Re: IT security specification and evaluation support for OMG healthcare DTF

[Konstantin Beznosov <beznosov@baptisthealth.net>]

Mary,

BHS is working on its CPR security architecture. HRAC is a part of the work.
Another part is the work with various healthcare standard groups in order to
make sure our architecture is aligned with the upcoming requirements and
standards in healthcare security. I'll be representing BHS at the meeting
mentioned below. If CORBAmed is looking for representation at the meeting too,
I'll be glad to serve as CORBAmed rep at the meeting.

Please let me know.

Konstantin

> Dear Ms. Kratz,
> 
> Regardless as to whether there may be an opportunity to schedule a NIAP
> presentation at the upcoming November OMG CORBAmed meetings in Burlingame
> CA (see attached copy of previous email request), I would like to bring to
> your attention an upcoming healthcare-related matter that hopefully is of
> significant interest to some members of the CORBAmed group and that would
> be covered as part of any NIAP presentation to CORBAmed. In particular, the
> HOST organization (Healthcare Open Systems and Trials) in Washington DC is
> looking to organize the many facets of the healthcare community in order to
> address the security needs of healthcare Information Technology (IT) in a
> consistent, comprehensive and common way that can benefit, and be re-used
> and refined as needed across, the entire healthcare community. As I
> understand it, HOST believes that what is key is
> 
>    - development of a common healthcare IT security
>      architecture,
> 
>    - development and use of Common Criteria (CC)-based
>      specifications of required healthcare IT security
>      functionality as well as required levels of assurance
>      that such functionality is implemented and behaving
>      correctly, and
> 
>    - use of CC-based testing, evaluation and validation of
>      security-enhanced IT products targeted for the
>      healthcare industry.
> 
> To these ends, HOST and NIAP are co-sponsoring a kick-off meeting on
> November 18 at the National Institute of Standards and Technology (NIST) to
> begin catalyzing a healthcare-community-wide effort. Representatives of
> many different healthcare-related organizations are expected to participate
> in this meeting. Of course, you and other CORBAmed leaders are welcome to
> attend. NIST is located in Gaithersburg, MD in the suburban Washington DC
> area.
> 
> Some of the matters to be addressed at this meeting include:
> 
>    - developing a better community-wide understanding of the
>      scope of healthcare security problems and concerns
>      pertinent to IT solutions for healthcare business
>      systems and healthcare medical systems,
> 
>    - developing a better understanding of what are the
>      important healthcare domains that have security needs
>      and how the security needs of domains that need to
>      interact are related,
> 
>    - beginning to develop a community-wide understanding of
>      the roles and benefits that CC-based specification,
>      testing, evaluation and validation can provide in
>      helping to solve healthcare IT security problems,
> 
>    - developing an understanding of why a healthcare-
>      community-wide effort may be beneficial and perhaps
>      necessary for providing cost-effective solutions to IT
>      security problems,
> 
>    - examining the feasibility of starting a healthcare-
>      community-wide Forum, convened and sponsored by HOST,
>      that could be the focal point for defining community-
>      wide common security architectures, defining the
>      taxonomy of healthcare IT security problems, and
>      leveraging CC-based technology and services to
>      facilitate the specification, implementation,
>      evaluation, validation, and acquisition of
>      solutions to healthcare IT security problems,
> 
>    - identifying what organizations (e.g., specific vendors,
>      consortia, healthcare organizations, government
>      agencies, standards bodies, the public, etc.) are needed
>      to be the key contributors and collaborators to maximize
>      the success of such a Forum; and, beginning to develop
>      an understanding of what roles each such organization
>      can play,
> 
>    - relative to such a Forum, developing a community-wide
>      consensus of what should be the Forum's mission, goals,
>      activities, organizational structure, relationships to
>      other healthcare organization, etc.,
> 
>    - identifying how to assemble and analyze information
>      about variables may impact the Forum's efforts, such as
>      (a) applicable and pending healthcare policies and
>      recommendations, (b) classes of healthcare systems,
>      environments and data to be safeguarded, (c) applicable
>      and emerging standards, (d) healthcare community-wide
>      and domain-specific threats and corresponding security
>      objectives to counter threats, (e) existing pertinent
>      laws and regulations, as well as the spirit and intent
>      of pending legislation.
> 
> 
> It is my sense that some of the work of the OMG CORBAmed DTF can be
> essential components of the healthcare-community-wide efforts that HOST is
> looking to convene. I can send you details about the time and location of
> this meeting if you'd like.
> 
> If you have any questions or comments, please don't hesitate to contact me
> electronically, or by phone at 978-922-6586. If possible, I look forward to
> presenting more information at the November, or some subsequent, CORBAmed
> meeting.
> 
> Best regards,
> Paul J. Brusil, Ph.D
> NIAP Consulting Scientist




----------------
Broadcast message to hrac-rfp from Konstantin Beznosov <beznosov@baptisthealth.net>.
Go to http://cadse.cs.fiu.edu/omg/hrac-rfp to browse the mail list archive.