Presentation is loading. Please wait.

Presentation is loading. Please wait.

Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

Published byTerence Maxwell Modified over 9 years ago

Similar presentations

Presentation on theme: "Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March."— Presentation transcript:

1 Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 18, 2015

2 Charge to Transport and Security Workgroup WorkgroupTransport and Security Standards Section E: Secure Network Infrastructure 1)Cybersecurity: a)What should the federal government (specifically) focus on first to move towards a uniform approach to enforcing cybersecurity in healthcare (keeping HIPAA and CEHRT Rules in mind and possible new cybersecurity legislation)? b)Are there frameworks, methodologies, incentive programs, etc. that the healthcare industry has not, but should, consider? 2)Encryption: Are there other gaps (aside from lack of policies and guidance for implementing encryption)in technology and standards for encryption? Section F: Identity and Authentication What ID proofing and authentication standards, policies, and protocols can we borrow from other industries? Is healthcare that different from banking, social media, or email? Section G: Consent What standards should we put forward in the 2016 standards advisory for basic choice? How much work should ONC be doing on other standards while clarifying permitted uses? If standards development needs to be done, what should we be working on (DS4CDS vs DS4P vs something else)? 2

3 TSS WG: Tasks & Dates 3

4 Draft Comments for Discussion – Section E 4

5 Roadmap Section E Summary: Cybersecurity 1a) What should the federal government (specifically) focus on first to move towards a uniform approach to enforcing cybersecurity in healthcare (keeping HIPAA and CEHRT Rules in mind and possible new cybersecurity legislation)? DRAFT Response: The Transport and Security Standards Workgroup (TSS WG) recommends that ONC partner with NIST, OCR, other federal agencies, and industry stakeholders in several ways to address a uniform approach to enforcing cybersecurity in healthcare. First, ONC should work to advance a consistent trust framework across the health IT ecosystem. Second, ONC should endorse a set of appropriate baseline security controls that are uniformly applied to all health IT technologies that enter the ecosystem. Third, ONC should work with industry to accommodate a diversity of emerging health IT technologies across infrastructures within the health IT ecosystem. Health IT infrastructures must be flexible, in that they should permit any certified health IT solution to operate within the ecosystem. Fourth, ONC should provide guidance on proper governance in cybersecurity, which is essential for building trust and security throughout the ecosystem. Finally, the ONC should bring together federal, state, and industry stakeholders to address the goal of reducing variations in cybersecurity enforcement. 5

6 Roadmap Section E Summary: Cybersecurity 1b) Are there frameworks, methodologies, incentive programs, etc. that the healthcare industry has not, but should, consider? DRAFT Response: Trust is integral in building a secure health IT ecosystem. The National Strategy for Trusted Identities in Cyberspace (NSTIC) Trustmark, PCI, and ISO should be considered as possible frameworks for establishing electronic trust among healthcare organizations across the Internet. Cybersecurity needs to be considered for both enterprises and for interconnections among enterprises. The healthcare industry needs a minimum set of standards and metrics for measuring the strength of security protections. A number of “minimum standard sets” exist and can be drawn from. These include, but may not be limited to: OCR’s minimum standards for control areas, the CAB-forum Baseline Requirements, and the questions asked by cybersecurity insurance companies and financial auditors. Additionally, the existing security control frameworks (including NIST’s cybersecurity framework) should be considered for alignment and guidance when gaps occur. 6 *http://www.nist.gov/cyberframework

7 Roadmap Section E Summary: Encryption 2)Are there other gaps (aside from lack of policies and guidance for implementing encryption) in technology and standards for encryption? DRAFT Response: ONC should work with OCR, other federal partners, and industry stakeholders to address the following three issues related to technology and standards for encryption. First, ONC should provide guidance on encryption key lifecycle management. Second, ONC should provide guidance on a method for encryption key escrow recovery. Finally, ONC should publish guidance on key oversight and authorization, addressing the people or entities that maintain access to encryption keys. ONC should also consider providing guidance on a minimum set of encryption requirements for health IT (i.e., medical devices, systems, and software) used to store and access protected health information. 7

8

Download ppt "Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
Digital Identity Group May 2012. GIXEL  GIXEL is the professional association of electronic component and system industries in France. It brings together.

Digital Identity Group May GIXEL  GIXEL is the professional association of electronic component and system industries in France. It brings together.
ELTSS Alignment to Nationwide Interoperability Roadmap DRAFT: For Stakeholder Consideration in response to public comment.

ELTSS Alignment to Nationwide Interoperability Roadmap DRAFT: For Stakeholder Consideration in response to public comment.
Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015.

Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015.
1 Jan 2013 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered.

1 Jan 2013 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered.
1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.

1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.
Interoperability Roadmap Comments Package Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair February 24, 2015.

Interoperability Roadmap Comments Package Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair February 24, 2015.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Interoperability Roadmap Comments Package Transport and Security Standards Workgroup Dixie Baker, Chair Lisa Gallagher, Co-Chair April 22, 2015.

Interoperability Roadmap Comments Package Transport and Security Standards Workgroup Dixie Baker, Chair Lisa Gallagher, Co-Chair April 22, 2015.
Interoperability and Health Information Exchange Workgroup March 10, 2015 Micky Tripathi, chair Chris Lehmann, co-chair.

Interoperability and Health Information Exchange Workgroup March 10, 2015 Micky Tripathi, chair Chris Lehmann, co-chair.
Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.

Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.
User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.

User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.
Connecting Health and Care for the Nation: A Shared Nationwide Interoperability Roadmap – DRAFT Version 1.0 Joint FACA Meeting Chartese February 10, 2015.

Connecting Health and Care for the Nation: A Shared Nationwide Interoperability Roadmap – DRAFT Version 1.0 Joint FACA Meeting Chartese February 10, 2015.
Privacy and Security Workgroup: Big Data Public Hearing December 8, 2014 Deven McGraw, chair Stan Crosley, co-chair.

Privacy and Security Workgroup: Big Data Public Hearing December 8, 2014 Deven McGraw, chair Stan Crosley, co-chair.
Consumer Work Group Presentation Federal Health IT Strategic Plan 2015-2020 January 9, 2015 Gretchen Wyatt Office of Planning, Evaluation, and Analysis.

Consumer Work Group Presentation Federal Health IT Strategic Plan January 9, 2015 Gretchen Wyatt Office of Planning, Evaluation, and Analysis.
Interoperability Standards Advisory Summary of Public Comments and Next Steps June 24, 2015 Chris Muir.

Interoperability Standards Advisory Summary of Public Comments and Next Steps June 24, 2015 Chris Muir.
Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.

Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.
Minnesota Law and Health Information Exchange Oversight Activities James I. Golden, PhD State Government Health IT Coordinator Director, Health Policy.

Minnesota Law and Health Information Exchange Oversight Activities James I. Golden, PhD State Government Health IT Coordinator Director, Health Policy.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Similar presentations

Ads by Google