【正文】 ccountability. This can be viewed as: Security Safeguards: I want to be sure the data are not disclosed to someone who shouldn39。醫(yī)療系統(tǒng)安全課程規(guī)劃,醫(yī)療系統(tǒng)安全課程第16週規(guī)劃,6/18 總結(jié)專題報(bào)告? XX醫(yī)院/醫(yī)學(xué)中心醫(yī)療資訊安全系統(tǒng)設(shè)計(jì) 資訊安全通訊期刊?邀稿 整合醫(yī)療資訊安全系統(tǒng)報(bào)告? HIE Security and Privacy through IHE Security and Authorization Issues in HL7 Electronic Health Records: A Semantic Web Services Based Approach,第一組 萬(wàn)芳醫(yī)院,第二組 振興醫(yī)院,第三組 馬階醫(yī)院,第四組 義守醫(yī)院,第五組 三軍總醫(yī)院,第六組 臺(tái)大醫(yī)院,第七組 長(zhǎng)庚醫(yī)院,第八組 臺(tái)北榮總醫(yī)院,醫(yī)療系統(tǒng)安全課程第16週規(guī)劃,6/18 總結(jié)專題報(bào)告? XX醫(yī)院/醫(yī)學(xué)中心醫(yī)療資訊安全系統(tǒng)設(shè)計(jì) 資訊安全通訊期刊?邀稿 整合醫(yī)療資訊安全系統(tǒng)報(bào)告? HIE Security and Privacy through IHE Security and Authorization Issues in HL7 Electronic Health Records: A Semantic Web Services Based Approach,XX醫(yī)院/醫(yī)學(xué)中心醫(yī)療資訊安全系統(tǒng)設(shè)計(jì),醫(yī)療資訊安全概論 醫(yī)療資訊與隱私權(quán)重要 何謂醫(yī)療資訊安全? 醫(yī)療資訊安全與資訊安全差異?(從資安揭露角度) XX醫(yī)院/醫(yī)學(xué)中心醫(yī)療資訊安全系統(tǒng) 目前醫(yī)療資訊系統(tǒng)架構(gòu)及資安缺口 醫(yī)療資訊安全需求(機(jī)密 真確 權(quán)限 不可否認(rèn) 等) 未來(lái)具有資安功能的醫(yī)療資訊系統(tǒng)架構(gòu) ? UCA ? XKMS ? SAML ? XACML 為確保隱私權(quán)應(yīng)有的醫(yī)療資訊安全政策 ? HIPPA 結(jié)論,醫(yī)療系統(tǒng)安全課程第16週規(guī)劃,6/18 總結(jié)專題報(bào)告? XX醫(yī)院/醫(yī)學(xué)中心醫(yī)療資訊安全系統(tǒng)設(shè)計(jì) 資訊安全通訊期刊?邀稿 整合醫(yī)療資訊安全系統(tǒng)報(bào)告? HIE Security and Privacy through IHE Security and Authorization Issues in HL7 Electronic Health Records: A Semantic Web Services Based Approach,資訊安全通訊期刊?邀稿,「資訊安全通訊雜誌」係由中華民國(guó)資訊安全學(xué)會(huì)發(fā)行之刊物，並定期於每年一月、四月、七月及十月出版資訊安全相關(guān)領(lǐng)域之研究論著，每一期將邀請(qǐng)一位Guest Editor針對(duì)當(dāng)期主題進(jìn)行規(guī)劃與邀稿。,醫(yī)療系統(tǒng)安全課程第16週規(guī)劃,6/18 總結(jié)專題報(bào)告? XX醫(yī)院/醫(yī)學(xué)中心醫(yī)療資訊安全系統(tǒng)設(shè)計(jì) 資訊安全通訊期刊?邀稿 整合醫(yī)療資訊安全系統(tǒng)報(bào)告? HIE Security and Privacy through IHE Security and Authorization Issues in HL7 Electronic Health Records: A Semantic Web Services Based Approach,HIE Security and Privacy through IHE,A Healthcare Information Exchange (HIE) is a set of healthcare entities that are cooperating to share healthcare information about common patients. The IHE has proposed that a basic method of providing a HIE is through an infrastructure that allows for the sharing of clinical documents about a patient in a way that allows for long term use. This infrastructure is made up of a family of Profiles centered on the CrossEnterprise Document Sharing (XDS) Profile. This white paper will discuss how an HIE that leverages IHE profiles can protect patient privacy and information security. The organizers of the HIE need to implement basic security principals in order to offer a security model to protect the HIE information exchanges. The architecture put forth by IHE is to share discrete information in the form of documents. These documents may be simple text documents, formatted documents using standards such as PDF, or fully structured and coded using standards such as HL7 CDA. These documents are shared with reference to the individual patient with the expectation that in the future they can be used to provide better healthcare treatment to that same individual patient.,HIE Security and Privacy through IHE,Introduction Scoping Security and Privacy International Data Protection Principles Policies and Risk Management Technical Security and Privacy controls Applying Security and Privacy to an HIE Building Upon Existing Security Environment IHE Security and Privacy Toolkit IHE Security and Privacy Controls Conclusion,Elements of the health information exchange challenge,Open “governance” Trust relationships among participants Involve consumers Provide security Develop sustainable funding Provide capable business services and operations Develop technical capabilities and operations,Scoping Security and Privacy,The Policy Environment is made up of many layers of policies. These policies work together in a hierarchic way to interlock. We will introduce some of these different layers in this white paper and show how they influence the technology. International Data Protection Principles Policies and Risk Management Technical Security and Privacy controls,HIE Security and Privacy through IHE,Introduction Scoping Security and Privacy International Data Protection Principles Policies and Risk Management Technical Security and Privacy controls Applying Security and Privacy to an HIE Building Upon Existing Security Environment IHE Security and Privacy Toolkit IHE Security and Privacy Controls Conclusion,International Data Protection Principles,In 1980, the Organization for Economic Cooperation and Development (“OECD”經(jīng)濟(jì)合作暨發(fā)展組織 ) developed Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. These guidelines were intended to harmonize national privacy laws, uphold human rights, and promote the free flow of information among its 30 member countries. The OECD guidelines have served as a basis for data protection laws in the United States, Europe, Canada, Japan, Australia, and elsewhere. Together, these principles and laws provide a useful framework for developing general data protection requirements for health information systems. In the context of this paper, these data protection principles will be scoped to the IHE relevant policies and understood in the context of the IHE risk environment. The technical controls that are relevant to IHE are distilled below.,http://www.oecd.org/document/20/0,3343,en_2649_201185_15589524_1_1_1_1,00.html,HIE Security and Privacy through IHE,Introduction Scoping Security and Privacy International Data Protection Principles Policies and Risk Management Technical Security and Privacy controls Applying Security and Privacy to an HIE Building Upon Existing Security Environment IHE Security and Privacy Toolkit IHE Security and Privacy Controls Conclusion,Policies and Risk Management (1/5),IHE solves Interoperability problems via the implementation of technology standards. It does not define Privacy or Security Policies, Risk Management, Healthcare Application Functionality, Operating System Functionality, Physical Controls, or even general Network Controls. While HIE Policies and Risk Management are outside its scope, IHE does recognize that these elements are a necessary piece of a system implementation. IHE IT Infrastructure Technical Framework, Volume 1: Appendix “L” outlines some of the issues that should be evaluated to be included in the local Policy creation and Risk Management decisions. Also, the IHE IT Infrastructure Plannin