Thursday, August 11, 2011

IHE - Privacy and Security Profiles - Conclusion

IHE provides Security and Privacy Profiles to handle the interoperability needs. These profiles enable but do not address all of Security and Privacy. There is much more to Security and Privacy in  systems design and operational deployment

This table was introduced at the beginning. It summarizes how IHE Profiles address typical Security and Privacy Controls. IHE produces only Integration Profiles, so there is much more that is needed in system design and system deployment. Using Risk assessment in profile design, system design, and system deployment assures that the most important risks are addressed and that they are addressed with reasonable methods.

I ask a few simple questions in the Introduction:
  • Which profiles should we use to prevent the wrong people from looking at PHI? 
    • ATNA will prevent non authorized systems from communicating 
    • EUA, XUA, and PWP can be used to identify users and their roles 
    • BPPC can be used to identify patient specific privacy policies 
    • DEN shows how to encrypt at many levels and many transports 
    • Essentially almost all of the profiles play some part in preventing the wrong people from looking at PHI. 
  • Which profiles would you use in an investigation of a potential incident? 
    • ATNA includes an Audit Trail, with consistent timestamps synchronized 
    • EUA, XUA, and PWP are critical for identifying users 
    • These will not produce the investigation report, but they are the key components to having an audit log that is complete and longitudinal. 
  • Which profile would give you strong assurances that a document hasn't been modified? 
    • DSG gives strong assurance with Digital Signatures. 
    • PWP provides access to Public Digital Certificates for validation 
  • Which profiles would inform an accounting of disclosures 
    • ATNA includes an Audit Trail, with consistent timestamps synchronized 
    • EUA, XUA, and PWP are critical for identifying users 
    • An Accounting of Disclosures is a very special report that has many exclusions. This report is a complex report that could be based on some of the ATNA audit log, but likely needs to include entries for many other events. 
There is room for improvement, some identified projects that might happen in the future:
  • Better coded vocabulary for confidentiality codes. Codes that can better represent simple sensitivity data classifications. 
  • Enabling Patient Access while addressing sensitive health topics, emergency data sets, patient reported data, amendments and removal 
  • Complex Privacy ‘consent’ Policy capabilities to support inclusion lists, exclusion lists, exceptions, obligations and more 
  • Access Control as a service with independent Policy Information, Policy Decision Point and Policy Enforcement Points 
  • Accounting of Disclosures reports, alerts, messaging 
  • Environments such as Un-Safe Client machine (home-computer) 
At this time these are addressed with functional, non-functional, and environmental methods. The standards are not yet developed to support these in interoperability profiles, but the standards are being developed.

For more information
Back links