HL7 Security Document Library

Back to Security Main Page

Security Documents

Security WG Policy Documents

• Security & CBCC Work Group Response to Meaningful Use IFR

Security WG Vocabulary Documents

• HCS Privacy and Security Vocabulary Spreadsheet - Contains all the vocabulary used by HCS, DS4P, and SLS.
• Security Glossary
• Security Vocabulary Map

Security Standards

• [http://www.nist.gov/itl/csd/upload/nist_privacy_engr_objectives_risk_model_discussion_deck.pdf Privacy Engineering Objectives and Risk Model - Discussion Deck

Objective-Based Design for Improving Privacy in Information Systems]

• NIST SP 800-53 Revision 4 Security and Privacy Controls for Federal Information Systems and Organizations
• NIST Special Publication 800-53A Guide for Assessing the Security Revision 1 Controls in Federal Information Systems and Organizations
• NIST Special Publication 800-162 Guide to Attribute Based Access Control (ABAC) Definition and Considerations (Draft)
• ISO Security Standards Tracking Spreadsheet

HL7 May 2017 WGM Madrid Documents

• Bernd Blobel Presentations at 2017 Madrid WGM and other publications

HL7 January 2014 WGM Meeting Documents

• Resolutions from the 20th Meeting of ISO/TC 215, Health Informatics 25 October 2013 - Sydney, Australia provided by Hideyuki Miyohara, HL7 Japan
• Privacy Architecture Journal of Medical Internet Research 2013 provided by Bernd Blobel
• A Conceptual Framework and Principles for Trusted Pervasive Health Journal of Medical Internet Research 2013 provided by Bernd Blobel
• First AidFor Medical Identity Theft Tips for Consumers] provided by John Moehrke
• Medical Identity Theft Recommendations for the Age of Electronic Medical Records provided by John Moehrke
• AXLE and HL7 HCS presented by Albana Gaba and Henk-Jen Meijer

HL7 January 2014 WGM Tutorial

• HL7 WGM San Antonio 2014_Security Tutorial provided by Bernd Blobel
• Healthcare Privacy and Security Classification System (HCS) Overview presented by Mike Davis
• DS4P Overview presented by Ioana Singureanu

HL7 September 2013 WGM Ballot and Meeting Documents

• Hideyuki Miyohara's presentation of the Japanese HIE architecture.

• Brian Handspicker's presentation on proposed Privacy Marking for social service agencies who handle health information using NIEM.

HL7 MAY 2013 WGM Ballot and Meeting Documents

• HIMSS DS4P VA-SAMSHA pilot

HL7 JAN 2013 WGM Presentations

• NSTIC presentation by Bill Braithwaite HL7 WGM Jan 2013
• Healthcare Privacy and Security Classification System Guide presented by Mike Davis for the HL7 Security Education Session Jan 2013 WGM
• Consent Directive CDA presented by Trish Williams for the HL7 Security Education Session Jan 2013 WGM
• PASS—Privacy, Security and Access Services presented by Don Jorgenson for the HL7 Jan 2013 WGM Security Educational Session

Security Documents 2012

• Healthcare Privacy and Security Classification Guide
• Healthcare Privacy and Security Classification System
• Levels of Assurance Bill Braithwaite
• Security Labeling System Diagram
• HCS Classification Scheme presentation
• Healthcare Classification Scheme paper
• HL7 Privacy and Security Vocabulary
• HL7 Security and Privacy Requirements for CDA R3
• HL7 Security and Privacy Vocabulary Value Set OIDs and Descriptions
• HL7 Security SOA Architecture Project Scope Statement
• Trish William's updated list of ISO privacy and security standards requested by Security WG

July 2012 Harmonization Proposals

• HL7 Harmonization Proposal July 2012 Security WG Purpose of Use
• HL7 Harmonization Proposal July 2012 Security WG Confidentiality Code Technical Corrections
• HL7 Harmonization Proposal July 2012 Security WG ActSensitivityPrivacyPolicyType Technical Correction

Security Ballot Material 2012

• HL7 Healthcare Privacy and Security Classification System White Paper. This paper describes a Healthcare Privacy and Security Classification System (HCS) suitable for automated privacy and security labels “tagging” and segmentation of protected health information (PHI) for privacy policy enforcement through security logical access controls.

Security Presentation 2012

• Arnie Rosenthal's comments on Healthcare Privacy and Security Classification System Presentation by Kathleen Connor
• HL7 Security WG July Harmonization Proposals
• Act.confidentialityCode "isDocumentCharacteristic" = true
• HL7 Healthcare Privacy and Security Classification System and HSSP Data Sensitivity and Tagging Project
• Proposed Health Care Security and Privacy Classification System BallotPresentation
• HL7 Security Service Oriented Architecture Domain Analysis Model (SSOA DAM)
• Purpose of Use Harmonization

VA Security Brown Bag Presentations May 24, 2012

• Infoway Privacy by Design and Pan-Canadian Federated Identity Presented by: Stan Ratajczak, Group Director Emerging Technologies Group, Canada Health Infoway
• Presentation on a prototypic implementation of a Healthcare Classification System for Data Segmentation by Duane Decouteau Senior Software Engineer VA (ESC)
• HL7 Privacy and Security Vocabulary for Healthcare Classification by Kathleen Connor
• May 24 VA Security Brown Bag recording
• Information on Software to play May 24 VA Security Brown Bag recording

Security Documents 2011 and Earlier

• Security Work Group Emergency Access paper
• HL7 v2 Confidentiality Codes and v3 Harmonization
• Final Refactored Confidentiality Codes Harmonization Proposal
• Final Act Policy Type Harmonization Proposal
• HL7 Publication Request for the Security and Privacy DAM DSTU
• Composite Security and Privacy Domain Analysis Model v1_r2 (post 2010May ballot reconciliation)
• Decision Making Practices (TBD)
• Requirement Analysis
  • Security Use Cases
  • Role-Based Access Control (RBAC) Use Cases
  • Security Glossary HL7 2008(c), Version 3 Std
• Documents on HL7 Project Homebase aka HL7 GForge
  • Role Based Access Control (RBAC) Role Engineering Overview, N1 Sept 2009 HL7 baltot site
  • HL7 RBAC Permission Catalog
  • HL7 RBAC Constraint Catalog
  • HL7 RBAC Role Engineering Process (supporting data)
  • HL7 RBAC Permission Catalog mapping to SNOMED CT (initial)
  • HL7 RBAC Permission Catalog mapping to SNOMED CT II
  • A Scenario driven Role Engineering Process for Functional RBAC Roles (RBAC Reference) G. Neumann and M. Strembeck A Scenario-driven Role Engineering Process for Functional RBAC Roles, proc. of the 7th ACM Symposium on Access Control Models and Technologies, pp 33-42, 2002

• Cookbook for Security Considerations-Instructions for HL7 standards editors and workgroups
• HL7 Document on OIDS from May 2009 ballot
• Draft Security DAM Diagram
• Security DAM use cases and their representation in the class diagram
• DRAFT Security DAM Value Sets - US Realm 12/01/2009

Approved Projects

• Security and Privacy Ontology Project Wiki
• RBAC Privacy and Authorization Terminology Project Scope Statement v0 2.doc joint with Community-Based Collaborative Care
  • Project Insight - Project Plan
• CDA R2 Implementation Guide for Privacy Consent Directives May 2010 joint with Community-Based Collaborative Care

Back to Security Main Page