[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [pmrm] Designing Privacy Standards into Use Cases
Kel and Dawn, Thank you so much! You know what would be
so great is to have a call which maps out the landscape of commitment on
standards in the HIT space. I know Cloud Security Alliance is working through
the ONC channels as well – and their assets address a lot of these
elements as well. So maybe pmrm points towards certain “best practices”
as part of what ends up being a final deliverable – perhaps even in a
sector specific whitepaper? Just an idea – and a “down the road”
item (if we can afford one of those) as the next 3 weeks are tied up for me and
this would be a call I’d be happy to set up and, at the least, don’t
want to miss. It may be outside the scope of pmrm, but it is apparent that many
pmrm members are heavily involved in the health privacy/security space and it
would be worthwhile, I believe, to quickly map out the Who’s Who and What’s
What just to see where we have leverage – such as Dawn’s idea on
the emergency responder activities beyond OASIS. Just a thought, Michele From: Kel Callahan
[mailto:kcallahan@hipaat.com] Hi All, If not considered
already, the HL7 Community-Based Collaborative Care (CBCC) method for consent
management incorporates XACML in its DSTU. Please see the HITSC links to
a powerpoint (with accompanying audio) presentation. Thank you, Kel. From: Dawn Jutla
[mailto:dawn.jutla@gmail.com] Hi all: Re: the issue around privacy policy
object representation and standards raised at the May 12th telecon, my further
idea is that we may have an opportunity to
extend or complement XACML 2.0 with the richer FIPPs issues raised in the PMRM
services for use case designs requiring privacy. XACML 2.0, an approved OASIS
standard includes several profiles, including a Privacy policy profile. XACML addresses conflicting or
overlapping privacy policies which is useful to us as we go horizontally across
the different privacy policies under which several different actors (e.g. in
HITSP) are operating. Re: the question on moving to a standard , it may be useful
to have a set of guiding principles (that includes but goes beyond our
immediate task of demonstrating how pmrm fits into designing privacy into use
cases and hence organizations' IT-enabled business processes) for this
TC's privacy standard goal . Note that XACML can also be demonstrated, in a
similar way, to aid privacy design within use cases. Too, guiding principles
will help us early on to clearly map the differentiation and the
interoperability of important standards impacting privacy design w.r.t.
organizations' processes. Best, Dawn.
CONFIDENTIALITY NOTICE: This email
and any attachments may contain confidential information that is protected by
law and is for the sole use of the individuals or entities to which it is
addressed. If you are not the intended recipient, please notify the sender by
replying to this email and destroying all copies of the communication and
attachments. Further use, disclosure, copying, distribution of, or reliance
upon the contents of this email and attachments is strictly prohibited. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]