September 2008 WGM Agenda CBCC Monday Q4
Attendees
- Stan Ratajczak
- Gyla Pyke
- David Staggs
- Manuel Metz
- Max Walker
- Laura Bright
- Suzanne Gonzales-Web Chair
- Bernd Blobel
- Paul Knapp
- Rob McClure
- Ioana Singureanu Scribe
- Patrick Pyette
- Mike Davis
- John Moehrke
- Marshall glen.f.marshall@siemens.com
- Kathleen Connor
- Heather Grain
- Neale Page
- Hideyuki Miyohara
Meeting notes
This quarter was focused on updates from various projects related to RBAC and Data Consent (aka Composite Privacy Consent Directive)
- Canada Health Infoway Update (Stan Ratajczak)
Internal project a month long to determine the direction of pan-Canadian Info Consent Standards and agree on the approach to support. The first step were the functional requirements but CHI does not have buy-in - by December the pan-Canadian consensus will be reached. CHI makes sure that the correct stakeholders have been consulted. Currently consent is not granted at the fine-grained control level of granularity that CBCC is envisioning but CHI wishes to make sure that they can support future legislation as well as current ones. If the policy in a jurisdiction prohibits the disclosure of a certain type of information, then the sending/collecting jurisdiction may not be able to provide it but indicate that additional information was masked. The collecting jurisdiction will observe local policies when exchanging personal health records with another jurisdiction. CHI will share their requirements with CBCC.
- OASIS Cross Enterprise Security (XSPA) TC David Staggs , XSPA Chair
There is a need for a integration profile for HITSP Demonstrate the use of OASIS standards in TP20 for US-realm HITSP (Access Control) - security and privacy use cases are addressed. These use cases will demonstrated at HIMSS next year. The TC is looking for participation in the upcoming demonstration. A pod in the showcase will be used to demonstrate the use of TP20. SAML, XACML, and WS-trust are profiled. So far the TC has provide two interop demonstration of XACML using the RBAC and Data Consent terminology (RSA 2007, OASIS Open Standards Forum 2008).
- France
Use cases have been provided a set of use cases to consider for use our domain analysis efforts.
- National eHealth Tansition Authority Australia (Max Walker)
NEHTA is currently evaluating the legislation to assess the effect on standards. As new requirements are developed they will be forwarded to
National eHealth Tansition Authority ]
- Japan
Japan has conducted a project to exchange patient records and will provide us more detailed
- Germany (Bernd Blobel)
- ePrescription - bilateral policies will be negotiate between the jurisdictions (EU countries). The project uses smart cards and digital signature. Biometrics (fingerprint) will be used by clinician to sign document (for verification).
- Emergency data set leverages the WHO-specified the
- National eHealth Record Specification - very similar to UK and Canada
A signature allows a clinician to sign a set of documents ("staple") as a batch/group of documents.
Trasaction Package 20 (TP20) for Access Control was developed by HITSP and it will be approved by the Secretary of HHS by October (both TP20 and TP230 will be approved).
- SAML
- WS-TRUST
- ASTM 9086 - Roles
- ASMT PMI
- HL7 Permission Catalog
- ANSI RBAC standard