HL7 Standards Privacy Assessment Project
This document defines a Standards Privacy Assessment (SPA) process for Specifications Under Review (SURs) in HL7. The SPA process provides guidelines for creating a Privacy Considerations section, as well as a template of this section, within HL7 SURs.
The Need for a Standards Privacy Assessment
Often during the development of a SUR, privacy concerns will be brought up. These privacy concerns often can’t be addressed in the design of the SUR; however, they likely can be addressed in the software implementing the SUR, the operational environment deploying that software, or the policies in which the SUR is used. Thus, it is helpful to expose “Privacy Considerations.” Privacy considerations are residual (un-addressed) privacy risks for the next step to address or pass through.
SURs in HL7 may have privacy impacts, in which case they will need to be addressed to protect the Personally Identifiable Information (PII) of the consumers who trust in this technology. This Standards Privacy Assessment (SPA) provides editors of HL7 SURs with guidance on:
- Why a Privacy Considerations section is needed in HL7 SURs,
- When a SPA process should be used for a HL7 SUR,
- How to conduct a SPA analysis on a HL7 SUR, and
- What findings should be included in the Privacy Considerations section of a HL7 SUR.
The privacy impact of a SUR is directly related to either PII or technical mechanisms for identifying information that can be linked to the PII principal associated with that information.
A SPA is a methodology assessing the possible privacy impact(s) of a SUR. It takes into account applicable privacy principles and associated privacy safeguarding requirements in order to assess the potential threats arising from the SUR that require mitigation by introducing privacy safeguards or controls. In addition, the SPA process is intended to help create information that should be used in analyzing the potential harm towards an individual that could be caused by the technology defined by the SUR.
This SPA is meant to help the thought process of privacy analysis; it does not provide specific directions for how to write a Privacy Considerations section.
Guidance to Editors on When to Apply SPA
In order to determine whether to apply the SPA process, three questions need to be answered concerning the SUR:
- Will the SUR involve technology that will process PII, or will it involve technology that could link information to an identifiable individual?
- If the SUR will not process PII or involve technology that could link information to an identifiable individual, will it generate PII?
- If the SUR will not generate PII, will it involve technology that will be used in a network device by an individual?
If the answer to any of these questions is affirmative, then the SPA process should be applied to the SUR.
In the event that a SPA process is not considered warranted, the editor should clearly articulate this using text such as the following:
“This specification does not define technology that will process Personally Identifiable Information (PII), nor will it create any link to PII. Furthermore, the specification does not define technology that will be deployed in a network device and used by an individual.”
See "Working Space" below to access the repository of all SPA-related resources and the latest version of the SPA document. Section 3 of this document describes each step of the SPA Process.
Guidelines for creating a Privacy Considerations section, as well as a template of this section, are also available in the SPA document. See "Working Space" below to access the latest version of the SPA document. Section 4 of this document provides guidelines for creating the Privacy Considerations section and a template of how a Privacy Considerations section might look in an HL7 SUR.