...
In many low-resource settings the legislative and policy protections for personal health information (PHI) privacy and security are still in the process of being developed and enacted. Even so, it is an underlying principle of the OpenHIE initiative that privacy, security and confidentiality of PHI are important requirements and that, at a minimum, internationally accepted de facto baseline protections should be supported. It is expected that, as implementing jurisdictions' PHI policies mature, expanded protections may be operationalized in the OpenHIE infrastructure to augment the initial, basic capabilities.
In OpenHIE, there are two different aspects that need to be considered, policy and technical implementation.
OpenHIE's Basic Privacy & Security Behaviour
...
Although it is possible for OpenHIE to be set up to operate under an "opt-in" consent model, such an HIE configuration has proven in practice to be very expensive and difficult to administer; implementations have been generally been unsuccessful. As such, the opt-in configuration is not recommended.
OpenHIE Security Workflows
OpenHIE does support specific IHE security profiles. Common message security workflow
Underlying Privacy & Security Standards
...