1 / 7

XACML 2.0 Interoperability Demonstration in Healthcare: Enhancing Patient Privacy

The XACML 2.0 Interoperability demonstration showcases advanced capabilities in a healthcare context, focusing on the election and enforcement of INCITS-compliant clinical roles and patient privacy directives. Participating organizations, including Axiomatics, BEA Systems, IBM, and Oracle, will simulate a scenario involving healthcare data exchange. Key features include dynamic patient privacy enforcement, role-based access controls, and compliance with HL7 consent codes. The goal is to ensure proper authorization and privacy in sharing protected patient information across various healthcare facilities, while adapting to changes in privacy directives.

shay-kim
Download Presentation

XACML 2.0 Interoperability Demonstration in Healthcare: Enhancing Patient Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. www.oasis-open.org XACML 2.0 Interop 2008

  2. Anticipated Participants • Axiomatics • BEA Systems • IBM • Oracle • Red Hat • Cisco • Sun • U.S dept of Veterans Affairs

  3. Goals • The interop will demonstrate the use of XACML V2.0 capabilities in a healthcare scenario involving the election and enforcement INCITS compliant clinical roles and patient privacy directives.

  4. Features/Highlights • Privacy and security in XACML policy • HL7 role-based • Use of HL7 consent code • Over-ride of patient election by declaring an emergency • Use of obligations to continue to enforce dynamic patent privacy directives even after release to another system

  5. Scenario Discharge Summaries Lab Results … Emergency Dept Referral History & Physical … ? Hospital Community Clinic • Challenges to healthcare data exchange: • Proper Authorization & Privacy

  6. Scenario • In the scenario, examples of likely patient privacy directives are stored in a shared policy administration point (central repository). • Each participant will act as a healthcare enterprise (partner facility) within an identity federation sharing a common repository of patient privacy preferences and consent directives. • Partner/users (clinicians) request protected patient information from their healthcare facility. Before the release of protected patient medical information to the clinician, each participant will evaluate the clinician roles (in the form of HL7 clinical permissions) and the patient privacy directives stored in the central repository.

  7. Scenario (continued) • Access to patient information will not be “all or nothing,” rather portions of the medical record not releasable to the clinician based on the patient privacy directives will be “filtered” from the provided information view. • Variations on policy will be used to demonstrate that the patient privacy directives are being honored. • Changes to the patient privacy directives at the central repository will be reflected in changes to access to the patient information at the partner facility.

More Related