing,” rather portions of the medical record not releasable to the clinician based on the patient privacy directives will be “filtered” from the provided information view. • Variations on policy will be used to demonstrate that the patient privacy directives are being honored. • Changes to the patient privacy directives at the central repository will be reflected in changes to access to the patient information at the partner facility.

More Related