Presentation is loading. Please wait.

Presentation is loading. Please wait.

Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015.

Similar presentations


Presentation on theme: "Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015."— Presentation transcript:

1 Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015

2 Charge to Transport and Security Workgroup WorkgroupTransport and Security Standards Section E: Secure Network Infrastructure 1)Cybersecurity: a)What should the federal government (specifically) focus on first to move towards a uniform approach to enforcing cybersecurity in healthcare (keeping HIPAA and CEHRT Rules in mind and possible new cybersecurity legislation)? b)Are there frameworks, methodologies, incentive programs, etc. that the healthcare industry has not, but should, consider? 2)Encryption: Are there other gaps (aside from lack of policies and guidance for implementing encryption)in technology and standards for encryption? Section F: Identity and Authentication What ID proofing and authentication standards, policies, and protocols can we borrow from other industries? Is healthcare that different from banking, social media, or ? Section G: Consent What standards should we put forward in the 2016 standards advisory for basic choice? How much work should ONC be doing on other standards while clarifying permitted uses? If standards development needs to be done, what should we be working on (DS4CDS vs DS4P vs something else)? 2

3 TSS WG: Tasks & Dates 3 Today

4 Straw Comments for Discussion – Section E 4 WorkgroupTransport and Security Standards Section E: Secure Network Infrastructure 1)Cybersecurity: a)What should the federal government (specifically) focus on first to move towards a uniform approach to enforcing cybersecurity in healthcare (keeping HIPAA and CEHRT Rules in mind and possible new cybersecurity legislation)? b)Are there frameworks, methodologies, incentive programs, etc. that the healthcare industry has not, but should, consider? 2)Encryption: Are there other gaps (aside from lack of policies and guidance for implementing encryption)in technology and standards for encryption?

5 Roadmap Section E Summary: Cybersecurity 1a) What should the federal government (specifically) focus on first to move towards a uniform approach to enforcing cybersecurity in healthcare (keeping HIPAA and CEHRT Rules in mind and possible new cybersecurity legislation)? Straw Response: The Transport and Security Standards Workgroup (TSS WG) believes that ONC should partner with other federal agencies and industry stakeholders in several ways to address a uniform approach to enforcing cybersecurity in healthcare. First, ONC should work to advance a consistent trust framework across the health IT ecosystem. Second, ONC should support the development of consistent accreditation. Third, ONC should work with industry to advance acknowledgment of the heterogeneity of infrastructure. This infrastructure must be flexible, in that it should permit any certified health IT solution to operate within the ecosystem, regardless of what new devices or service delivery models are added (e.g., cloud, mobile, etc.). Fourth, ONC should provide guidance on proper governance in cybersecurity, which is essential for building trust and security throughout the ecosystem. Finally, the ONC should bring together federal, state, and industry stakeholders to address the goal of reducing variations in cybersecurity enforcement. 5

6 Roadmap Section E Summary: Cybersecurity 1b) Are there frameworks, methodologies, incentive programs, etc. that the healthcare industry has not, but should, consider? Straw Response: Trust is integral in building a secure health IT ecosystem. The National Strategy for Trusted Identities in Cyberspace (NSTIC)/IDESG Trustmark should be considered as a possible framework to establish electronic trust between trust frameworks across internet. Additionally, the existing security control frameworks (including NIST’s cybersecurity framework) should be considered for alignment and guidance when gaps occur. 6

7 Roadmap Section E Summary: Encryption 2) Are there other gaps (aside from lack of policies and guidance for implementing encryption) in technology and standards for encryption? Straw Response: ONC should work with federal partners and industry stakeholders to address the following three issues related to technology and standards for encryption. First, ONC should provide guidance on key lifecycle management. Second, ONC should provide guidance on a method for key escrow recovery. Finally, ONC should publish guidance on key oversight and authorization, addressing the people or entities that maintain access to keys. 7

8 ONC Specific Charges – Section F 8 WorkgroupTransport and Security Standards Section F: Identity and Authentication What ID proofing and authentication standards, policies, and protocols can we borrow from other industries? Is healthcare that different from banking, social media, or ?

9 Specific Charge – Section F Questions: What ID proofing and authentication standards, policies, and protocols can we borrow from other industries? Is healthcare that different from banking, social media, or ? 9

10 ONC Specific Charges – Section G 10 WorkgroupTransport and Security Standards Section G: Consent What standards should we put forward in the 2016 standards advisory for basic choice? How much work should ONC be doing on other standards while clarifying permitted uses? If standards development needs to be done, what should we be working on (DS4CDS vs DS4P vs something else)?

11 Specific Charge – Section G Question: What standards should we put forward in the 2016 standards advisory for basic choice? 11

12 Specific Charge – Section G Questions: How much work should ONC be doing on other standards while clarifying permitted uses? If standards development needs to be done, what should we be working on (DS4CDS vs DS4P vs something else)? 12


Download ppt "Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015."

Similar presentations


Ads by Google