Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015.

Slides:

Advertisements

Similar presentations

Connected Health Framework

Advertisements

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Digital Identity Group May GIXEL  GIXEL is the professional association of electronic component and system industries in France. It brings together.

ELTSS Alignment to Nationwide Interoperability Roadmap DRAFT: For Stakeholder Consideration in response to public comment.

Certificate Interoperability S&I Framework Initiative Final Report August 17, 2011.

Private Sector Perspectives on Federal Financial Systems Modernization and Shared Services.

Interoperability Roadmap Comments Package Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair February 24, 2015.

Capability Cliff Notes Series PHEP Capability 6—Information Sharing What Is It And How Will We Measure It?

Interoperability Roadmap Comments Package Transport and Security Standards Workgroup Dixie Baker, Chair Lisa Gallagher, Co-Chair April 22, 2015.

Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

Interoperability and Health Information Exchange Workgroup March 10, 2015 Micky Tripathi, chair Chris Lehmann, co-chair.

HITSP – enabling healthcare interoperability 1 enabling healthcare interoperability 1 Standards Harmonization HITSP’s efforts to address HIT-related provisions.

Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.

User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.

Connecting Health and Care for the Nation: A Shared Nationwide Interoperability Roadmap – DRAFT Version 1.0 Joint FACA Meeting Chartese February 10, 2015.

Consumer Work Group Presentation Federal Health IT Strategic Plan January 9, 2015 Gretchen Wyatt Office of Planning, Evaluation, and Analysis.

Interoperability Standards Advisory Summary of Public Comments and Next Steps June 24, 2015 Chris Muir.

BIG DATA AND THE HEALTHCARE REVOLUTION FORD+SSPG 2014.

Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.

Public Key Infrastructure Ammar Hasayen ….

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Strategy and Innovation Workgroup: Recommendations on the Federal Health IT Strategic Plan March 4, 2015 David Lansky, Chair Jennifer Covich,

Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.

HIT Standards Committee Hearing on Trusted Identity of Patients in Cyberspace November 29, 2012 Jointly sponsored by HITPC Privacy and Security Tiger Team.

Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

HIT Policy Committee Nationwide Health Information Network Governance Workgroup Recommendations Accepted by the HITPC on 12/13/10 Nationwide Health Information.

Trusted Federated Identity and Access Management to provide the Cornerstone for Cyber Defense.

ConnectMe Authority Strategic Plan May Broadband Strategy – Healthcare For the healthcare industry: The Authority will work with decision makers.

Update on Interoperability Roadmap Comments Sections G, F and E Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

Nationwide Health Information Network: Conditions for Trusted Exchange Request For Information (RFI) Steven Posnack, MHS, MS, CISSP Director, Federal Policy.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 7, 2015 DRAFT1.

HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.

Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.

Draft – discussion only Content Standards WG (Documents and Data) Proposed HITSC Workgroup Evolution 1 Architecture, Services & APIs WG Transport and Security.

Kevin Novak, Chair W3C Electronic Government Interest Group April 17, 2009.

HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.

Privacy, Confidentiality, and Security Unit 8: Professional Values and Medical Ethics Lecture 2 This material was developed by Oregon Health & Science.

The Paradox in HIPAA Deven McGraw, JD, MPH, LLM Partner Manatt, Phelps & Phillips, LLP December 8, 2014.

HIT Policy Committee Information Exchange Workgroup NwHIN Conditions for Trusted Exchange Request For Information (RFI) May 18,

Seeking a National Standard for Security: Developing a Systematic Crosswalk of the Final HIPAA Security Rule, the NIST SP , NIST SP Security.

HIT Policy Committee Report from HIT Standards Committee Privacy and Security Workgroup Dixie Baker, SAIC December 15, 2009.

NIST / URAC / WEDi Health Care Security Workgroup Presented by: Andrew Melczer, Ph.D. Illinois State Medical Society.

Cloud Computing, Policy Management and Standardization Europe Identity Conference 2011 John Sabo, Director Global Government Relations, CA Technologies.

HIT Standards Committee Overview and Progress Report March 17, 2010.

Health Big Data Discussion Privacy and Security Workgroup Deven McGraw, Chair Stanley Crosley, Co-chair June 8, 2015.

Scalable Trust Community Framework STCF (01/07/2013)

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

HIPAA Security Final Rule Overview

Moving the National Health Information Technology Agenda Forward The Fourth Health Information Technology Summit March 28, 2007 Robert M. Kolodner, MD.

Discussion - HITSC / HITPC Joint Meeting Transport & Security Standards Workgroup October 22, 2014.

HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Creating an Interoperable Learning Health System for a Healthy Nation Jon White, M.D. Acting Deputy National Coordinator Office of the National Coordinator.

Overview of ONC Report to Congress on Health Information Blocking Presented to the Health IT Policy Committee, Task Force on Clinical, Technical, Organizational,

Document Encryption Profile Brief Profile Proposal for 2009/10 presented to the IT Infrastructure Planning Committee Martin Rosner, Paul Koster October.

Draft – discussion only Consumer Workgroup Christine Bechtel, chair Neil Calman, co-chair December 8, 2014.

Framing Identity Management Recommendations Transport & Security Standards Workgroup November 19, 2014.

API Task Force Josh Mandel, Co-Chair Meg Marshall, Co-Chair December 4, 2015.

HIT Standards Committee Privacy and Security Workgroup Progress Report on Review of Governance RFI Dixie Baker, Chair Walter Suarez, Co-Chair May 24, 2012.

HIT Standards Committee Privacy and Security Workgroup Task Update: Standards and Certification Criteria for Certifying EHR Modules Dixie Baker, Chair.

Workgroup Introduction & Trust Mark Briefing Transport & Security Standards Workgroup September 22, 2014.

1 David C. Kibbe, MD MBA DirectTrust Collaborating to Build the Security and Trust Framework for Direct Exchange June 20, 2013.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

Higher Education’s Role in the Identity Ecosystem

OmniRAN Introduction and Way Forward

HIPAA Security Standards Final Rule

OmniRAN Introduction and Way Forward

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Presentation transcript:

Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015

Charge to Transport and Security Workgroup WorkgroupTransport and Security Standards Section E: Secure Network Infrastructure 1)Cybersecurity: a)What should the federal government (specifically) focus on first to move towards a uniform approach to enforcing cybersecurity in healthcare (keeping HIPAA and CEHRT Rules in mind and possible new cybersecurity legislation)? b)Are there frameworks, methodologies, incentive programs, etc. that the healthcare industry has not, but should, consider? 2)Encryption: Are there other gaps (aside from lack of policies and guidance for implementing encryption)in technology and standards for encryption? Section F: Identity and Authentication What ID proofing and authentication standards, policies, and protocols can we borrow from other industries? Is healthcare that different from banking, social media, or ? Section G: Consent What standards should we put forward in the 2016 standards advisory for basic choice? How much work should ONC be doing on other standards while clarifying permitted uses? If standards development needs to be done, what should we be working on (DS4CDS vs DS4P vs something else)? 2

TSS WG: Tasks & Dates 3 Today

Straw Comments for Discussion – Section E 4 WorkgroupTransport and Security Standards Section E: Secure Network Infrastructure 1)Cybersecurity: a)What should the federal government (specifically) focus on first to move towards a uniform approach to enforcing cybersecurity in healthcare (keeping HIPAA and CEHRT Rules in mind and possible new cybersecurity legislation)? b)Are there frameworks, methodologies, incentive programs, etc. that the healthcare industry has not, but should, consider? 2)Encryption: Are there other gaps (aside from lack of policies and guidance for implementing encryption)in technology and standards for encryption?

Roadmap Section E Summary: Cybersecurity 1a) What should the federal government (specifically) focus on first to move towards a uniform approach to enforcing cybersecurity in healthcare (keeping HIPAA and CEHRT Rules in mind and possible new cybersecurity legislation)? Straw Response: The Transport and Security Standards Workgroup (TSS WG) believes that ONC should partner with other federal agencies and industry stakeholders in several ways to address a uniform approach to enforcing cybersecurity in healthcare. First, ONC should work to advance a consistent trust framework across the health IT ecosystem. Second, ONC should support the development of consistent accreditation. Third, ONC should work with industry to advance acknowledgment of the heterogeneity of infrastructure. This infrastructure must be flexible, in that it should permit any certified health IT solution to operate within the ecosystem, regardless of what new devices or service delivery models are added (e.g., cloud, mobile, etc.). Fourth, ONC should provide guidance on proper governance in cybersecurity, which is essential for building trust and security throughout the ecosystem. Finally, the ONC should bring together federal, state, and industry stakeholders to address the goal of reducing variations in cybersecurity enforcement. 5

Roadmap Section E Summary: Cybersecurity 1b) Are there frameworks, methodologies, incentive programs, etc. that the healthcare industry has not, but should, consider? Straw Response: Trust is integral in building a secure health IT ecosystem. The National Strategy for Trusted Identities in Cyberspace (NSTIC)/IDESG Trustmark should be considered as a possible framework to establish electronic trust between trust frameworks across internet. Additionally, the existing security control frameworks (including NIST’s cybersecurity framework) should be considered for alignment and guidance when gaps occur. 6

Roadmap Section E Summary: Encryption 2) Are there other gaps (aside from lack of policies and guidance for implementing encryption) in technology and standards for encryption? Straw Response: ONC should work with federal partners and industry stakeholders to address the following three issues related to technology and standards for encryption. First, ONC should provide guidance on key lifecycle management. Second, ONC should provide guidance on a method for key escrow recovery. Finally, ONC should publish guidance on key oversight and authorization, addressing the people or entities that maintain access to keys. 7

ONC Specific Charges – Section F 8 WorkgroupTransport and Security Standards Section F: Identity and Authentication What ID proofing and authentication standards, policies, and protocols can we borrow from other industries? Is healthcare that different from banking, social media, or ?

Specific Charge – Section F Questions: What ID proofing and authentication standards, policies, and protocols can we borrow from other industries? Is healthcare that different from banking, social media, or ? 9

ONC Specific Charges – Section G 10 WorkgroupTransport and Security Standards Section G: Consent What standards should we put forward in the 2016 standards advisory for basic choice? How much work should ONC be doing on other standards while clarifying permitted uses? If standards development needs to be done, what should we be working on (DS4CDS vs DS4P vs something else)?

Specific Charge – Section G Question: What standards should we put forward in the 2016 standards advisory for basic choice? 11

Specific Charge – Section G Questions: How much work should ONC be doing on other standards while clarifying permitted uses? If standards development needs to be done, what should we be working on (DS4CDS vs DS4P vs something else)? 12