• Home
• About HL7
  • People and Organizations
  • Contact Us
  • Agreements
  • Bylaws
  • Operations Manual
  • FAQs
  • Intro to HL7 Flash Tour
• Standards
  • Introduction
  • Master grid of all standards
  • Section 1: Primary Standards
  • Section 2: Foundational Standards
  • Section 3: Clinical and Administrative Domains
  • Section 4: EHR Profiles
  • Section 5: Implementation Guides
  • Section 6: Rules and References
  • Section 7: Education & Awareness
  • ANSI Approved Standards
  • IP Policy
• Membership
  • Become a Member
• Resources
  • Work Groups
  • Balloting
  • Listservs
  • Procedures
  • Templates
  • Tools & Resources
  • Wiki
  • Webinar Recordings
  • Certification Directory
  • Jobs
  • Elections
• HL7 Store
• Newsroom
  • Press Kit
  • Executive Bios & Photos
  • Issue and Policy Statements
  • Press Releases
  • Newsletters
  • Media Contact
• Events
  • Conference Calls
  • Educational Summits
  • Training
  • Training & Certification Events
  • Harmonization Meetings
  • E-Learning
  • Working Group Meetings
  • Event Sponsors
  • HIMSS
• My HL7
  • Log In
  • My Account
  • My Profile
  • My Meetings
  • My E-Mail Addresses
  • My Listservs
  • Balloting
  • Global Membership Directory

• About HL7
• Standards
• Membership
• Resources
• HL7 Store
• Newsroom
• Events
• My HL7

Security

---

Home | Overview | Leadership | Meeting Minutes | Documents/Presentations | List Service | Projects | Reports | Additional Resources

---

Mission

This group supports the HL7 mission to create and promote its standards by publishing standards for trustworthy communication among all applications and services in HL7s scope. The Security TC also will lead the convergence and harmonization of standards for identity and access management among healthcare standards development organizations.

Charter

Work Products and Contributions to HL7 Processes

• Standards

  • Security policy management, e.g., defining, managing, and communicating security policies among trading partners
  • Role engineering and management, e.g., defining, managing, and communicating structural and functional roles to which security policies apply.
  • Privilege management, e.g., defining, managing, and communicating the association of security policies with roles.
  • Access control, e.g, defining, managing, and communicating the association of entities (people, systems, etc.) with privileges, and accountability auditing for use of privileges
  • Provisioning, e.g., distribution of software and metadata in a secure manner
  • Conformance profiles for healthcare security.
• Informational documents and resources
  • On-line repository for roles and participations (ISO equivalents are structural and functional roles)
  • Supporting infrastructure and environmental assumptions for security
  • Security threat model for healthcare IT systems and networks
  • Functional model for security infrastructure and security services needed for advanced interoperability based on HL7 V3
  • Migration of security services defined for legacy systems as well as V2 and V3 environment.
  • HDF modifications to accommodate healthcare security standards and use cases
  • se cases to define requirements and model-based specifications for both communication and application security services, using the HDF methodology
• Advise all HL7 committees regarding security and privacy considerations plus the relevant technologies.

Formal Relationships With Other HL7 Groups

The Security Work Group will interact via regular joint meetings with the CQ, EHR, MnM, and PM Work Groups. Additional unscheduled interactions may occur with most other HL7 Work Groups, and national affiliates, e.g., advice on selection and application of security standards and technologies for specific healthcare use cases.

Formal Relationship With Groups Outside of HL7

Formal relationships have been established by the HL7 board with the following groups that are directly relevant to the Security TCs work:

• ASTM E31
• CEN/TC 251
• DICOM
• eHI
• NCPDP
• OASIS
• OMG

 

The Security TC will work with the HL7 board to develop and formalize additional relationships that are directly relevant to the Security TCs work, such as:

• US government agencies such as NIST, NCVHS, VHA, and DoD
• Government agencies, in association with HL7s national affiliates
• ISO/TC 215
• IHE
• Research and development organizations, e.g., IMIA

Ballot Results

• HL7 Security Service Framework
• Standard Guide for Implementing HL7 EDI Communication Security

Pertinent Documents

• NVCHS Testimony HL7
• VA patient records policy/management procedures
• VA Automated Information System (AIS) security policies
• CEN/TC 251/WG6 Medical Informatics - Security, Privacy, Quality and Safety
• CEN/TC 251 WG6: Healthcare Security and Privacy, Quality and Safety
• HL7 SIG Secure White Paper
• Selected Health Care Security References

Decision Making Practices

Decision Making Practices

Date of Last Revision

January 15, 2005