Security, Privacy AccessopenPASS

Open Privacy, Access and Security Services

Project Status ReportJuly 1, 2008

openPASS Boca Chart3Q2008

-Successful recruitment

-HL7 SOA PASS Service Functional and Platform Independent Models

-Consensus Reference Architecture

-Healthcare document/message standards

-Jurisdictional standards

-Jurisdictional laws and regulations

Dependencies

Packaging Editions

-Recruit project/subproject leadership

-Prioritized Use Cases

-Service inventory prioritization

-Alignment with Reference Architecture

-Initial implementation priorities --Audit (basic) --Secure transport --Security context --Policy-driven access control (basic)

-Migration of Eclipse OHF code base -IHE ATNA

-Work out service orchestration strategy

Content-Resource constraints

-Several services required to be useful

-Composition required to be useful

-Requires domain expert engagement

-Divergence of related standards efforts

-Delays in emerging standards

-Jurisdictional standards differences

-Jurisdictional regulatory differences

Pressures/Exposures-Identity Resolution (in support of basic user/patient context coordination)

Added

None—new project

Deleted & Changed

July 08 -2008/09 Plan published -OHF ATNA code migratedQ4 08 -Initial PASS-Audit code release complying with ATNA profile

Milestones

openPASS Roadmap

4Q 2008

Guiding Principles:

•Align with HL7-SOA PASS Service Functional Models

•Build service inventory of composable components

•Support OHT Reference Architecture requirements

Developerrecruiting

Project Site LiveJuly 2008

3Q20081H 2009

1st Milestone Release

PASS-Audit,MessagingInitial ATNA client component releases

PASS-Identity, AccessInitial component releases

PASS Service Candidate Prioritization

Aug 2008

Sept 2008

2008-09 Plan Published

Development begins

openPASS Service Candidates

Consent Group

Consent Directive Provisioning

Consent Directive Query

Credentials Group

Credential Validation

Credential Assertion

Identity Group

Audit Record Generator

Authentication

Identity Assertion

Patient Registry Query

Patient Resolution

Identity Provisioning

Context Management

Identity Registry

Directory

PKI Management

Provider Resolution

De-Identification

Utility Services

Digital Signature Encryption

Access Group

Authorization

Resource Proxy

Decision Factor Processing

Access Policy Processing

Access Enforcement

Message Services

Channel Transport

Message Transport

Packaging

Audit Group

Audit Record Generator

Audit Monitor

Audit Record Generator

Audit

Audit Alert

Audit Archive

Audit Event Catalog

Audit Repository

Audit AnalysisAudit Report

Audit Logger

Audit Policy

Tooling

Access Policy Editor/Translator

Consent Form Editor

Entity Registry Editor

openPASS Services in Architectural Context

Health Service Bus

PASS Common Service

Patient Identifier Service

Protected ResourceWorkstation

UIServices

TerminologyServices

HL7 V3Services

Admin SupportServices

Clinical SupportServices

Process

EHR Registry

EHR Repository

Runtime Platform Messages

PASS Services PASS Services PASS Services

Infrastructure Service

Terminology Service

openPASS Services

Phase 1 openPASS Services are intended to provide the basic capabilities that allow a patient or provider to request access to patient health information from a protected resource and, based upon the security and privacy policies applied by the resource, have that access either be granted or denied.To accomplish this objective, Phase 1 openPASS Services must provide at least basic functionality for

Patient Identity ResolutionProvider Identity Authentication, Assertion and ValidationProvider Credential AssertionPoint-to-Point and Message-based Document/Message TransportPolicy-driven Access Control Decisions and EnforcementAudit Event Record Generation and Submission to Audit Logging Services

openPASS Phase 1 Proposed Scope

openPASS Service Candidates

Consent Group

Consent Directive Provisioning

Consent Directive Query

Credentials Group

Credential Validation

Credential Assertion

Identity Group

Audit Record Generator

Authentication

Identity Assertion

Patient Registry Query

Patient Resolution

Identity Provisioning

Context Management

Identity Registry

Directory

PKI Management

Provider Resolution

De-Identification

Utility Services

Digital Signature Encryption

Access Group

Authorization

Resource Proxy

Decision Factor Processing

Access Policy Processing

Access

Enforcement

Message Services

Channel Transport

Message Transport

Packaging

Audit Group

Audit Record Generator

Audit Monitor

Audit Record Generator

Audit

Audit Alert

Audit Archive

Audit Event Catalog

Audit Repository

Audit AnalysisAudit Report

Audit Logger

Audit Policy

Tooling

Access Policy Editor/Translator

Consent Form Editor

Entity Registry Editor

- Phase 1 Dependency

Identity Group

Audit Record Generator

Authentication

Identity Assertion

Patient Registry Query

Patient Resolution

Identity Provisioning

Context Management

Identity Registry

Directory

PKI Management

Provider Resolution

De-Identification