tag:blogger.com,1999:blog-4384692836709903146.post8536997692192718979..comments2024-03-27T09:55:23.143-07:00Comments on Dispatch from the Digital Health Frontier: The ONC Privacy and Security Tiger TeamJohn Halamkahttp://www.blogger.com/profile/04550236129132159307noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-4384692836709903146.post-84191420280741236482010-06-30T18:48:19.795-07:002010-06-30T18:48:19.795-07:00I commend the team on the progress that they have ...I commend the team on the progress that they have made, particularly on the privacy front. Having said that, I participated in the HIT Standards committee meeting today and I believe the privacy and security WG could benefit from some "front-line" information security perspective. One area that could help streamline the discussion is development of a threat model. This is quite helpful in coalescing the discussion on the things that matter. Some education on the actual methods of cyber criminals would also help. PHI is a high value target, the adversaries are well funded and in it for the long term. We need to deal with this reality now as the standards and practices are emerging, rather than try to fix things later (something that rarely works with respect to information security).<br /><br />jreno@redspin.comJohn Renohttp://www.redspin.com/blognoreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-49052605571653631802010-06-28T22:02:54.096-07:002010-06-28T22:02:54.096-07:00Here is the link to the "Health Data Stewards...Here is the link to the "Health Data Stewardship: What, Why, Who, How - An NCVHS Primer" Fred referenced:<br /><br />http://www.ncvhs.hhs.gov/090930lt.pdf<br /><br />I agree this is an important document well worth taking the time to read.<br /><br />Thanks for the reminder Fred :-)Ahierhttps://www.blogger.com/profile/13398190978662246852noreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-14710792978040059722010-06-28T05:51:45.968-07:002010-06-28T05:51:45.968-07:00I am delighted to see the formal addition of a rep...I am delighted to see the formal addition of a representative from the National Committee on Vital and Health Statistics (NCVHS)to the Tiger Team. "Health Data Stewardship: What, Why, Who, How - An NCVHS Primer" should be required reading for all.e-Older Americanhttps://www.blogger.com/profile/02094737800828202693noreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-35584501260602366092010-06-28T03:23:53.931-07:002010-06-28T03:23:53.931-07:00Is there any representative on this team from the ...Is there any representative on this team from the Infosec community who can help with the technical direction? Hackers, White Hats, etc? I understand this is a 30,000 foot view, but even at that view, it's nice to have some expertise as to what can and cannot be accomplished technically.David Bernickhttp://www.eldersync.comnoreply@blogger.com