Presentation on overall IHE model for Security and Privacy

I have been asked by multiple people lately for an overview of the Security Model that IHE would apply to a Health Information Exchange. The last time I presented on this was back in 2008

2008 - IHE Webinar Session 10: IT Infrastructure: Security and Privacy  - Security and Privacy (ATNA, EUA, XUA, BPPC, DSG) - John Moehrke, GE Healthcare (.pdf | flash)

 I have been asked by the IHE ITI Committees to refresh this presentation. There has been a few updates since this presentation. Some clarifications about:

• Accounting of Disclosures -- 
• Accountability using ATNA Audit Controls
• ATNA and Accounting of Disclosures
• Updates to XUA++  - IHE ITI XUA++ - Trial Implementation
• Purpose of Use 
• Communicating roles
• Communicating existing Consents
• ConfidentialityCode -- Data Classification - a key vector enabling rich Security and Privacy controls.
• Evolution of understanding on Consent -- Stepping stones for Privacy Consent,
• Including TP30/BPPC presentation updates Consent Management using HITSP TP30
• Effects of confidentialityCode on availability of Consent Documents - Availability of Consent Documents and their rules
• Federation of Identity - Federated ID is not a universal ID  
• Healthcare Provider Directories.

I welcome comments and suggestions on what questions you have that the presentation should answer. What parts of the existing presentation communicate well, which parts don't work. This will be a project for me this fall, so stay tuned.