PMRM TC Emergency Responder Use Case Draft: 2 Aug 2011.
-
Upload
aubrey-cox -
Category
Documents
-
view
220 -
download
2
Transcript of PMRM TC Emergency Responder Use Case Draft: 2 Aug 2011.
![Page 1: PMRM TC Emergency Responder Use Case Draft: 2 Aug 2011.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ea05503460f94ba329d/html5/thumbnails/1.jpg)
PMRM TCEmergency Responder Use Case
Draft: 2 Aug 2011
![Page 2: PMRM TC Emergency Responder Use Case Draft: 2 Aug 2011.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ea05503460f94ba329d/html5/thumbnails/2.jpg)
Copyright © 1999-2010 International Security Trust and Privacy Alliance (ISTPA)
![Page 3: PMRM TC Emergency Responder Use Case Draft: 2 Aug 2011.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ea05503460f94ba329d/html5/thumbnails/3.jpg)
Privacy Management Reference Model Services
Core Policy Services Agreement- agreements, options, permissions Control – policies – data management
Presentation and Lifecycle Services Interaction - manages data/preferences/notice Agent - software that carries out processes Usage - data use, aggregation, anonymization Access - individual review/updates to PI
Privacy Assurance Services Certification - credentials, trusted processes Audit - independent, verifiable accountability Validation - checks accuracy of PI Enforcement - including redress for violations
Copyright © 1999-2010 International Security Trust and Privacy Alliance (ISTPA)
![Page 4: PMRM TC Emergency Responder Use Case Draft: 2 Aug 2011.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ea05503460f94ba329d/html5/thumbnails/4.jpg)
Syntax for each Service: Functions DEFINE [SVC] operational requirements SELECT [SVC] (input, process, and output) data and parameters INPUT [SVC] data and parameter values in accordance with
Select PROCESS [SVC] data and parameter values within Functions OUTPUT [SVC] data, parameter values, and actions LINK [SVC] to other (named) Services SECURE [SVC] with the appropriate security functions
•Each USE CASE invokes a sequence of Service “calls”
•Each Service call executes a sequence of Functions (drawn from these seven Function categories)
Copyright © 1999-2010 International Security Trust and Privacy Alliance (ISTPA)
![Page 5: PMRM TC Emergency Responder Use Case Draft: 2 Aug 2011.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ea05503460f94ba329d/html5/thumbnails/5.jpg)
Emergency Responder Use Case: On Site Care
![Page 6: PMRM TC Emergency Responder Use Case Draft: 2 Aug 2011.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ea05503460f94ba329d/html5/thumbnails/6.jpg)
ACTOR:
ECS
PI-In
[detailed PI required]
Source (Actor) Requirements Services
Incident Report External sources ECS Privacy and Security Policy
jurisdictional regulations OnStar
Security Control Audit Interaction Validation Usage Certification
Situational Awareness Report
External Sources ECS Privacy and Security Policy
jurisdictional regulations OnStar
Security Control Audit Interaction Validation Usage Certification
Patient EHR Information
Service Provider and other Healthcare systems
HIPAA security and privacy rules HITECH 3rd party inherited policy
agreements
Security Control Audit Interaction Validation Certification Usage
Situation Assessment
On-site Care/Incident Commander
General scene information None
Data Flows TO a Single Actor (ECS) with PMRM Service Invocations
![Page 7: PMRM TC Emergency Responder Use Case Draft: 2 Aug 2011.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ea05503460f94ba329d/html5/thumbnails/7.jpg)
ECS Incident Report External sources ECS Privacy and Security Policy jurisdictional regulations OnStar
Security Control Audit Interaction Validation Usage Certification
Consider one ‘row’ in the table:
![Page 8: PMRM TC Emergency Responder Use Case Draft: 2 Aug 2011.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ea05503460f94ba329d/html5/thumbnails/8.jpg)
External Source connects to the ECS SECURITY: establish confidential communication (encryption)
CERTIFICATION: check External Source credentials INTERACTION: Provide privacy notice to the External Source, if appropriate
Incident Report is transmitted to the ECS VALIDATION: check the PI for reasonableness, veracity, and relevance, possibly against other sources
CONTROL and USAGE: Store the PI, together with all appropriate permissions for subsequent PI use
AUDIT: record the receipt of the PI and Incident Report
Tabular, time-line flow of Service invocations:
Services Operational Requirements
Time Line
![Page 9: PMRM TC Emergency Responder Use Case Draft: 2 Aug 2011.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ea05503460f94ba329d/html5/thumbnails/9.jpg)
ECS Situational Awareness Report
External Sources ECS Privacy and Security Policy jurisdictional regulations OnStar
Security Control Audit Interaction Validation Usage Certification
External Source connects to the ECS SECURITY: establish confidential communication (encryption)
CERTIFICATION: check External Source credentialsINTERACTION: Provide privacy notice to the External Source, if appropriate
Situation Awareness Report is transmitted to the ECS
VALIDATION: check the PI for reasonableness, veracity, and relevance, possibly against other sources
CONTROL and USAGE: Store the PI, together with all appropriate permissions for subsequent PI use
AUDIT: record the receipt of the PI and Situation Awareness Report
Services Operational Requirements
Time Line
Additional Row:
Question: Separate analysis needed for each policy domain (eg, OnStar)?
![Page 10: PMRM TC Emergency Responder Use Case Draft: 2 Aug 2011.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ea05503460f94ba329d/html5/thumbnails/10.jpg)
ECS Patient EHR Information
Service Provider and other Healthcare systems
HIPAA security and privacy rules HITECH 3rd party inherited policy agreements
Security Control Audit Interaction Validation Certification Usage
ECS connects to Service Provider and other Health Care Systems
SECURITY: establish confidential communication (encryption)
CERTIFICATION: mutually check credentials
INTERACTION: Provide privacy notice to the Provider/other Systems, if appropriate
Patient EHR is transmitted to the ECS VALIDATION: check the PI for reasonableness, veracity, and relevance, possibly against other sources
CONTROL and USAGE: Store the PI, together with all appropriate permissions for subsequent PI use
AUDIT: record the receipt of the PI and Patient EHR
Services Operational Requirements
Time Line
Additional Row:
![Page 11: PMRM TC Emergency Responder Use Case Draft: 2 Aug 2011.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ea05503460f94ba329d/html5/thumbnails/11.jpg)
ECS Situation Assessment On-site Care/Incident Commander
General scene information None (?)
Services Operational Requirements
Time Line
Additional Row:
On site Commander records general scene information in the Situation Assessment
SECURITY: establish confidential communication or log-in (encryption)
CERTIFICATION: mutually check credentials
INTERACTION:
Any PI contained in general scene information?
VALIDATION: check the PI for reasonableness, veracity, and relevance, possibly against other sources
CONTROL and USAGE: Store the PI, together with all appropriate permissions for subsequent PI use
AUDIT: record the receipt of the PI and Situation Assessment
![Page 12: PMRM TC Emergency Responder Use Case Draft: 2 Aug 2011.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ea05503460f94ba329d/html5/thumbnails/12.jpg)
Data Flows FROM a Single Actor (ECS) with PMRM Service Invocations
Actor:
ECS
PI-Out Destination (Actor) Requirements
[
Services
Incident Report:
PI Instance and enhancements
On-site Care/Incident Commander System
ECS Privacy and Security Policy Jurisdictional regulations
Security Control Audit Interaction Validation Usage
Situational Awareness Report On-site Care/Incident Commander System
ECS Privacy and Security Policy
-
Jurisdictional regulations
Security Control Audit Interaction Validation Usage
Patient Data Request Service Providers and other healthcare systems
HIPAA security and privacy requirements Unique healthcare system requirements
Security Control Audit Interaction Validation Certification Usage Enforcement
Health Information from Devices Service Providers and other healthcare systems
HIPAA security and privacy requirements Unique healthcare system requirements
Security Control Audit Interaction Validation Certification Usage Enforcement
Virtual Consult On-site Care/Incident Commander System
Virtual Consult On-site Care/Incident Commander System
![Page 13: PMRM TC Emergency Responder Use Case Draft: 2 Aug 2011.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ea05503460f94ba329d/html5/thumbnails/13.jpg)
- examine each row of the OUT table, in turn; then,- Move to each Actor, analyzing the IN/OUT flows
![Page 14: PMRM TC Emergency Responder Use Case Draft: 2 Aug 2011.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ea05503460f94ba329d/html5/thumbnails/14.jpg)
Where Does the Reference Model Fit?
Copyright © 1999-2010 International Security Trust and Privacy Alliance (ISTPA)
Privacy Management Reference Model