This is a work approved as a IHE ITI Planning Committee white paper. This work was originally proposed as the IHE Response to Markle Principles white paper. The scope has changed over a few IHE ITI Planning Committee meetings. The current scope is to show the IHE Solutions to Security and Privacy challenges of building a Health Information Exchange (HIE). See below for meeting minutes and scheduled meetings.

Current Draft

The current draft (May 15, 2007).

Scheduled t-con - April 25

Scheduled t-con for April 25 at 11:00 central time. Normal IHE phone information.

Update -- April 13, 2007

I received the Policy section from Glen, and some comments from Karima.

The current draft (April 13, 2007).

Minutes - April 11, 2007

Attendance: John, Rob, Chris, Tyrone, Glen, Larry, and Vassil

Rob was concerned that we don't spend enough time explaining that IHE doesn't set Policies, we enable policies and their enforcement. IHE is a global organization and thus needs to respond to 50+ government policies and regulations. We need to make it clear that there is a difference between setting policy and enabling policy

Tyrone is very concerned that given the IHE scope we will not be able to adequately address the OECD principles. This was echoed by John and others. The conclusion was that we should remove the principles from the paper and change the scope to a more general security and privacy technical controls.

Larry offered that when we write the policy section, that we don't simply indicate that IHE doesn't address policies, but rather help our reader with some pointers to known organizations that are working on policies. We should also help our reader understand why policies are out of scope. He gave the example of scalability.

Glen offered to help author the section on Policy.

With the exception of the new edits to the Policy section, the other discussed changes have been integrated into the current draft (April 11, 2007).

January 29 t-con of the IHE ITI Planning Committee

It was strongly suggested that IHE must address a more global audience. This may best be done by addressing the OECD Principles on Data Protection.

I do have a concern that we need to hit the Markle Principles strong as they are influencing decision makers. A quick and decisive discussion is necessary. If this paper is too big, or takes too long it will have very little impact.

• Is there a need outside the USA for this type of response to Healthcare Consumer Principles?

IBM has offered up as predicate white paper http://www.almaden.ibm.com/cs/projects/iis/hdb/Publications/papers/vldb02_hippocratic.pdf

Tyrone Grandison (IBM) will co-edit with John Moehrke (GE Healthcare)

Lori will see if members of the ISO TC 215 committee want to add their personal knowledge and opinion to this IHE effort. This would be distinct from any ISO work.

The group felt that including OECD with a Markle focus for USA may satisfy both the USA and Global community.

Layout options:

• One Document with 2 parts -- OECD and Markle
• One Document that addresses the OECD principles with sub discussions on mapping to Markle
• Two documents

Detail: Yes we want to be specific on the technology solution that IHE offers, but we must do a better job of bridging the principles to the technology solution than is found in the original draft submitted.

January 31 discussion with Chris and Tyrone

Outline

• Introduction -- There are well understood and agreed to global principles to data protection that do apply to healthcare.
• OECD Data Protection Principles
  • sprinkle in the Markle cross-walk
  • Matching of OECD principles to IHE profiles
• Conclusion -- IHE Profiles can address Data Protection Principles including those from Markle

Chris and Tyrone will work on the outline, Introduction, and layout of OECD principles

John to fill in the IHE profile details

Meeting each Wednesday at 11:00 Central time

Targeting HIMSS with the understanding that this is very much a stretch goal.

Comments

Contact the editor John.Moehrke@med.ge.com with any comments, suggestions, or criticism.