1 / 7

HIT Standards Committee

HIT Standards Committee. Privacy and Security Workgroup: Update Dixie Baker, SAIC Steven Findlay, Consumers Union October 14, 2009. Privacy and Security Workgroup Members. Dixie Baker, SAIC Anne Castro, BlueCross BlueShield of South Carolina

zandra
Download Presentation

HIT Standards Committee

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HIT Standards Committee Privacy and Security Workgroup: Update Dixie Baker, SAIC Steven Findlay, Consumers Union October 14, 2009

  2. Privacy and Security Workgroup Members Dixie Baker, SAIC Anne Castro, BlueCross BlueShield of South Carolina Aneesh Chopra, Federal Chief Technology Officer Ed Larsen, HITSP David McCallie, Cerner Corporation John Moehrke, HITSP Steve Findley, Consumers Union Gina Perez, Delaware Health Information Network Wes Rishel, Gartner Sharon Terry, Genetic Alliance 2

  3. Progress Update Participated in HIT Policy Committee’s Privacy Hearing Began Planning for HIT Standards Committee Security Hearing to be held November 19 Updated Certification Recommendations Identified Gaps

  4. Certification Recommendations Update SOAP Version change from 1.1 to 1.2 No Version 1.1 implementations of IHE profiles – therefore no need for legacy reach-back Kerberos and IHE Enterprise User Authentication (EUA) eliminated from recommendation NIST SP 800-63-1 (draft) will disallow Kerberos for federal systems implemented in 2011 and beyond Intent was to “allow” Kerberos and EUA for 2011, but not for 2013-2015 Eliminated Kerberos and EUA from standards recommendation, and added assurance requirements derived from SP 800-63-1 “Level 2” requirements as certification criteria for 2013-2015 Allows (but does not require) Kerberos in 2011 Disallows Kerberos in 2013-2015 NIST SP 800-63-1 cited as implementation guidance

  5. Gaps Identified – To Be Addressed for 2013 Standard, healthcare-specific XML schema and vocabulary for representing subject, resource, action, and environmental attributes in security assertions Standard XML schema and vocabulary for representing consumer consents Standard baseline (low-water mark) security and privacy policies for the exchange of EHR information Standards for exchanges between the healthcare enterprise and the consumer Specification of Health Information Exchange (HIE) assumptions (definition), and associated privacy and security policy

  6. Workgroup Planning HIT Standards Committee hearing on Security issues – planning for the November meeting Identification of policy needs for standard baseline (low-water mark) security and privacy for the exchange of EHR information Identification of technical/architectural requirements for uniform adoption or exchange in a standard way, with uniform methods of interpretation Ongoing communication and coordination between the HIT Policy Committee and the HIT Standards Committee Definition of needs, and roadmap toward, a unified approach to consumer consent management and enforcement

  7. Update to Standards Recommendations See HIT web portal for latest version of recommendations: http://healthit.hhs.gov/portal/server.pt  Federal Advisory Committees  Health IT Standards Committee

More Related