October 25, 2007
E-health Privacy and Security Standards Published
The Healthcare Information Technology Standards Panel has issued a set of standards for keeping patients’ e-health records private and secure. The Human Services Department has sponsored a panel with the goals of identifyng and harmonizing existing information standards so that e-health records can be exchanged among institutions.
The panel published "constructs" or sets of standards and specifications which will serve as a technical foundation that is applicable to the policy requirements in federal and state laws, or to other business and organizational requirements for protecting and preserving health information.
There is such variability in health information security and privacy laws across the country that trying to establish a common set of constructs was a significant challenge for the panel. With this in mind, the committee used an approach based on the identification of a core set of overarching policy concepts, and the establishment of a minimum common base set of requirements that could be applied to different health information exchange scenarios.
The constructs are as follows.
* Manage document sharing and preserve document integrity
* Collect and communicate security audit trail
* Maintain consistent time, by synchronizing system clocks among the systems on a network
* Secured communication channel
* Entity identity assertion, to validate the identity of people or applications
* Access control
* Nonrepudiation of information origin
* Manage and communicate consent directives from a patient.
It reported that the constructs have some gaps. "For example, there is a lack of standards to communicate the full access control policies and obligations in the fidelity that health care ultimately needs," it said in the document. "In cases like this, HITSP will present the best solutions available, and encourage standards organizations to fill the gaps."
The panel expects to update the constructs from time to time.
Link to HITSP Security and Privacy Documents