Thursday, August 11, 2011

IHE - Privacy and Security Profiles - Miscellaneous

There are other profiles, white papers, and governance that is important to Privacy and Security from the IHE perspective.

Personnel White Pages (PWP) and Healthcare Provider Directory (HPD) are covered by a different Webinar. These profiles are primarily focused on delivering attributes about Individual Healthcare Providers, Healthcare Provider Organizations, and the workforce inside a Healthcare Provider organization. These profiles are based on a widely deployed Directory standard used in all industries, LDAP v3, specializing them only where healthcare have special needs. These profiles can assist Security and Privacy through their ability to uniquely and positively identify an individual, provide attributes about an individual, and can be used to authenticate users.

A new profile under development is the Document Encryption (DEN) Supplement. This supplement contains a comprehensive analysis of encryption needs and identifies two gaps in existing Profiles. It then fills these gaps through creating a transport agnostic document encryption and adds encryption on XDM media.

IHE Governance that considers security during profile developmentIHE has instantiated a process to be used by all IHE domains when they develop new Profiles. This process utilizes risk assessment methodology to identify unique security and privacy risks that would need to be mitigated by the profile through some requirements or are identified to be addressed by system development or system deployment. The profile should include "Security Considerations" sections in Volume 1 that are profile wide, and in Volume 2/3 to cover technical requirements at the transaction level.

For example some profiles will recommend the use of the Audit Trail and Node Authentication (ATNA) profile, others will require it. Often times the profile will include specific instructions for accurately encoding the Audit Message.

IHE profiles that leverage De-Identification and Pseudonymization
IHE is developing a handbook that will instruct IHE profile writers that want to leverage De-Identificationa and/or Pseudonymization. These instructions leverage existing standards and existing knowledge, and set up a specific process to follow when developing a profile. There has not yet been a public comment on this paper.

Additional Comments

Back links