In september of 2009 I posted these articles. I am not excited that this list could be produced today. I hope that I am making progress:
- Health Data Breach Rules - Started but not enforce...
- IHE Releases White Paper on Access Control
- Kerberos required in 2011 then forbidden in 2013
- Encryption now Mandatory
- Groups give Obama high grade for medical privacy
- HIT Standards - Meaning of S&P selections
- HIT Standards Committee Recommendations Public Inp...
- HITSP August 2009 face-to-face -- Security, Privac...
- HITSP Consumer Preferences Tiger Team, SPI and Con...
I have a "Topics" button on my blog that contains pointers to the most useful articles from my blog, arranged by topic. I keep that up-to-date. Here it is as of today:
Security/Privacy Bloginar: IHE - Privacy and Security Profiles - Introduction
User Identity and Authentication
Access Control (Consent enforcement)
Other
User Identity and Authentication
- Direct addresses- Trusted vs Trustable
- Identity - - Proofing
- The Emperor has no clothes - De-Identification and User Provisioning
- What User Authentication to use?
- IHE - Privacy and Security Profiles - Enterprise User Authentication
- IHE - Privacy and Security Profiles - Cross-Enterprise User Assertion
- Healthcare use of Identity Federation
- Federated ID is not a universal ID
- Separation of Layers: Security Error Codes
- Authentication and Level of Assurance
- A broadly usable HIE Directory
- Healthcare Provider Discoverability and building Trust
- Healthcare Provider Directories Profile
- Healthcare Provider Directories -- Lets be Careful
- Policy Enforcing XDS Registry
- Healthcare Metadata
- Texas HIE Consent Management System Design
- IHE - Privacy and Security Profiles - Access Control
- Data Classification - a key vector enabling rich Security and Privacy controls
- Healthcare Access Controls standards landscape
- Handling the obligation to prohibit Re-disclosure
- Access Controls: Policies --> Attributes --> Implementation
- Patient Data in the Audit Log
- IHE - Privacy and Security Profiles - Audit Trail and Node Authentication
- Accountability using ATNA Audit Controls
- ATNA and Accounting of Disclosures
- ATNA audit log recording of Query transactions
- How granular does an EHR Security Audit Log need to be?
- Document Submission: Audit requirements under error conditions
- ATNA + SYSLOG is good enough
- Direct addresses- Trusted vs Trustable
- Identity - - Proofing
- Securing RESTful services
- Healthcare use of X.509 and PKI is trust worthy when managed
- SSL is not broken, Browser based PKI is
- Meaningful Use Stage 2 :: SHA-1 vs SHA-2
- Trusting e-Mail
- S/MIME vs TLS -- Two great solutions for different architectures
- Healthcare Provider Discoverability and building Trust
- Using both Document Encryption and Document Signature
- Document Encryption
- IHE - Privacy and Security Profiles - Document Digital Signature
- Signing CDA Documents
- Using both Document Encryption and Document Signature
- Non-Repudiation is a very old art
- The Emperor has no clothes - De-Identification and User Provisioning
- De-Identification is highly contextual
- Redaction and Clinical Documentation
- IEC 80001 - Risk Assessment to be used when putting a Medical Device onto a Network
- More Webinars on Basics of IEC 80001
- IEC 80001 - Security Technical Report presentation
- How to Write Secure Interoperability Standards
- How to apply Risk Assessment to get your Security and Privacy and Security requirements
- Healthcare Metadata
- Minimal Metadata
- What is the benefit of an HIE
- Karen's Cross or just Minimal Metadata
- HIE using IHE
- Texas HIE Consent Management System Design
- The French Health Information Systems Interoperability Framework -- Now available in English
- One Metadata Model - Many Deployment Architectures
- Critical aspects of Documents vs Messages or Elements
- Using both Document Encryption and Document Signature
- Document Encryption
- XDS/XCA testing of Vocabulary Enforcement
- Where in the World is CDA and XDS?
- Universal Health ID -- Enable Privacy
- HIE/HIO Governance, Policies, and Consents
- Stage 2 Final
- Meaningful Use Stage 2 - Audit Logging - Privacy and Security
- Minimal Metadata
- Karen's Cross or just Minimal Metadata
- Stage 2 NRM
- Meaningful Use Stage 2 seems to support Security, Privacy, and HIE Transport
- Meaningful Use Stage 2 FINALLY means Secure and Privacy Protecting
- Stepping stone off of FAX to Secure-Email
- Meaningful Use Stage 2 -- 170.202 Transport
- Predicting Meaningful Use Stage 2 Security
- Stage 1
- Patient Identity Matching
- The Basics of Cross-Community Patient Discovery (XCPD)
- NwHIN-Exchange use of XCPD for Patient Discovery
- Direct addresses- Trusted vs Trustable
- Karen's Cross or just Minimal Metadata
- Minimal Metadata
- Direct addresses- Trusted vs Trustable
- Implementation Guidelines for State HIE Grantees on Direct Infrastructure & Security/Trust Measures for Interoperability
- Can Direct messages be "delegated/forwarded?"
- Testing your XDM implementation
- Trusting e-Mail
Other
- Encryption is like Penicillin
- Healthcare is not secure - trust suffers
- Creating and using Unique ID - UUID - OID
- Distributed Active Backup of Health Record
- Workflow Automation Among Multiple Care-Providing Institutions
- Effective Standards Evaluation - Guest blog from Karen
- Are Documents Dead?
No comments:
Post a Comment