I get the following question about every other month. Here is the version I just responded to: In this project I encountered a requirement to use SHA-256. Apparently this was in reaction to the SHA-1 collision vulnerability (https://shattered.io/) from late 2017. IHE XDS requires the hash to be SHA-1. Have you heard of any requests
The HIPAA Accounting of Disclosures is obsolete and dangerous. Patients are expected to become more engaged with their healthcare and do this using applications. Applications are sometimes software that runs on the Patient’s phone, but sometimes software running at a third party cloud. Patients should not be expected to have done a software code review
For those that struggle with the way that IHE documents the specific requirements of audit logging per type of security event or per ITI transaction; there is an easier tool. The IHE Gazelle “Security Suite” Tool has each audit log message broken down and explained. My hope is that soon this tool is the way
IHE has created a FHIR based Patient identity management system for health information exchanges. This builds on PDQm and PIXm, by adding a Feed mechanism, and a subscription to the Feed. Added to this is a set of requirements and expectations around how Merging (Link and UnLink) are to be implemented. The result of a
This is an update of what is going on in Security and Privacy in, and around, the FHIR specification. —————tl;dr———————– FHIR R4 includes Security Considerations classification SMART-on-FHIR first flavor is Normative Addition of X-Provenance and X-Consent http headers GDPR assessment against FHIR indicates good coverage of needs in FHIR already Maturing AuditEvent and Provenance to
The IHE ITI, PCC, and QRPH workgroups met in OakBrook, IL this week at the RSNA Headquarters. We still are not meeting in Treviso Italy., but we have heard that the July meeting will be in Sardinia Italy. Right before the big tourism time. Specifically we will be at the Facilities of Sardegna Ricerche at Polaris, Parco Scientifico e
I have been involved with IHE for 20 years. So I likely am one of the ‘elders’. I am graying, but not yet close enough to retirement. However this is not the case with many that were here when I first started. The sad news is that many of the people that started IHE, and
The federal government needs to provide more resources and incentives to help healthcare organizations better protect their IT systems and data from cyberattacks, according to health IT security leaders.Currently, the Department of Health and Human Services privacy and security standards are too focused on compliance and are unduly punitive to healthcare provider organizations when a
It’s been decades now since Steve Katz became the business world’s first CISO. Today he is still active in the cybersecurity community and offers his unique perspective on security threats, solutions and the next generation of leaders.
Description: Bosses are more likely to receive a pay rise after their firm suffers a cybersecurity breach, according to a study by the UK’s Warwick Business School. Security breaches did have a lasting impact on the way firms were run, as they typically paid lower dividends and invested less in research and development up to
