[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [pmrm] Designing Privacy Standards into Use Cases
Thank you very much, Kel! From: Kel Callahan
[mailto:kcallahan@hipaat.com] Hi Michele, You are
welcome. Since you are showing an interest in the HIT space, you may wish
to review the HITPC Privacy & Security Tiger Team’s hearing [HIPAAT starts min. 29:24] on Consumer Choice Technologies. (Both us and the VA are
leveraging XACML & XSPA.) I have attached our slide deck (which
includes a list of standards) since the video is not clear. I also humbly attach
our 2009 whitepaper in support of this process. Kel From:
micheledrgon@dataprobity.com [mailto:micheledrgon@dataprobity.com] Kel and Dawn, Thank you so much! You know what would be
so great is to have a call which maps out the landscape of commitment on
standards in the HIT space. I know Cloud Security Alliance is working through
the ONC channels as well – and their assets address a lot of these
elements as well. So maybe pmrm points towards certain “best
practices” as part of what ends up being a final deliverable –
perhaps even in a sector specific whitepaper? Just an idea – and a
“down the road” item (if we can afford one of those) as the next 3
weeks are tied up for me and this would be a call I’d be happy to set up
and, at the least, don’t want to miss. It may be outside the scope of
pmrm, but it is apparent that many pmrm members are heavily involved in the
health privacy/security space and it would be worthwhile, I believe, to quickly
map out the Who’s Who and What’s What just to see where we have
leverage – such as Dawn’s idea on the emergency responder
activities beyond OASIS. Just a thought, Michele From: Kel Callahan
[mailto:kcallahan@hipaat.com] Hi All, If not considered already,
the HL7 Community-Based Collaborative Care (CBCC) method for consent management
incorporates XACML in its DSTU. Please see the HITSC links to a
powerpoint (with accompanying audio) presentation. Thank you, Kel. From: Dawn Jutla
[mailto:dawn.jutla@gmail.com] Hi all: Re: the issue around privacy policy
object representation and standards raised at the May 12th telecon, my further
idea is that we may have an opportunity to
extend or complement XACML 2.0 with the richer FIPPs issues raised in the PMRM
services for use case designs requiring privacy. XACML 2.0, an approved OASIS
standard includes several profiles, including a Privacy policy profile. XACML addresses conflicting or
overlapping privacy policies which is useful to us as we go horizontally across
the different privacy policies under which several different actors (e.g. in
HITSP) are operating. Re: the question on moving to a standard , it may be useful
to have a set of guiding principles (that includes but goes beyond our
immediate task of demonstrating how pmrm fits into designing privacy into use
cases and hence organizations' IT-enabled business processes) for this
TC's privacy standard goal . Note that XACML can also be demonstrated, in a
similar way, to aid privacy design within use cases. Too, guiding principles
will help us early on to clearly map the differentiation and the interoperability
of important standards impacting privacy design w.r.t. organizations'
processes. Best, Dawn.
CONFIDENTIALITY NOTICE: This email
and any attachments may contain confidential information that is protected by
law and is for the sole use of the individuals or entities to which it is
addressed. If you are not the intended recipient, please notify the sender by
replying to this email and destroying all copies of the communication and
attachments. Further use, disclosure, copying, distribution of, or reliance
upon the contents of this email and attachments is strictly prohibited. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]