OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pmrm message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pmrm] Designing Privacy Standards into Use Cases

Thanks too, Kel, for all the useful input and your company's link at http://www.hipaat.com/standards.php. I am imagining that HIPAAT is one of the experienced Health-SOA vendors that responded to the announcement referred to at http://www.healthcareitnews.com/news/onc-plans-develop-patient-consent-exchange
Dawn.

On Mon, May 16, 2011 at 10:25 AM, Kel Callahan <kcallahan@hipaat.com> wrote:

Hi Michele,

 

You are welcome.  Since you are showing an interest in the HIT space, you may wish to review the HITPC Privacy & Security Tiger Team’s hearing [HIPAAT starts min. 29:24] on Consumer Choice Technologies.  (Both us and the VA are leveraging XACML & XSPA.)  I have attached our slide deck (which includes a list of standards) since the video is not clear. 

 

I also humbly attach our 2009 whitepaper in support of this process.

 

Kel

 

From: micheledrgon@dataprobity.com [mailto:micheledrgon@dataprobity.com]

Sent: Monday, May 16, 2011 8:53 AM
To: 'Kel Callahan'; 'Dawn Jutla'; pmrm@lists.oasis-open.org

Subject: RE: [pmrm] Designing Privacy Standards into Use Cases

 

Kel and Dawn,

Thank you so much! You know what would be so great is to have a call which maps out the landscape of commitment on standards in the HIT space. I know Cloud Security Alliance is working through the ONC channels as well – and their assets address a lot of these elements as well. So maybe pmrm points towards certain “best practices” as part of what ends up being a final deliverable – perhaps even in a sector specific whitepaper? Just an idea – and a “down the road” item (if we can afford one of those) as the next 3 weeks are tied up for me and this would be a call I’d be happy to set up and, at the least, don’t want to miss. It may be outside the scope of pmrm, but it is apparent that many pmrm members are heavily involved in the health privacy/security space and it would be worthwhile, I believe, to quickly map out the Who’s Who and What’s What just to see where we have leverage – such as Dawn’s idea on the emergency responder activities beyond OASIS.

 

Just a thought,

Michele

 

From: Kel Callahan [mailto:kcallahan@hipaat.com]
Sent: Monday, May 16, 2011 8:08 AM
To: 'Dawn Jutla'; pmrm@lists.oasis-open.org
Subject: RE: [pmrm] Designing Privacy Standards into Use Cases

 

Hi All,

 

If not considered already, the HL7 Community-Based Collaborative Care (CBCC) method for consent management incorporates XACML in its DSTU.  Please see the HITSC links to a powerpoint (with accompanying audio) presentation.

 

Thank you,

 

Kel.

 

From: Dawn Jutla [mailto:dawn.jutla@gmail.com]
Sent: Saturday, May 14, 2011 11:16 AM
To: pmrm@lists.oasis-open.org
Subject: [pmrm] Designing Privacy Standards into Use Cases

 

Hi all:

 

Re: the issue around privacy policy object representation and standards raised at the May 12th telecon, my further idea is that we may have an opportunity to extend or complement XACML 2.0 with the richer FIPPs issues raised in the PMRM services for use case designs requiring privacy. XACML 2.0, an approved OASIS standard includes several profiles, including a Privacy policy profile. XACML addresses conflicting or overlapping privacy policies which is useful to us as we go horizontally across the different privacy policies under which several different actors (e.g. in HITSP) are operating. 

 

Re: the question on moving to a standard , it may be useful to have a set of guiding principles (that includes but goes beyond our immediate task of demonstrating how pmrm fits into designing privacy into use cases and hence organizations' IT-enabled business processes) for this TC's privacy standard goal . Note that XACML can also be demonstrated, in a similar way, to aid privacy design within use cases. Too, guiding principles will help us early on to clearly map the differentiation and the interoperability of important standards impacting privacy design w.r.t. organizations' processes. 

 

Best,

Dawn.


--
______________________________________
Dr. Dawn Jutla, PhD
Professor, Dept. of Finance, Information Systems, and Management Science
SOBEY SCHOOL OF BUSINESS
Saint Mary's University, Halifax, NS, B3H 3C3

CONFIDENTIALITY NOTICE: This email and any attachments may contain confidential information that is protected by law and is for the sole use of the individuals or entities to which it is addressed. If you are not the intended recipient, please notify the sender by replying to this email and destroying all copies of the communication and attachments. Further use, disclosure, copying, distribution of, or reliance upon the contents of this email and attachments is strictly prohibited.

 




--
______________________________________
Dr. Dawn Jutla, PhD
Professor, Dept. of Finance, Information Systems, and Management Science
SOBEY SCHOOL OF BUSINESS
Saint Mary's University, Halifax, NS, B3H 3C3
Phone: 1 902 420 5157
Sobey School: http://www.smu.ca/academic/sobey/bios/faculty/Jutla_Dawn.html
CUSP Project: http://web.cs.dal.ca/~bodorik/Cusp.htm

CONFIDENTIALITY NOTICE: This email and any attachments may contain confidential information that is protected by law and is for the sole use of the individuals or entities to which it is addressed. If you are not the intended recipient, please notify the sender by replying to this email and destroying all copies of the communication and attachments. Further use, disclosure, copying, distribution of, or reliance upon the contents of this email and attachments is strictly prohibited.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]