Sun, Red Hat Back OASIS Health Care Privacy Standards

OASIS demonstrates health care IT privacy standards in a multivendor interoperability demo at the Healthcare Information and Management Systems Society conference in Chicago.

OASIS demonstrated implementation of health care privacy standards in a multivendor interoperability demo at the HIMSS (Healthcare Information and Management Systems Society) conference in Chicago held April 4 to 8.

The demonstration, which is part of the HIMSS Interoperability Showcase, is hosted by OASIS, the international open standards consortium, in cooperation with the HITSP (Healthcare Information Technology Standards Panel).

Intel and GE plan to spend $250 million over five years in a health care IT partnership. Click here to read more.

Sun Microsystems, Jericho Systems, Red Hat, the Department of Defense and the Department of Veterans Affairs all collaborated to implement health care scenarios in the demonstration, which implements privacy consents and access control standards recognized by the Department of Health and Human Services for the secure electronic exchange of health care information.

The standards involved include SAML (Security Assertion Markup Language) and XACML (Extensible Access Control Markup Language) and are part of the XSPA (Cross-Enterprise Security and Privacy Authorization) profile, which is currently being defined at OASIS, officials of the standards body said.

According to the committee's Web page on the OASIS Website:

"The OASIS XSPA Technical Committee works to standardize the way healthcare providers, hospitals, pharmacies, and insurance companies exchange privacy policies, consent directives, and authorizations within and between healthcare organizations."

OASIS said in a news release April 4:

""The advanced technologies demonstrated by OASIS and HITSP at HIMSS09 show how standards and technologies that have been approved by the U.S. Secretary, Health and Human Services can come together with vendors and providers to meet the Nation's healthcare interoperability requirements for security and patient privacy," said John 'Mike' Davis, Standards Security Architect, U.S. Department of Veterans Affairs."

Speaking out in support of XSPA, Bill Vass, president and chief operating officer of Sun Microsystems, said, "The Nationwide Health Information Network ... is the poster child for all of the benefits that open-source software and open standards provide. The federal government has built a working prototype capable of being deployed across multiple agencies in a matter of months with minimal costs. The open nature of the IT foundation is critical to ensuring that government can work with the private health care sector to revolutionize the nation's health care system."

According to the OASIS release, "The demo depicts real-world, critical health care scenarios including clinician-asserted rights, purpose-based access ([such as] emergency access), patient-determined privacy preferences and consent directives, and flexible policy management.

Anil Saldhana, lead security architect of Red Hat's JBoss Division, said in the release: "As a leader in open source, we are committed to adoption of OASIS security standards, and we support industry interoperability efforts surrounding them. We are eager to showcase the applicability of standards and open-source technology to enable privacy and secure transmission in e-health care. The current demonstration allows Red Hat and our partners to show the power of open source and collaboration."