1 / 7

POP Track – August 14, 2012

POP Track – August 14, 2012. Directory and Trust Services Policy and Operating Procedures (POP) . Topics for Today’s call. Policy Log/Policy Statements Updates Identity Management Directory Attributes & Data Identity Management Discussion Data Attributes & Data

lonna
Download Presentation

POP Track – August 14, 2012

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. POP Track – August 14, 2012 Directory and Trust Services Policy and Operating Procedures (POP)

  2. Topics for Today’s call • Policy Log/Policy Statements Updates • Identity Management • Directory Attributes & Data • Identity Management Discussion • Data Attributes & Data • Audit Policy Discussion / Starting Point • What are the requirements for auditing? • Next Steps…

  3. Identity (IdM)Management • Purpose: DT&S requires a secure and reliable method of identifying members of its community for access to electronic data resources that handle protected health information (PHI). This requires collecting and maintaining identifying attributes, ensuring that electronic identities match the appropriate person, and mechanisms to authenticate and authorize use of those identities. • Discussion Points: • Unique identifier for each LDS • Role of IdM Coordinator – who certifies? • Information Assurance Profile Standard – categories • Service Provider Standard – some technical considerations here

  4. Directory Attributes & Data • Purpose: Identify and define the minimum set of data elements and attributes needed to affect the secure exchange of health care information treatment purposes between trusted endpoints (which may be a serial set of attributes derived from the provider(s), entity and\or system in question. • Discussion Points: (See attached document) • Minimum Necessary for Discovery: The requirement is to provide sufficient information for a user to decide on whether to establish exchange with another user in the directory. • Minimum Necessary to Enable Exchange: The requirement is to identify what is the minimum needed to enable exchange (i.e., establish connection, routing) Note: These have been compared with comments on S&I Query spreadsheet but someone needs to take action item to flesh this out

  5. Auditing • What are the expectations for use? • Accounting for identity management • Track access (LDS logs access event) SDS • Track authorization (SDS logs that LDS request passed to external entity) • Validation of executed queries • Minimize asset vulnerabilities • Capture privacy/security violations (i.e., data breach) • Correlate with across events • Determine who had access to what information when the seminal event occurred

  6. Next steps? • Need volunteers to draft/finalize at drafting Policy Log entries for the five prioritized Policy items discussed • Acceptable Use/Permitted Uses • Identity Management/Authorized Users • Directory Attributes and Data • Query Management • Auditing • What elements are critical to further frame each Policy item? • Purpose • Scope • Statement • Reference • Other suggestions at this point? Thank you!

More Related