Difference between revisions of "HL7 PIA Cookbook Project"
| Line 1: | Line 1: | ||
[[CBCC|Back to CBCC Wiki: Meetings]] | [[CBCC|Back to CBCC Wiki: Meetings]] | ||
| − | + | Healthcare today has some of the most diverse needs with regard to sharing of patient data and the need to protect and preserve the privacy of the data as it moves among systems. Increasingly, healthcare organizations and technology vendors are performing assessments (privacy impact assessments, threat risk assessments, business impact assessments, etc.) to ensure installed healthcare technology will have a positive impact on healthcare delivery. These assessments are even mandated for healthcare delivery organizations in some countries. Unfortunately, key decision makers often have difficulty understanding the relevance of the privacy impacts identified, and often overlook them when writing standards. | |
| − | == | + | == The Goal == |
| − | == | + | This Privacy Impact Assessment Cookbook is intended to enable HL7 standards developers, domain committees and working groups to publish standards that have taken privacy considerations and impacts into account. This guide introduces privacy impact assessments and a process to facilitate completing a privacy impact assessment for a specific standard. Using this process will facilitate the identification of gaps in a standard’s baseline privacy, allowing the working group to either update the standard on its own or to send a request to the CBCC Working Group for assistance in filling the gap. This will lead to standards that include privacy as part of their base, reducing the need to “bolt” privacy on later. As a result, the HL7 standards will better protect and preserve patient privacy, which in turn will lead to improved patient outcomes. |
| − | To | + | |
| + | == The Need for a Privacy Impact Assessment == | ||
| + | |||
| + | A '''privacy impact assessment''' is the “overall process of risk identification, risk analysis and risk evaluation with regard to the processing of personally identifiable information (PII).” (Source: ISO/IEC 29100 ''Information technology — Security techniques — Privacy framework'') | ||
| + | |||
| + | Organizations strive to protect PII for many reasons, such as safeguarding an individual’s privacy, meeting legal and regulatory requirements, and increasing consumer trust. To determine the privacy implications of their systems which process PII, organizations regularly conduct a privacy risk management process. A privacy impact assessment is a common deliverable of this process. (Source: ISO/IEC 29100) | ||
| + | |||
| + | This HL7 PIA Cookbook is intended to be used to identify privacy considerations in each standard developed by HL7 and categorize them using a standard and accepted risk framework. During this process a gap may be identified that needs to be brought to the attention of the CBCC WG. | ||
| + | |||
| + | The privacy risk management approach outlined in this PIA Cookbook closely follows the “Methodology for Privacy Risk Management” produced by Commission Nationale de l’Informatique et des Libertés (CNIL). | ||
| + | * [https://www.cnil.fr/sites/default/files/typo/document/CNIL-ManagingPrivacyRisks-Methodology.pdf CNIL's Methodology for Privacy Risk Management] | ||
| + | * This methodology has been accepted and incorporated in the “Privacy- and Security-by-Design Methodology Handbook” published by PReparing Industry to Privacy-by-design by supporting its Application in Research (PRIPARE). | ||
| + | ** The PRIPARE Handbook harmonizes and integrates the existing standards, practices and research proposals on privacy engineering. | ||
| + | ** [http://pripareproject.eu/wp-content/uploads/2013/11/PRIPARE-Methodology-Handbook-Final-Feb-24-2016.pdf PRIPARE Handbook] | ||
| + | |||
| + | == Resources == | ||
| + | |||
| + | * [http://gforge.hl7.org./gf/project/cbcc/docman/Privacy%20Impact%20Assessment%20Cookbook/ HL7 GForge folder with resources] | ||
| + | * [http://gforge.hl7.org/gf/download/docmanfileversion/9200/14230/PIA%20Cookbook%20document_DRAFT_v0.2.docx Draft PIA Cookbook document] | ||
| + | |||
| + | == Mitigation Tools == | ||
| + | |||
| + | |||
| + | |||
| + | = Examples of Risk Assessment Spreadsheets = | ||
| + | |||
| + | * SAML use in CCOW -- spreadsheet not yet published | ||
| + | ** The risk assessment was done informally and not recorded | ||
| + | ** The result was a statement in the formal specification that there is an unmitigated risk that the "Authenticating" application could misbehave as it is fully trusted to set the user identity correctly. | ||
| + | * CDA-Consent | ||
| + | ** [http://gforge.hl7.org/gf/download/docmanfileversion/5789/7431/CopyofRisk_assessment_and_mitigation_table_for_CDA_Consent_20100727.xls First Draft] 2010, July 27th | ||
| + | ** [http://gforge.hl7.org/gf/download/docmanfileversion/5813/7470/Risk_assessment_and_mitigation_table_for_CDA_Consent_20100803.xls Second Draft] 2010, Aug 3 | ||
| + | ** [http://gforge.hl7.org/gf/download/docmanfileversion/5816/7475/Risk_assessment_and_mitigation_table_for_CDA_Consent_20100810.xls Third Draft] 2010, Aug 10 | ||
| + | ** [http://gforge.hl7.org/gf/download/docmanfileversion/5827/7510/Risk_assessment_and_mitigation_table_for_CDA_Consent_20100831.xls Fourth Draft] 2010, Aug 31 | ||
| + | ** [http://gforge.hl7.org/gf/download/docmanfileversion/5906/7638/ExcerptfromCDA-ConsentofSecurityConsiderations.doc Excerpt from the formal specification of the Security Considerations section] | ||
| + | * PASS - Accounting of Disclosures Service | ||
| + | ** [http://hssp-security.wikispaces.com/file/view/PASS_Audit_Risk_assessment_and_mitigation_table_V0+2.xls First Draft] 2010, Aug 2 | ||
| + | ** [http://hssp-security.wikispaces.com/file/view/PASS_Audit_Risk_assessment_and_mitigation_table_V0+3.xls Second Draft] 2010, Aug 9 | ||
| + | ** [http://hssp-security.wikispaces.com/file/view/PASS_Audit_Risk_assessment_and_mitigation_table_V0+5.xls Third Draft] 2010, Aug 16 | ||
| + | ** [http://gforge.hl7.org/gf/download/docmanfileversion/5905/7637/ExcerptfromPASS-AuditofSecurityConsiderations.doc Excerpt from the formal specifications of part of the Security Considerations section] | ||
==Working Space (go here for project deliverables and reference materials)== | ==Working Space (go here for project deliverables and reference materials)== | ||
Revision as of 15:44, 10 May 2016
Healthcare today has some of the most diverse needs with regard to sharing of patient data and the need to protect and preserve the privacy of the data as it moves among systems. Increasingly, healthcare organizations and technology vendors are performing assessments (privacy impact assessments, threat risk assessments, business impact assessments, etc.) to ensure installed healthcare technology will have a positive impact on healthcare delivery. These assessments are even mandated for healthcare delivery organizations in some countries. Unfortunately, key decision makers often have difficulty understanding the relevance of the privacy impacts identified, and often overlook them when writing standards.
Contents
The Goal
This Privacy Impact Assessment Cookbook is intended to enable HL7 standards developers, domain committees and working groups to publish standards that have taken privacy considerations and impacts into account. This guide introduces privacy impact assessments and a process to facilitate completing a privacy impact assessment for a specific standard. Using this process will facilitate the identification of gaps in a standard’s baseline privacy, allowing the working group to either update the standard on its own or to send a request to the CBCC Working Group for assistance in filling the gap. This will lead to standards that include privacy as part of their base, reducing the need to “bolt” privacy on later. As a result, the HL7 standards will better protect and preserve patient privacy, which in turn will lead to improved patient outcomes.
The Need for a Privacy Impact Assessment
A privacy impact assessment is the “overall process of risk identification, risk analysis and risk evaluation with regard to the processing of personally identifiable information (PII).” (Source: ISO/IEC 29100 Information technology — Security techniques — Privacy framework)
Organizations strive to protect PII for many reasons, such as safeguarding an individual’s privacy, meeting legal and regulatory requirements, and increasing consumer trust. To determine the privacy implications of their systems which process PII, organizations regularly conduct a privacy risk management process. A privacy impact assessment is a common deliverable of this process. (Source: ISO/IEC 29100)
This HL7 PIA Cookbook is intended to be used to identify privacy considerations in each standard developed by HL7 and categorize them using a standard and accepted risk framework. During this process a gap may be identified that needs to be brought to the attention of the CBCC WG.
The privacy risk management approach outlined in this PIA Cookbook closely follows the “Methodology for Privacy Risk Management” produced by Commission Nationale de l’Informatique et des Libertés (CNIL).
- CNIL's Methodology for Privacy Risk Management
- This methodology has been accepted and incorporated in the “Privacy- and Security-by-Design Methodology Handbook” published by PReparing Industry to Privacy-by-design by supporting its Application in Research (PRIPARE).
- The PRIPARE Handbook harmonizes and integrates the existing standards, practices and research proposals on privacy engineering.
- PRIPARE Handbook
Resources
Mitigation Tools
Examples of Risk Assessment Spreadsheets
- SAML use in CCOW -- spreadsheet not yet published
- The risk assessment was done informally and not recorded
- The result was a statement in the formal specification that there is an unmitigated risk that the "Authenticating" application could misbehave as it is fully trusted to set the user identity correctly.
- CDA-Consent
- First Draft 2010, July 27th
- Second Draft 2010, Aug 3
- Third Draft 2010, Aug 10
- Fourth Draft 2010, Aug 31
- Excerpt from the formal specification of the Security Considerations section
- PASS - Accounting of Disclosures Service
- First Draft 2010, Aug 2
- Second Draft 2010, Aug 9
- Third Draft 2010, Aug 16
- Excerpt from the formal specifications of part of the Security Considerations section
