This wiki has undergone a migration to Confluence found Here

Difference between revisions of "SecurityEvent FHIR Resource Proposal"

From HL7Wiki
Jump to navigation Jump to search
(Created page with "{{subst::Template:FHIR Resource Proposal}}")
 
Line 1: Line 1:
 
 
<div class="messagebox cleanup metadata">
 
<div class="messagebox cleanup metadata">
 
<div style="float: left;">[[Image:OpenHotTopic.GIF|35px| ]]</div>
 
<div style="float: left;">[[Image:OpenHotTopic.GIF|35px| ]]</div>
Line 30: Line 29:
  
 
<!-- The name of the committee that is proposed to have responsibility for developing and maintaining the resources. -->
 
<!-- The name of the committee that is proposed to have responsibility for developing and maintaining the resources. -->
[[YourCommitteeName]]
+
[http://www.ihe.net IHE IT Infrastructure Technical Committee]
  
 
==Contributing or Reviewing Work Groups==
 
==Contributing or Reviewing Work Groups==
  
 
<!-- Additional work groups that may have an interest in contributing to, or reviewing  the content of the resource (optional) -->
 
<!-- Additional work groups that may have an interest in contributing to, or reviewing  the content of the resource (optional) -->
* Work Group Name
+
* [[Security]]
* or link
+
* [[EHR]]
* or "None"
+
* [[Community-Based Collaborative Care]]
  
 
==FHIR Resource Development Project Insight ID==
 
==FHIR Resource Development Project Insight ID==
  
 
<!-- Please specify the id of your work group’s PSS for doing FHIR work.  (If submitted but not yet approved, just write “pending”.) The link to the PSS template can be found here: http://gforge.hl7.org/gf/download/docmanfileversion/6832/9398/HL7FHIR_DSTUballotPSS-20120529.doc -->
 
<!-- Please specify the id of your work group’s PSS for doing FHIR work.  (If submitted but not yet approved, just write “pending”.) The link to the PSS template can be found here: http://gforge.hl7.org/gf/download/docmanfileversion/6832/9398/HL7FHIR_DSTUballotPSS-20120529.doc -->
 +
 +
unclear how to reference external organization ownership
  
 
==Scope of coverage==
 
==Scope of coverage==
Line 55: Line 56:
 
As a rule, resources should encompass all of these aspects.
 
As a rule, resources should encompass all of these aspects.
 
  -->
 
  -->
 +
User Accountability is provided through a Security Audit Trail. The Audit Trail needs to allow a Security officer in an institution to audit activities, to assess compliance with a secure domain’s policies, to detect instances of non-compliant behavior, and to facilitate detection of improper creation, access, modification and deletion of Protected Health Information (PHI). The Audit Trail should provide Privacy officer in an institution to audit privacy compliance, and aid in the production of an Accounting of Disclosures.
 +
 +
The Audit Trail needs to contain sufficient record of security and privacy relevant events. The Audit Trail is a protected resource, but should contain minimal unnecessary exposure leveraging persistent opaque identifiers when ever possible. Audit Trail Reporting should leverage Directories, Registries, and other databases to resolve opaque identifiers as necessary. Reporting is an auditable event.
 +
  
 
==RIM scope==
 
==RIM scope==
  
 
<!-- Identify the formal RIM mapping for the root concept of the resource.  The expectation is that the RIM mapping will be sufficiently precise so as to not overlap with any other resource definition. -->
 
<!-- Identify the formal RIM mapping for the root concept of the resource.  The expectation is that the RIM mapping will be sufficiently precise so as to not overlap with any other resource definition. -->
 +
Security and Privacy are different domains from the RIM. The overlap with the RIM is not necessary, but to be leveraged when appropriate.
  
 
==Resource appropriateness==
 
==Resource appropriateness==
Line 74: Line 80:
 
* Have the characteristics of high cohesion & low coupling – need to explore whether coupling is good some places, not elsewhere – layers from Bo’s document  
 
* Have the characteristics of high cohesion & low coupling – need to explore whether coupling is good some places, not elsewhere – layers from Bo’s document  
 
  -->
 
  -->
 +
* Leverages well established Security and Privacy concepts
  
 
==Expected implementations==
 
==Expected implementations==
  
 
<!--Key resources are justified by CCDA, for resources not deemed "key", what interest is there by implementers in using this particular resource. Provide named implementations if possible - ideally provide multiple independent implementations. -->
 
<!--Key resources are justified by CCDA, for resources not deemed "key", what interest is there by implementers in using this particular resource. Provide named implementations if possible - ideally provide multiple independent implementations. -->
 +
* USA - Regulations from HHS/ONC/CMS looking for RESTful implementations of IHE-ATNA Audit Logging
 +
* Others have expressed interest in RESTful implementations of IHE-ATNA Audit Logging
  
 
==Content sources==
 
==Content sources==
Line 84: Line 93:
  
 
Are there any source specifications that you wish to consult but are concerned about access to or expertise to consider? -->
 
Are there any source specifications that you wish to consult but are concerned about access to or expertise to consider? -->
 +
* [http://www.astm.org/Standards/E2147.htm ASTM E2147] – Setup the concept of security audit logs for healthcare including accounting of disclosures
 +
* [http://www.ietf.org/rfc/rfc3881.txt IETF RFC 3881] – Defined the Information Model (IETF rule forced this to be informative)
 +
* [ftp://medical.nema.org/medical/dicom/2011/09v11dif/09v11_15.doc DICOM Audit Log Message] – Made the information model Normative, defined Vocabulary, Transport Binding,  and Schema
 +
* [http://wiki.ihe.net/index.php?title=ATNA IHE ATNA] – defines the grouping with secure transport and access controls; and defined specific audit log records for specific IHE transactions.
 +
* [http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf NIST SP800-92] – shows how to do audit log management and reporting – consistent with our model
 +
* [http://gforge.hl7.org/gf/download/docmanfileversion/6970/9669/PASSNotes-HL7SeptWG.ppt HL7 PASS] – Defined an Audit Service with responsibilities and a query interface for reporting use
 +
* [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=44315 ISO 27789] – is defining the subset of audit events that an EHR would need
  
 
==Example Scenarios==
 
==Example Scenarios==
  
 
<!-- Provide a listing of the types of scenarios to be represented in the examples produced for this resource.  They should demonstrate the full scope of the resource and allow exercising of the resources capabilities (full element coverage, inclusion & omission of optional elements, repeating and singleton repeating elements, etc.) -->
 
<!-- Provide a listing of the types of scenarios to be represented in the examples produced for this resource.  They should demonstrate the full scope of the resource and allow exercising of the resources capabilities (full element coverage, inclusion & omission of optional elements, repeating and singleton repeating elements, etc.) -->
 +
* Record a Security relevant event has happened - Login, Logout, System Start, Patient informatiton vieweded, Patient Information exported
 +
* Record a Privacy relevant event has happened -- A Disclosure
 +
* Security Officer needs to look for abuse of security policies
 +
** too many failed login events indicate a potential attack
 +
** Review accesses by a specific user
 +
** Review accesses to a specific patient
 +
** Review inappropriate access from a workstation
 +
** Review inappropriate access from a region/department
 +
* Privacy Officer needs to
 +
** Produce an Accounting of Disclosures for a specific Patient
 +
** Produce an Access Log for a specific Patient
 +
** Produce a Disclosure report on a population
 +
** Review an accusation of inappropriate access
  
 
==Resource Relationships==
 
==Resource Relationships==
Line 99: Line 128:
 
Reference to resources is really only relevant at the "same or higher level" (Bo – fix this wording)
 
Reference to resources is really only relevant at the "same or higher level" (Bo – fix this wording)
 
  -->
 
  -->
 +
none
  
 
==Timelines==
 
==Timelines==
  
 
<!-- Indicate the target date for having the resource complete from a committee perspective and ready for vetting and voting -->
 
<!-- Indicate the target date for having the resource complete from a committee perspective and ready for vetting and voting -->
 +
Interest in this resource for use by reporting tools
  
 
==gForge Users==
 
==gForge Users==
  
 
<!-- Identify the userids who will require commit access to gForge to maintain the resource.  (Ensure all users have registered for gForge.) -->
 
<!-- Identify the userids who will require commit access to gForge to maintain the resource.  (Ensure all users have registered for gForge.) -->
 +
john_moehrke

Revision as of 17:05, 27 May 2013



putProposedResourceNameHere

Owning committee name

IHE IT Infrastructure Technical Committee

Contributing or Reviewing Work Groups

FHIR Resource Development Project Insight ID

unclear how to reference external organization ownership

Scope of coverage

User Accountability is provided through a Security Audit Trail. The Audit Trail needs to allow a Security officer in an institution to audit activities, to assess compliance with a secure domain’s policies, to detect instances of non-compliant behavior, and to facilitate detection of improper creation, access, modification and deletion of Protected Health Information (PHI). The Audit Trail should provide Privacy officer in an institution to audit privacy compliance, and aid in the production of an Accounting of Disclosures.

The Audit Trail needs to contain sufficient record of security and privacy relevant events. The Audit Trail is a protected resource, but should contain minimal unnecessary exposure leveraging persistent opaque identifiers when ever possible. Audit Trail Reporting should leverage Directories, Registries, and other databases to resolve opaque identifiers as necessary. Reporting is an auditable event.


RIM scope

Security and Privacy are different domains from the RIM. The overlap with the RIM is not necessary, but to be leveraged when appropriate.

Resource appropriateness

  • Leverages well established Security and Privacy concepts

Expected implementations

  • USA - Regulations from HHS/ONC/CMS looking for RESTful implementations of IHE-ATNA Audit Logging
  • Others have expressed interest in RESTful implementations of IHE-ATNA Audit Logging

Content sources

  • ASTM E2147 – Setup the concept of security audit logs for healthcare including accounting of disclosures
  • IETF RFC 3881 – Defined the Information Model (IETF rule forced this to be informative)
  • DICOM Audit Log Message – Made the information model Normative, defined Vocabulary, Transport Binding, and Schema
  • IHE ATNA – defines the grouping with secure transport and access controls; and defined specific audit log records for specific IHE transactions.
  • NIST SP800-92 – shows how to do audit log management and reporting – consistent with our model
  • HL7 PASS – Defined an Audit Service with responsibilities and a query interface for reporting use
  • ISO 27789 – is defining the subset of audit events that an EHR would need

Example Scenarios

  • Record a Security relevant event has happened - Login, Logout, System Start, Patient informatiton vieweded, Patient Information exported
  • Record a Privacy relevant event has happened -- A Disclosure
  • Security Officer needs to look for abuse of security policies
    • too many failed login events indicate a potential attack
    • Review accesses by a specific user
    • Review accesses to a specific patient
    • Review inappropriate access from a workstation
    • Review inappropriate access from a region/department
  • Privacy Officer needs to
    • Produce an Accounting of Disclosures for a specific Patient
    • Produce an Access Log for a specific Patient
    • Produce a Disclosure report on a population
    • Review an accusation of inappropriate access

Resource Relationships

none

Timelines

Interest in this resource for use by reporting tools

gForge Users

john_moehrke