Monday, December 31, 2012

Most Interesting Posts of 2012

Simply here are my top posts from 2012 (combination of Google Analytics and Blogger stats)

1. Meaningful Use Stage 2 -- 170.202 Transport (Note critical clarifications later)
3. Universal Health ID -- Enable Privacy
4. IHE - Privacy and Security Profiles - Audit Trail and Node Authentication
5. Patient Identity Matching
6. The Basics of Cross-Community Patient Discovery (XCPD) - Guest blog by Karen Witting
7. How to apply Risk Assessment to get your Security and Privacy and Security requirements

It gets less clear after these, but the Topics page is next most popular.

January I explained how to build an HIE using IHE, reminded Healthcare that backup needs to be distributed, kicked off Data Segmentation for Privacy Initial Review,  Pointed out more real HIE/HIO policies, Introduced the IHE Cross-Enterprise Workflow profile, explained why although SYSLOG is a lossy protocol it is not only good enough but the best solution for Security Audit Logging, and explained how to properly Audit Log a Query transaction

February I explained ATNA auditing of CCOW context changes, asked for Simple and Effective HIE Consent while showing there is more complex ones in the future, helped some understand that Encryption is not a wonder drug and thus Encryption is like Penicillin, took pride in participation in NwHIN Exchange -- Impressive success even if my company isn't directly involved, more reminders that security is hard by explaining that A Bad Random Number Generator will produce Bad Security, and one of my strongest positions is that a Universal Health ID is necessary to Enable Privacy.

March was my most prolific by far with 20 articles: reacting to political statements of Complexity only to explain that Complexity is clearly in the eye of the beholder, Meaningful Use Stage 2 :: SHA-1 vs SHA-2, I breakdown and build up a Published White Paper from the Health IT Symposium, advertize availability of IHE ITI Educational Materials available, have Karen Witting (IBM) guest blog NwHIN-Exchange use of XCPD for Patient Discovery and also The Basics of Cross-Community Patient Discovery (XCPD). A short tutorial on How to apply Risk Assessment to get your Security and Privacy Requirements, Explain how an HIE can Enforce Security and Privacy Policy in a XDS Registry, Finally see Meaningful Use Stage 2 means Secure and Privacy Protecting, Again explain the the benefit of an HIEStepping stone off of FAX to Secure-Email,  Meaningful Use Stage 2 -- 170.202 TransportMeaningful Use Stage 2 seems to support SecurityHuge HIE -- the Care Continuity ConsortiumHealthcare is not secure - trust suffers, and announce more IHE - ITI NEW Educational Webinar Series

April clearly I was exhausted with just 4 articles. The explanation this month goes only to explaining that Patient Data should not appear in the Security Audit Log. Otherwise I was just frustrated that S&I Framework Data Segmentation for Privacy seems to want to do nothing but go Around and Around in circles, while over seas The French Health Information Systems documentation is now in english, and that Meaningful Use only wants Transmission into Oblivion which fortunately later got resolved.

May starts with another Guest blog by Karen Witting (IBM) Technology Churn as a distraction. I provide some practical viewpoints that Security is not just technical but more so Operational concern, I introduce and make standalone from XDS a description of Healthcare Metadata, Quick review of ONCs New Guide on Health Information, Privacy ans Security and Meaningful Use,  and point out that IHE Connectathon has a fantastic FREE and Internet facing tool for Testing your XDM implementation.

June finds a security problem where many would not have found it in the Leap Second, yes it has security and privacy relevance, I provide Constructive comments on Data Segmentation for Privacy although not all were eagerly received, Help people understand that User Authentication is not a one-size-fits-all, and Introduce for the first time the IHE ITI mHealth Profile - Public Comment.

July I have some constructive comments on the Implementation Guidelines for State HIE Grantees on Direct..., help people understand that yes Direct messages can and will be "delegated/forwarded", gave a presentation on IHE Document Digital Signature - Non-Repudiation, and asked for comments on the mHealth profile that is a RESTful interface to XDS.

August I introduce the concept of Identity - - Proofing, more MU2 questions about Minimal Metadata or Karen's Cross or just Minimal Metadata which turned out to be neither but rather XDM over s/mime or XDR over SOAP. Another Karen Witting guest blog on Effective Standards Evaluation. Frustrated that perceptions are taking over with The Emperor has no clothes - De-Identification and User Provisioning, and two more external events HL7 WGM - Introduction to Security and PrivacyTexas HIE Consent Management System Design

On The Meaningful Use Stage 2 RulesMeaningful Use Stage 2 : TransportsMeaningful Use Stage 2 - Audit Logging - Privacy a..., and Direct addresses- Trusted vs Trustable

October I point out more free and open Testing for your ATNA Audit Log implementation, explain that there really are differences between Identity Proofing and Authentication -- Patient vs Providers, muse complaints that  Direct has difficult requirements for no good reason, wish for MU Patient Engagement - Activity History Log, Look at the security requirements in 2014 Draft Test Methods: Wave Four, parse what MU2 - Encryption and Hashing mean, and help the reader understand Patient Portal - view, download, TRANSMIT.


December I add one more profile to the IHE - Privacy and Security Profiles - Document Encryption, finished my chapter in a Book published on Healthcare Information Technology, express some way to get security considered in even Modular EHR certification, and now IHE ITI slate for 2013-2014 development is fixed.

Big year. I wish there had been more interest in 
But that is okay, I got these concepts baked into my chapter in the Book published on Healthcare Information Technology