Existing Healthcare Standards

Transcription

1 Existing Healthcare Standards Category Context (Information Model) Information Interchange Standard & Specific Elements ASN.1 Abstract Syntax Notation.1 ASTM E Standard Specification for Continuity of Care Record (CCR HL7 CDA (Clinical Document Architecture) HL7 RIM HL7 v2.5 Register a Patient HL7 v3 Patient Demographics IHE PDQ (Patient Demographics Query) ISO/TS21091 Health Informatics - Directory services for security, communications and identification of professionals and patients NCPDP SCRIPT OASIS XACML - Profile for Role Based Access Control (RBAC) X12N X12N Eligibility Inquiry, Eligibility, Benefit Response X12N Benefit Enrollment and Maintenance Connecting for Health RLS Connecting for Health RLS HL7 SOA HL7 v2.5 OUL (laboratory observation unsolicited) HL7 V2.5 ADR-A19, Patient Query Response HL7 V2.5 Patient Mgt HL7 v2.5 Register a Patient HL7 v3 Patient Demographic message HL7 V3 QUPA_IN201202, Get Patient Demographics Query Response HL7 V3.0 Person Management HL7 Version 2 OUL/Laboratory HL7 Version 3 Laboratory domain HL7/OMG RLUS HTTP - Hyper-Text Transfer Protocol IETF RFC 1510 Kerberos Authentication Service IETF RFC 3164 (Syslog); IETF RFC 3195 (Reliable Syslog) IETF RFC 958 Network Time Protocol IETF/W3C ebxml (Electronic Business Extensible Markup Language) IETF/W3C URL IHE PDQ (Patient Demographics Query)

2 Terminology IHE PIX (Patient Id Cross-referencing) IHE- CT Consistent Time IHE XDS (Cross Enterprises Document Sharing) IHE XDS-MS (Cross Enterprises Document Sharing Medical Summaries) IP Security (IPSec) JMS (Java Messaging Specification) NCPDP SCRIPT NIST SP Electronic Authentication Guideline OASIS SAML (Security Assertion Markup Language) SMTP Simple Mail Transfer Protocol Web Service extensions X12N Eligibility Inquiry, Eligibility, Benefit Response X12N Benefit Enrollment and Maintenance ASTM E1986 Standard Guide for Information Access Privileges to Health information ASTM E1986 Standard Guide for Information Access Privileges to Health information ASTM E Standard Specification for Continuity of Care Record (CCR HL7 CDA rel 2/CCD HL7 DSTU for Functional Role Names HL7 DSTU for Functional Role Names HL7 V2.5 Patient Mgt HL7 v2.x OMP, RDS, RDE and ORM, CCD HL7 v3.0 HL7 V3.0 Person Management IHE Medical Summary IHE PDQ (Patient Demographics Query) IHE PIX (Patient Id Cross referencing) IHE XDS (Cross enterprises document Sharing) ISO/DTS21298 Health Informatics: and Structural Roles Functional ISO/DTS21298 Health Informatics: and Structural Roles Functional LOINC (Logical Observation Identifiers Names and Codes) National Patient Id NCPDP SCRIPT NCPDP-HL7 Electronic Prescribing Coordination Mapping Document NDF-RT (VA National Drug File Reference Terminology) Rx Norm

3 Security SNOMED-CT (Systematized Nomenclature of Medicine- Clinical Terms) X12 Eligibility transaction X12N 270 Eligibility Inquiry, 271 Eligibility, Benefit Response ANSI INCITS Information technology - Role Based Access Control (RBAC) [CS1] ANSI/ ITU (X9, X.509, X.500, etc) ASTM E2147 Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems ASTM E1762 Standard Guide for Electronic Authentication of Health Care ASTM E1985 Standard Guide for User Authentication and Authorization ASTM E Standard Guide for User Authentication and Authorization ASTM E1986 Standard Guide for Information Access Privileges to Health information ASTM E Standard Specification for Authentication of Healthcare Information Using Digital Signatures ASTM E2122 Healthcare Model Policy ASTM E2147 Standard Specification for Audit and Disclosure Logs for Use in ASTM E Standard Practice for Healthcare Certificate Policy ASTM E2212 Standard Practice for Healthcare Certificate Policy DICOM Supplement 41 - Security Enhancements 2-Digital Signatures DICOM Supplement 86 - Digital Signatures for Structured Reports DICOM Supplement 95 - Audit Trail Messages ETSI TS XAdES (XML Advanced Electronic Signatures) ETSI TS XML Advanced Electronic Signatures (XAdES) ETSI TS Electronic signature formats ETSI TS Electronic signature formats ETSI/W3C XaDES (XML Advanced Electronic Signatures) FIPS CMV (Cryptographic Module Validation) Health Information Systems, HL7 (security standards using RBAC, role definitions) HL7 CDA (Clinical Document Architecture) IETF RFC S/MIME Version 3 Message Specification IETF RFC 3164 (Syslog) IETF RFC 3195 (Reliable Syslog) IETF RFC Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile IETF RFC 3881 Security Audit and Access Accountability Message XML Data Definitions for Healthcare Applications IETF RFC 958 Network Time Protocol

4 Identifier IHE ATNA (Audit Trail and Node Authentication) IHE DSG (Document Digital Signature) IHE XUA (Cross-Enterprise User Authentication) IHE- CT Consistent Time Information ISO (non-health informatics-focused standards) ISO Health informatics -- Guidelines on data protection to facilitate trans-border flows of personal health information ISO ISMS (Information Security Management System) ISO Health informatics: Security management in health using IS17799 ISO :1989 Information processing systems -- Open Systems Interconnection -- Basic Reference Model -- Part 2: Security Architecture ISO IS /2/3 Health Informatics Public Key Infrastructure (Part 1: Overview of digital certificate services; Part 2: Certificate Profile; Part 3: Policy management of certification authority) ISO TS21091 Health informatics -- Directory services for security, communications and identification of professionals and patients ISO/IEC Information Technology Vocabulary Part 8 Security ISO/IEC TR 14516:2002 Information technology. Security techniques. Guidelines for the use and management of trusted third party services ISO/TS /2/3 Health Informatics Public Key Infrastructure (Part 1: Overview of digital certificate services; Part 2: Certificate Profile; Part 3: Policy management of certification authority) ISO/TS , ISO/TS ISO/DTS Health Informatics: Privilege Management and Access Control Liberty-Alliance OASIS SAML (Security Assertion Markup Language) OASIS WSS Web Services Security: Soap Message Security OASIS XACML (extensible Access Control Markup Language) OMG CORBAMed (security implementations using RBAC, role definitions) RBAC - Role-based Access Control Secure/Multi-purpose Internet Mail Extensions (S/MIME) S-HTTP Secure Hypertext Transfer Protocol SSL/TLS-Secure Socket Layer (SSL) W3C XML 1.0 NCPDP (implementations) Transport Layer Security (TLS) M E1714 Standard Guide for Properties of a Universal Healthcare Identifier (UHID) HIPAA National Provider Identifier HL7 v2.5 PID (Patient Identification)

5 Functionality and Process Workflow Other HL7 v3 Person ID IHE PIX Patient Identifier Cross-referencing ISO TS21091 Health informatics -- Directory services for security, communications and identification of professionals and patients ISO/TS Health informatics: Proposed Identification of Subjects of Health Care PDQ Patient Demographics Query Workflow Technology Standards embedded in RBAC HL7 EHR System Functional Model CORE Policies for Certification, Exemption, Testing, and Enforcement HIPAA Privacy Rule Pub. L CORE Operating Rules for Acknowledgements, Companion Guides, Connectivity, Data Content, Response Time and System Availability 45 C.F.R (Health Care Clearinghouse defined as covered entity to include community health management information systems 45 C.F.R (Protected Health Information, PHI, defined to include all individually identifiable health information held or transmitted by a covered entity 45 C.F.R (a) (Disclosure of PHI [except when permitted or required under privacy rule] requires written authorization by the individual who is the subject of the PHI or the individual s personal representative.) 45 C.F.R (b) (De-identified health information. Specifies the information that must be removed in the safe harbor method of de-identification. 45 C.F.R (e) (Limited data set. Specifies the direct identifiers that must be removed from PHI when a limited data set is used and disclosed for research, health care operations, and public health purposes to a recipient who promises specified safeguards. 45 C.F.R and (a)(3) (Marketing. Covered entity must obtain authorization to use or disclose PHI except for carve outs such as communications about benefit plan, participating providers, for treatment, or for case management, 45 C.F.R (b) and (d) (Minimum necessary disclosure principle) 45 C.F.R (a) and (b) (Privacy practices notice) 45 C.F.R (Access. Except in certain circumstances, individuals have the right to review and obtain a copy of their PHI in a covered entity s designated record set.

6 Designated record set is group of records maintained by covered entity to make decisions about individual. Indicates which information is included in and excluded from this record set.) 45 C.F.R (Amendment. Individuals have right to have covered entities amend their PHI in designated record set.) 45 C.F.R (Disclosure accounting. Individuals have the right to accounting of disclosure of PHI with several exceptions.) 45 C.F.R (g) (Personal representative. Requires covered entity to treat personal representative the same as the individual with respect to uses and disclosures of PHI.) Excerpted from Healthcare Information Technology Standards Panel