[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xspa] Draft of XSPA FAQ
|
John I totally agree with you that the profile
should be the result of due consideration of the use cases selected and the
requirements that flow therefrom. The profile should not be “specialized
for demonstration purposes.” I offer the links to our successful XACML
InterOp (below) to show the specialized EHR application “available to the TC” for use with whatever profile results
from the careful deliberation and discussion of the TC. Once we have the generalized
profile, I’m sure your long experience with IHE has shown, an InterOp is
a great way to iron out any unexpected gaps. When we reach that time, we plan
to offer an application that can be used to support that shake-out. Best regards, David David Staggs, JD, CISSP (SAIC) From: Moehrke, John
(GE Healthcare) [mailto:John.Moehrke@med.ge.com] Forgive me on OASIS process, but I am
disturbed by the focus on demo prior to the writing a generalized profile. The
XSPA should focus on showing how to use existing standards to achieve the XSPA
use-cases. The goal of a profile is a specification that can be used by
developers to create solutions that need little customization in a variety of
settings. The resulting profile can then be specialized for demonstration
purposes. Is my understanding wrong of the process
of creation of a profile/guidance vs demonstration? John From: Staggs, David
(SAIC) [mailto:David.Staggs@va.gov] Colleagues As mentioned in the last call, we have an
Electronic Healthcare Record (EHR) application that is available to the TC for
use as the driver of our profile during the HIMSS InterOp. We used this
application very successfully at the last RSA Conference with the XACML TC.
The application allows us to apply and enforce enterprise permissions,
patient privacy constraints, and local business security rules. We also
have the ability to display protocol exchanges made during access to the EHR. The links below provide a quick and
painless way of understanding the capabilities we used at the RSA
InterOp. Please take a moment to review these videos so we can consider
adapting the EHR application to the XSPA effort. HL7 Permissions Access
Control (all related permissions granted) http://204.115.177.200/draliceusecase1/draliceusecase1.swf HL7 Permissions Access
Control (no permissions granted) http://204.115.177.200/draliceusecase2/draliceusecase2.swf HL7 Consent Directive
Access Control (no restrictions) http://204.115.177.200/drbobusecase1/drbobusecase1.swf HL7 Consent Directive
Access Control (User Based Access(UBA) restriction) http://204.115.177.200/drbobusecase2/drbobusecase2.swf Emergency Access
(Cross-facility access to patient's medical record) http://204.115.177.200/emergencyaccess/emergencyaccess.swf Please feel free to contact me if you have
questions. My telephone number is 858 433 1473. Regards David David Staggs, JD, CISSP (SAIC) From: Staggs, David
(SAIC) [mailto:David.Staggs@va.gov] Colleagues Here is my draft of the FAQ for the TC
based on the Charter. Please offer suggestions and corrections. Regards, David David Staggs, JD, CISSP (SAIC) |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]