- From: <John.Payne@health.gov.au>
- Date: Wed, 25 Oct 2000 18:25:38 +1100
- To: xml-encryption@w3.org
- Message-Id: <CA256983.00298A68.00@mtascbr01.notes.health.gov.au>
G'Day from Down Under
My apologies for such a long posting, however, I would appreciate any advice on
an appropriate process to engage an expert discussion that would advise or
contribute to a project that to develop a health informatics related Internet
standard.
Some project description info follows. Has this type of issue been raised
before? is there a more appropriate list? Would anyone like to assist?
Looking forward to your input, thanks, John
background
The project is sponsored by the Australian Federal Department of Health and Aged
care that seeks to do the following:
· identify issues around consumer agreement or authorisation to access
and transfer confidential information about them;
· explore conceptual models and candidate technologies that may resolve
issues associated with the transfer of confidential information in health
and community care settings;
· expand the use of electronic communications required for the
coordination of health care by identifying suitable technologies and
practices for authorising and securing electronic communications containing
confidential information;
· develop an understanding of the range and types of communications that
can take place between health and community care workers; and
· identify issues associated with securing these communications.
We believe that the likely result of this work will lead to attribute
definitions, perhaps associated with electronic signatures and our strawman
proposition at this time is as follows:
Consumers will be able to either instruct, or expect, say through acceptance of
notified system defaults, service delivery organisations to execute stewardship
over their personal information through executing a range of specific, and
informed instructions regarding their personal information. Such instructions
will endure, at least until revoked by the consumer, and may take forms similar
to the following:
· Limit information movement to the Individual Service Provider,
Organisation Team Members, organisational representatives acting on behalf
of the consumer, service provider, or the Consumer. (Clearly, this is the
default and, in effect, the majority of interactions will be characterised
this way.).
(RESTRICTED)
· Limit information to only the Individual Service Provider and the
Consumer.
(RESTRICTED and HIGHLY PROTECTED)
· Limit information to Individual Service Provider, Specific Service
Providers within an Organisation, and the Consumer
(HIGHLY RESTRICTED)
· Limit information to Individual Service Providers, the Organisation,
Entities needing information for the greater good of society, and the
Consumer
(RESTRICTED with CONTROLLED EXCHANGE)
· Limit information to Individual Service Providers, Organisation Team
Members, Entities needing information without personal identification for
the greater good, and the Consumer.
(RESTRICTED - DE-IDENTIFIED EXCHANGE).
· Limit information to Individual Service Providers, Organisation Team
Members, Entities prepared to compensate information exchange.
(RESTRICTED - VALUED EXCHANGE)
Responsibility for the recording of a Consumer signature at each Encounter is
shared jointly between Individual Service Providers and their service delivery
organisation. Policies for identifying Consumer during an Encounter, or for
each transaction within an Encounter, need to encapsulate level of accuracy
necessary to minimise or eliminate any risk associated with an incorrect
identification occurring during the Encounter. The responsibility for accuracy
in identification then needs to be consistent within an organisation for a
Consumer's subsequent Encounters and transactions.
<snip>
Received on Wednesday, 25 October 2000 04:45:27 UTC