Boston, MA, USA; 4 April 2009 — "Meeting Privacy Needs of the Nation Today" is the focus of a multi-vendor, interoperability demonstration hosted by OASIS, the international open standards consortium, in cooperation with the U.S. Healthcare Information Technology Standards Panel (HITSP). The demo is part of the HIMSS (Healthcare Information and Management Systems Society) 2009 conference Interoperability Showcase, which is taking place in Chicago this week.
The demonstration implements privacy consents and access control standards recognized by the U.S. Department of Health and Human Services for the secure electronic exchange of health care information. These standards, including the Security Assertion Markup Language (SAML) and eXtensible Access Control Markup Language (XACML), are described in HITSP's TP-20/TP-30 constructs. The standards are part of the Cross-Enterprise Security and Privacy Authorization (XSPA) profile, which is currently being defined at OASIS.
"The advanced technologies demonstrated by OASIS and HITSP at HIMSS09 show how standards and technologies that have been approved by the U.S. Secretary, Health and Human Services can come together with vendors and providers to meet the Nation's healthcare interoperability requirements for security and patient privacy," said John 'Mike' Davis, Standards Security Architect, U.S. Department of Veterans Affairs.
The demo depicts real world, critical healthcare scenarios including clinician-asserted rights, purpose-based access (e.g., emergency access), patient-determined privacy preferences and consent directives, and flexible policy management.
Support for XSPA
"The Nationwide Health Information Network (NHIN) is the poster child for all of the benefits that open source software and open standards provide," said Bill Vass, president and COO of Sun Microsystems. "The federal government has built a working prototype capable of being deployed across multiple agencies in a matter of months with minimal costs. The open nature of the IT foundation is critical to ensuring that government can work with the private healthcare sector to revolutionize the nation's healthcare system."
"Jericho Systems is thrilled to be a primary contributor to the OASIS/ HITSP Interoperability Demo providing the Healthcare Industry with a real world solution to dynamic and secure collaboration. It allows us to expose and demonstrate Jericho's EnterSpace Decisioning Service, the first to market, standards-based Authorization Service. What makes this opportunity even more exciting is the implementation of Cross-Enterprise Security and Privacy Authorization (XSPA) profile, HITSP's TP-20/TP-30 and HL7 which has application to the Healthcare Industry, First Responders and Homeland Defense," said Brynn Mow, CEO of Jericho Systems.
"As a leader in open source, we are committed to adoption of OASIS security standards, and we support industry interoperability efforts surrounding them. We are eager to showcase the applicability of standards and open source technology to enable privacy and secure transmission in e-healthcare. The current demonstration allows Red Hat and our partners to show the power of open source and collaboration," said Anil Saldhana, Lead Security Architect, JBoss Division, Red Hat Inc.
OASIS OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) Technical Committee
OASIS (Organization for the Advancement of Structured Information Standards) drives the development, convergence, and adoption of open standards for the global information society. A not-for-profit consortium, OASIS advances standards for SOA, security, Web services, documents, e-commerce, government and law, localisation, supply chains, XML processing, and other areas of need identified by its members. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org
OASIS Director of Communications