 |
Return to detail page at www.hitsp.org | HITSP/TN900 |
| Next |
| HOME | ABOUT | MEMBERSHIP | NEWS & ANNOUNCEMENTS | MEETINGS | FAQ | CONTACT US | | Powered by American National Standards Institute |
|
Return to detail page at www.hitsp.org | HITSP/TN900 |
| Next |
July 8, 2009
Version 1.3
HITSP Security and Privacy Technical Note
HITSP/TN900 
Submitted to:
Healthcare Information Technology Standards Panel
Submitted by:
Security, Privacy and Infrastructure Domain Technical Committee
(Formerly Security and Privacy Technical Committee)
Document Change History
|
Version Number |
Description of Change |
Name of Author |
Date Published |
|
1.0 |
Review Copy |
Security and Privacy Technical Committee |
July 20, 2007 |
|
1.0.1 |
Review Copy |
Security and Privacy Technical Committee |
October 5, 2007 |
|
1.1 |
Released for Implementation |
Security and Privacy Technical Committee |
October 15, 2007 |
|
1.1.1 |
Review Copy |
Security, Privacy and Infrastructure Domain Technical Committee |
August 20, 2008 |
|
1.2 |
Released for Implementation |
Security, Privacy and Infrastructure Domain Technical Committee |
August 27, 2008 |
|
1.2.1 |
Review Copy |
Security, Privacy and Infrastructure Domain Technical Committee |
June 30, 2009 |
|
1.3 |
Released for Implementation |
Security, Privacy and Infrastructure Domain Technical Committee |
July 8, 2009 |
Table of Contents
1.1.1 HITSP Security and Privacy Policy
1.1.2 HITSP Security and Privacy Management Overview
1.2 Security and Privacy Relationship to Use Cases
2.0 Security and Privacy Scope
2.1 Security and Privacy Principles
2.4 Relationship of Constructs to Security and Privacy Policies
2.5 Focus of Construct Development on Interoperability
3.0 Roadmap and Gaps of the HITSP Security and Privacy Constructs
3.1 Selection of Security and Privacy Constructs
3.2 Roadmap for Security and Privacy Constructs
3.3 Limitations from Use Cases/Value Cases/Harmonization Requests
3.4 Requirements Outside the Current Scope
3.4.1 Gaps and Resolution Recommendations Specific to Security and Privacy Constructs
4.0 Security and Privacy Constructs
4.1 HITSP Security and Privacy Construct Overview
4.2 Relationship Between Security and Privacy Principles and Constructs
4.3 Overview of Construct Characteristics
4.4 Conceptual Relationship Between Constructs
4.4.1 Management of Consent directives and Access Control
4.4.2 Nonrepudiation of origin, and document integrity
4.5 Description of Security and Privacy Constructs
4.5.1 HITSP/T17 Secured Communication Channel
4.5.2 HITSP/T15 Collect and Communicate Security Audit Trail
4.5.3 HITSP/SC109 Security Audit
4.5.4 hitsp/tp20 Access Control
4.5.5 HITSP/SC108 Access Control
4.5.6 HITSP/TP13 Manage Sharing of Documents (with Document Integrity Option)
4.5.7 HITSP/C19 - Entity Identity Assertion
4.5.8 HITSP/C26 - Nonrepudiation of Origin
4.5.9 HITSP/T16 - Consistent Time
4.5.10 HITSP/TP30 - Manage Consent Directives
4.5.13 HITSP/C44 - Secure Web Connection
5.0 Security and Privacy Management Background
5.2.1 Defining and Managing Risk
5.2.2 Developing a Risk Management Framework
5.3.1 Organizational (Strategic) vs. System (Tactical) Risk Assessments
7.1 Information Policy Management
Figures and Tables
Figure 4-1 Dynamic Security and Privacy Constructs
Table 1-1 HITSP Reference Documents
Table 3-1 HITSP Security and Privacy Constructs
Table 3-2 Out-of-Scope Requirements Assessment
Table 3-3 Construct Standards Gaps
Table 4-1 Relationship of Privacy Principles and HITSP Security and Privacy Constructs
Table 4-2 Relationship of Security Principles and HITSP Security and Privacy Constructs
Table 4-3 Security and Privacy Construct Summary
|
Return to detail page at www.hitsp.org | HITSP/TN900 |
| Next |