A landing page to help OHIN members navigate the current and future thinking of OpenHIE Privacy and Security
Privacy and security are two related, but quite distinct, topics. In its 2016 document, Connecting Health and Care for the Nation – A Shared Nationwide Interoperability Roadmap, the US department of Health and Human Services (HHS) states that:
Participation in and use of a learning health system will be highly dependent upon reliable mechanisms to ensure that (1) a secure network infrastructure is widely available; (2) privacy is protected; (3) health information and services are accessed only by participants whose identity has been verified and who have been authenticated to access the system they are seeking to access; (4) users have access only to data they are authorized to access, where authorization is determined by individuals’ choices, or, if no choices are recorded, what the statutes, regulations and consensus rules say a user may access, use, disclose and receive. All of these components are necessary for enabling broad scale interoperability and a learning health system.
In many low-resource settings the legislative and policy protections for personal health information (PHI) privacy and security are still in the process of being developed and enacted. Even so, it is an underlying principle of the OpenHIE initiative that privacy, security and confidentiality of PHI are important requirements and that, at a minimum, internationally accepted de facto baseline protections should be supported. It is expected that, as implementing jurisdictions' PHI policies mature, expanded protections may be operationalized in the OpenHIE infrastructure to augment the initial, basic capabilities.
To help implementers think about the multiple dimensions of security, OpenHIE has the following framework.
Basic Security - Technical capabilities | OHIE Security - Level 1 | OHIE Security - Level 2 | OHIE Security - Level 3 |
---|---|---|---|
Encryption in transit between entities | System Level encrypt transactions between HIE and external system | HIE System Component level Encrypted transactions inside the HIE | |
Security in processing / storage | HIE System Component Level - Option OHIE Architecture components have the option to require authentication to access data | HIE Component Level OHIE Architecture components require authentication to access data | |
Authentication / Identity assertion level
| System Level HIE and the external system are authenticated at the “device” level | HIE System Component level HIE components are mutually authenticated at the device level | User Level External systems are able to assert user identity, location and purpose of use to the HIM |
Audit Record Points | HIE Component Level Audits for PHI transactions Mirrored audits are collected between the HIM and infrastructure services whenever PHI is conveyed. | HIE Component Level Audits for all transactions Mirrored audits are collected between the HIM and infrastructure services whenever PHI is conveyed. | Mirrored audits between all parties POS systems are able to send relevant audits to central audit-repository |
Audit Records Content | Basic content Transactions between the HIE and an external system are tracked. | Audit contents contain subject field Audits contain the X.509 Subject field of the requesting party | Detailed Audit Contents Audit contents All audits contain the asserted user identity, location and purpose of use. |
As of OpenHIE v2 release, the basic privacy & security behaviour of the reference architecture may be described as follows:
Although it is possible for OpenHIE to be set up to operate under an "opt-in" consent model, such an HIE configuration has proven in practice to be very expensive and difficult to administer; implementations have been generally been unsuccessful. As such, the opt-in configuration is not recommended.
OpenHIE does support specific IHE security profiles. Common message security workflow
OpenHIE is committed to the operationalization of pervasive, interoperable health information exchange networks based on international standards. The following lists the digital health standards that underlie OpenHIE's basic privacy and security behaviour (indicated with *) and those which may be employed to extend/expand the HIE's privacy and security architecture (PSA) over time.