Tuesday, September 25, 2012

Presentations from HL7 WGM - Baltimore - Intro to Security and Privacy

At the HL7 meeting in Baltimore, the Security workgroup offered a half-day of free tutorial on security and privacy. This is a topic that we have available for tutorial for a couple of years, but it either doesn't get selected by the tutorial committee or not enough people sign-up. As a co-chair of the security workgroup I really want to get our message out. So we use our own workgroup meeting room and advertise that we will be teaching. For the Baltimore meeting we advertised this in the HL7 workgroup meeting brochure, and I also pushed it on my blog.
This session will focus on how to apply security and privacy to the health IT standards. It will cover the basics of security and privacy using real-world examples. The session will explain how each phase of design needs to consider risks to security and privacy to best design security and privacy in; and mechanisms for flowing risks down to the next phase of design. In addition, it will cover the security and privacy relevant standards that HL7 has to offer including: Role-Based-Access-Control Permissions, Security/Privacy ontology, ConfidentialityCode, CDA Consent Directive, Access Control Service, Audit Control Service, and others. These standards and services will be explained in the context of providing a secure and privacy protecting health IT environment.

First Quarter
Second Quarter

The good news is that we had about 15 people for both quarters. We are planning the same thing for Phoenix in January. I need to adjust the agenda to make sure we cover everything as Don and Trish didn't get much time to cover their slides.