hit standards committee n.
Skip this Video
Download Presentation
HIT Standards Committee

Loading in 2 Seconds...

play fullscreen
1 / 7

HIT Standards Committee - PowerPoint PPT Presentation

  • Uploaded on

HIT Standards Committee. Privacy and Security Workgroup: Update Dixie Baker, SAIC Steven Findlay, Consumers Union October 14, 2009. Privacy and Security Workgroup Members. Dixie Baker, SAIC Anne Castro, BlueCross BlueShield of South Carolina

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'HIT Standards Committee' - zandra

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
hit standards committee

HIT Standards Committee

Privacy and Security Workgroup: Update

Dixie Baker, SAIC

Steven Findlay, Consumers Union

October 14, 2009

privacy and security workgroup members
Privacy and Security Workgroup Members

Dixie Baker, SAIC

Anne Castro, BlueCross BlueShield of South Carolina

Aneesh Chopra, Federal Chief Technology Officer

Ed Larsen, HITSP

David McCallie, Cerner Corporation

John Moehrke, HITSP

Steve Findley, Consumers Union

Gina Perez, Delaware Health Information Network

Wes Rishel, Gartner

Sharon Terry, Genetic Alliance


progress update
Progress Update

Participated in HIT Policy Committee’s Privacy Hearing

Began Planning for HIT Standards Committee Security Hearing to be held November 19

Updated Certification Recommendations

Identified Gaps

certification recommendations update
Certification Recommendations Update

SOAP Version change from 1.1 to 1.2

No Version 1.1 implementations of IHE profiles – therefore no need for legacy reach-back

Kerberos and IHE Enterprise User Authentication (EUA) eliminated from recommendation

NIST SP 800-63-1 (draft) will disallow Kerberos for federal systems implemented in 2011 and beyond

Intent was to “allow” Kerberos and EUA for 2011, but not for 2013-2015

Eliminated Kerberos and EUA from standards recommendation, and added assurance requirements derived from SP 800-63-1 “Level 2” requirements as certification criteria for 2013-2015

Allows (but does not require) Kerberos in 2011

Disallows Kerberos in 2013-2015

NIST SP 800-63-1 cited as implementation guidance

gaps identified to be addressed for 2013
Gaps Identified – To Be Addressed for 2013

Standard, healthcare-specific XML schema and vocabulary for representing subject, resource, action, and environmental attributes in security assertions

Standard XML schema and vocabulary for representing consumer consents

Standard baseline (low-water mark) security and privacy policies for the exchange of EHR information

Standards for exchanges between the healthcare enterprise and the consumer

Specification of Health Information Exchange (HIE) assumptions (definition), and associated privacy and security policy

workgroup planning
Workgroup Planning

HIT Standards Committee hearing on Security issues – planning for the November meeting

Identification of policy needs for standard baseline (low-water mark) security and privacy for the exchange of EHR information

Identification of technical/architectural requirements for uniform adoption or exchange in a standard way, with uniform methods of interpretation

Ongoing communication and coordination between the HIT Policy Committee and the HIT Standards Committee

Definition of needs, and roadmap toward, a unified approach to consumer consent management and enforcement

update to standards recommendations
Update to Standards Recommendations

See HIT web portal for latest version of recommendations:


 Federal Advisory Committees

 Health IT Standards Committee