OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) TC

Join TC     TC Page     Send a comment to this TC

Enabling the interoperable exchange of healthcare privacy policies, consent directives, and authorizations

Christopher Shawn, christopher.shawn2@va.gov, Chair
Mohammad Jafari, mohammad.jafari@bookzurman.com, Chair
Duane DeCouteau, ddecouteau@edmondsci.com, Secretary

Table of Contents


The XSPA Technical Committee has regrouped and expanded its focus to develop data segmentation and healthcare security classification profiles in harmony with HL7 and IHE. The TC has elected new leadership and is starting a new round of activities. New members are welcome.

Participation in the XSPA TC is open to all interested parties. Organizations that support healthcare providers, healthcare regulators, hospitals, pharmacies, patients and anyone with an interest in defining how security and privacy controls should be used in the exchange and access of healthcare information are invited to join. Contact member-services@oasis-open.org for more information.


The OASIS XSPA TC works to standardize the way healthcare providers, hospitals, pharmacies, and insurance companies exchange privacy policies, consent directives, and authorizations within and between healthcare organizations. The OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) Technical Committee will specify healthcare profiles of existing OASIS standards to support reliable, auditable methods of confirming personal identity, official authorization status, and role attributes. This work aligns with security specifications being developed within the U.S. Healthcare Information Technology Standards Panel (HITSP).

For more information, see the TC Charter and FAQ


No subcommittees have been formed for this TC.

TC Liaisons

No TC Liaisons have been announced for this TC.

Technical Work Produced by the Committee

Wiki for OASIS XSPA TC member collaboration

Expository Work Produced by the Committee

External Resources

Although not produced by the OASIS XSPA TC, the following information offers useful insights into its work:

Cross-Enterprise Security and Privacy Authorization (XSPA) Profile
Cover Pages 17 October 2008

Mailing Lists and Comments

xspa: the list used by TC members to conduct Committee work. TC membership is required to post. TC members are automatically subscribed; the public may view archives.

xspa-comment: a public mail list for providing input to the OASIS wsrp Technical Committee members. Send a comment or view archives.

Additional Information

Providing Feedback: OASIS welcomes feedback on its technical activities from potential users, developers, and others to better assure the interoperability and quality of OASIS work.