ANSI - American National Standards Institute
 Print this article  Previous Next 

HITSP to Support Security and Privacy Interoperability (InterOp) Demonstration at RSA® Conference 2008

New York, Mar 28, 2008

Healthcare Information Technology Standards Panel (HITSP), in cooperation with the Organization for the Advancement of Structured Information Standards (OASIS), will showcase its work in the area of healthcare security and privacy during interoperability demonstrations at the RSA® Conference 2008 April 7-11 in San Francisco.

The multi-vendor demonstrations will highlight the use of OASIS standards in HITSP-approved guidelines, known as “constructs,” to meet healthcare security and privacy needs. The Panel’s security and privacy specifications address common data protection issues in a broad range of subject areas, including electronic delivery of lab results to a clinician, medication workflow for providers and patients, quality, and consumer empowerment.

HITSP is a multi-stakeholder coordinating body designed to provide the process within which affected parties can identify, select, and harmonize standards for communicating health care information throughout the health care spectrum. As mandated by the U.S. Department of Health and Human Services (HHS), the Panel’s work supports Use Cases defined by the American Heath Information Community (AHIC).

“This is the first time the RSA® Conference 2008 will highlight in an InterOp demo the healthcare scenario, the Electronic Health Records (EHR), and associated interoperable terminologies of clinical roles, patient consent directives, obligations, and business logic,” said John (Mike) Davis, standards architect with the VHA Office of Information in the Department of Veterans Affairs, and a member of the HITSP Security, Privacy and Infrastructure Technical Committee.

Many private and public health networks are currently exchanging health data through independently managed Electronic Health Record (EHR) systems that connect hospitals, private physicians, mental health professionals, insurance providers and others within metropolitan area, regional, single-state and multi-state networks.

“EHR systems must be interoperable so that patients, physicians, hospitals, public health agencies and other authorized users can share health related information with adequate security and privacy protections,” explained Johnathan Coleman, principal of the Security Risk Solutions, Inc., and facilitator of the HITSP Security, Privacy and Infrastructure Technical Committee.

The HITSP/OASIS InterOp will demonstrate the use of the OASIS eXtensible Access Control Markup Language (XACML) standard to make and enforce fine-grained access control decisions to protected health information.

“HITSP and OASIS have focused on addressing the very sensitive issues related to the access of patient information,” added Coleman. “The vendors that are coming together in San Francisco next month will be demonstrating solutions to address basic questions such as ‘who has access to what information?’ and ‘for what purpose?’.”

The HITSP-developed Security and Privacy constructs include methods for consumers to electronically manage who can access their private health information. Proposed terminology informs and empowers consumers to choose how they want to protect both their personal information and their safety. And technical documentation describes how EHRs can automate the choice process and the clinical implementation that follows.

To invite broad participation by health IT vendors, the HITSP/OASIS InterOp will model consumer privacy interests within clinical work flows, including possible safety risks should critical information not be disclosed when needed by clinicians.

“HITSP will continue to work closely with the broad-based healthcare community – including standards organizations such as OASIS, as well as consumers, providers, vendors and other stakeholders,” said Coleman. “Forums like the RSA Security and Privacy Interop help us ensure that we are developing the standards-based security and privacy solutions that will effectively meet current and future healthcare needs.”

Operating under contract administered by the Office of the National Coordinator for Health Information Technology (ONC), the HITSP is administered by the American National Standards Institute (ANSI), coordinator of the U.S. voluntary standardization system, in cooperation with strategic partners including the Healthcare Information and Management Systems Society (HIMSS), the Advanced Technology Institute (ATI) and Booz Allen Hamilton.

OASIS (Organization for the Advancement of Structured Information Standards), drives the development, convergence, and adoption of open standards for the global information society. A not-for-profit consortium, OASIS advances standards for SOA, security, Web services, documents, e-commerce, government and law, localization, supply chains, XML processing, and other areas of need identified by its members. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 100 countries.

About the Department of Veterans Affairs
The Department of Veterans Affairs (VA), the second largest of 15 Cabinet departments, is responsible for providing federal benefits to veterans and their families. VA operates nationwide programs for health care, financial assistance and burial benefits and is headed by the Secretary of VA. The Veterans Health Administration (VHA), one of the three administrations within VA, is the most visible with operating more than 1,400 sites of care. VA health care facilities provide a broad spectrum of medical, surgical and rehabilitative care to almost 5.5 million people. VA’s medical system serves as a backup to the Defense Department during national emergencies and as a federal support organization during major disasters. Go to for details or to for VA’s award-winning Personal Health Record.

 Homeland Defense and Security Standardization Collaborative