clair054

There is some strong discussion going on at HL7 around privacy concerns, especially now that HL7 FHIR has enabled easy application writing.  The discussion started with an article " Warning mHealth security fears are opening doors to app and device innovation " summarizing a study done by Ketchum .  There is concern that applications are being written by people that might not be as mature in the knowledge of how important Privacy is in healthcare. There are concerns that new regulations will stifle innovation. I disagree... There are recommendations that broader healthcare regulations are needed. I disagree... There are concerns that identifiers for patients will be bad for Privacy. I disagree... Some indicate that application developers don't care about privacy until a breach puts them in trouble. I disagree... Let me explain my disagreement... I will also say that I agree with these concerns, just not in broad terms. This problem of mobile-applications and Privacy is no...

The CBCC workgroup has published a 'handbook' for comment in the current HL7 ballot. This handbook is to be used by the workgroups within HL7 for the purposes of producing HL7 standards that have 'considered' privacy. The expectation is that when a standard has considered privacy, it will be more easy to assure privacy when it is implemented. Fortunately this is a first draft, and a draft for comment... so one hopes that major changes can be done. I have voted negative with a three dozen comments, mostly negative. The problem this handbook has is that it is asking an HL7 workgroup, while they are writing an interoperability standard, to do a Privacy Impact Assessment, using Privacy by Design. These are great tools, but are tools that are focused on an operational environment. Trying to apply them to the design of a HL7 interoperability standard is impossible, or at best too difficult. Which should have been obvious to the authors of this HL7 SPIA, given that the conclus...

Update: Found a new Career, started November 2016 As some of you know, I am currently exploring new career opportunities. Who best to reach out to than those who understand and are interested in what I do through following my blog. Topics such as Privacy Consent, Access Control, Audit Control, Accounting of Disclosures, Identity, Authorization, Authentication, Encryption, Digital Signatures, Transport/Media Security, De-Identification, Pseudonymization, and Anonymization..In the spirit of good networking I'd like to share my thoughts and objectives for my next adventure. Any thoughts, feedback, suggestions, or contacts would be greatly appreciated. I seek to be considered for an Interop Architect, Interop Program Manager, Standards Developer, Privacy Architect, or other similar leadership position that allows me to continue to engage with International Standards development while directing one or more teams in the implementation of those standards. My philosophy is that Interoperab...