W3C home > Mailing lists > Public > xml-encryption@w3.org > October 2000

Seeking help with developing a consumer privacy and confidentiality electronic signature attribute

From: <John.Payne@health.gov.au>
Date: Wed, 25 Oct 2000 18:25:38 +1100
To: xml-encryption@w3.org
Message-Id: <CA256983.00298A68.00@mtascbr01.notes.health.gov.au>
G'Day from Down Under
My apologies for such a long posting, however, I would appreciate any advice on
an appropriate  process to engage an expert discussion that would advise or
contribute  to a  project that  to develop a health informatics related Internet
standard.

Some project description info follows.  Has this type of issue been raised
before?  is there a more appropriate list?  Would anyone like to assist?

Looking forward to your input, thanks,  John

background
The project is sponsored by the Australian Federal Department of Health and Aged
care that seeks to do the following:
     

    identify issues around consumer agreement or authorisation to access
     and transfer confidential information about them;
         explore conceptual models and candidate technologies that may resolve
     issues associated with the transfer of confidential information in health
     and community care settings;
         expand the use of electronic communications required for the
     coordination of health care by identifying suitable technologies and
     practices for authorising and securing electronic communications containing
     confidential information;
         develop an understanding of the range and types of communications that
     can take place between health and community care workers; and
         identify issues associated with securing these communications.

We believe that the likely result of this work will lead to attribute
definitions, perhaps associated with electronic signatures and our strawman
proposition at this time is as follows:

Consumers will be able to either instruct, or expect, say through acceptance of
notified system defaults, service delivery organisations to execute stewardship
over their personal information through executing a range of specific, and
informed instructions regarding their personal information.  Such instructions
will endure, at least until revoked by the consumer, and may take forms similar
to the following:
         Limit information movement to the Individual Service Provider,
     Organisation Team Members, organisational representatives acting on behalf
     of the consumer, service provider, or the Consumer.  (Clearly, this is the
     default and, in effect, the majority of interactions will be characterised
     this way.).
                    (RESTRICTED)
         Limit information to only the Individual Service Provider and the
     Consumer.
                    (RESTRICTED and HIGHLY PROTECTED)
         Limit information to Individual Service Provider, Specific Service
     Providers within an Organisation, and the Consumer
                    (HIGHLY RESTRICTED)
         Limit information to Individual Service Providers, the Organisation,
     Entities needing information for the greater good of society, and the
     Consumer
                    (RESTRICTED with CONTROLLED EXCHANGE)
         Limit information to Individual Service Providers, Organisation Team
     Members, Entities needing information without personal identification for
     the greater good, and the Consumer.
                    (RESTRICTED - DE-IDENTIFIED EXCHANGE).
         Limit information to Individual Service Providers, Organisation Team
     Members, Entities prepared to compensate information exchange.
                    (RESTRICTED - VALUED EXCHANGE)

Responsibility for the recording of a Consumer signature at each Encounter is
shared jointly between Individual Service Providers and their service delivery
organisation.  Policies for identifying Consumer during an Encounter, or for
each transaction within an Encounter, need to encapsulate level of accuracy
necessary to minimise or eliminate any risk associated with an incorrect
identification occurring during the Encounter.  The responsibility for accuracy
in identification then needs to be consistent within an organisation for a
Consumer's subsequent Encounters and transactions.
<snip>
Received on Wednesday, 25 October 2000 04:45:27 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:17 GMT