PMRM TC Emergency Responder Use Case Draft: 2 Aug 2011

PMRM TCEmergency Responder Use Case

Draft: 2 Aug 2011

Copyright © 1999-2010 International Security Trust and Privacy Alliance (ISTPA)

Privacy Management Reference Model Services

Core Policy Services Agreement- agreements, options, permissions Control – policies – data management

Presentation and Lifecycle Services Interaction - manages data/preferences/notice Agent - software that carries out processes Usage - data use, aggregation, anonymization Access - individual review/updates to PI

Privacy Assurance Services Certification - credentials, trusted processes Audit - independent, verifiable accountability Validation - checks accuracy of PI Enforcement - including redress for violations


Syntax for each Service: Functions DEFINE [SVC] operational requirements SELECT [SVC] (input, process, and output) data and parameters INPUT [SVC] data and parameter values in accordance with

Select PROCESS [SVC] data and parameter values within Functions OUTPUT [SVC] data, parameter values, and actions LINK [SVC] to other (named) Services SECURE [SVC] with the appropriate security functions

•Each USE CASE invokes a sequence of Service “calls”

•Each Service call executes a sequence of Functions (drawn from these seven Function categories)


Emergency Responder Use Case: On Site Care

ACTOR:

ECS

PI-In

[detailed PI required]

Source (Actor) Requirements Services

Incident Report External sources ECS Privacy and Security Policy

jurisdictional regulations OnStar

Security Control Audit Interaction Validation Usage Certification

Situational Awareness Report

External Sources ECS Privacy and Security Policy

jurisdictional regulations OnStar


Patient EHR Information

Service Provider and other Healthcare systems

HIPAA security and privacy rules HITECH 3rd party inherited policy

agreements

Security Control Audit Interaction Validation Certification Usage

Situation Assessment

On-site Care/Incident Commander

General scene information None

Data Flows TO a Single Actor (ECS) with PMRM Service Invocations

ECS Incident Report External sources ECS Privacy and Security Policy jurisdictional regulations OnStar


Consider one ‘row’ in the table:

External Source connects to the ECS SECURITY: establish confidential communication (encryption)

CERTIFICATION: check External Source credentials INTERACTION: Provide privacy notice to the External Source, if appropriate

Incident Report is transmitted to the ECS VALIDATION: check the PI for reasonableness, veracity, and relevance, possibly against other sources

CONTROL and USAGE: Store the PI, together with all appropriate permissions for subsequent PI use

AUDIT: record the receipt of the PI and Incident Report

Tabular, time-line flow of Service invocations:

Services Operational Requirements

Time Line

ECS Situational Awareness Report

External Sources ECS Privacy and Security Policy jurisdictional regulations OnStar


External Source connects to the ECS SECURITY: establish confidential communication (encryption)

CERTIFICATION: check External Source credentialsINTERACTION: Provide privacy notice to the External Source, if appropriate

Situation Awareness Report is transmitted to the ECS

VALIDATION: check the PI for reasonableness, veracity, and relevance, possibly against other sources


AUDIT: record the receipt of the PI and Situation Awareness Report


Time Line

Additional Row:

Question: Separate analysis needed for each policy domain (eg, OnStar)?

ECS Patient EHR Information

Service Provider and other Healthcare systems

HIPAA security and privacy rules HITECH 3rd party inherited policy agreements

Security Control Audit Interaction Validation Certification Usage

ECS connects to Service Provider and other Health Care Systems

SECURITY: establish confidential communication (encryption)

CERTIFICATION: mutually check credentials

INTERACTION: Provide privacy notice to the Provider/other Systems, if appropriate

Patient EHR is transmitted to the ECS VALIDATION: check the PI for reasonableness, veracity, and relevance, possibly against other sources


AUDIT: record the receipt of the PI and Patient EHR


Time Line

Additional Row:

ECS Situation Assessment On-site Care/Incident Commander

General scene information None (?)


Time Line

Additional Row:

On site Commander records general scene information in the Situation Assessment

SECURITY: establish confidential communication or log-in (encryption)

CERTIFICATION: mutually check credentials

INTERACTION:

Any PI contained in general scene information?

VALIDATION: check the PI for reasonableness, veracity, and relevance, possibly against other sources


AUDIT: record the receipt of the PI and Situation Assessment

Data Flows FROM a Single Actor (ECS) with PMRM Service Invocations

Actor:

ECS

PI-Out Destination (Actor) Requirements

[

Services

Incident Report:

PI Instance and enhancements

On-site Care/Incident Commander System

ECS Privacy and Security Policy Jurisdictional regulations

Security Control Audit Interaction Validation Usage

Situational Awareness Report On-site Care/Incident Commander System

ECS Privacy and Security Policy

-

Jurisdictional regulations

Security Control Audit Interaction Validation Usage

Patient Data Request Service Providers and other healthcare systems

HIPAA security and privacy requirements Unique healthcare system requirements

Security Control Audit Interaction Validation Certification Usage Enforcement

Health Information from Devices Service Providers and other healthcare systems

HIPAA security and privacy requirements Unique healthcare system requirements

Security Control Audit Interaction Validation Certification Usage Enforcement

Virtual Consult On-site Care/Incident Commander System

Virtual Consult On-site Care/Incident Commander System

- examine each row of the OUT table, in turn; then,- Move to each Actor, analyzing the IN/OUT flows

Where Does the Reference Model Fit?


Privacy Management Reference Model

Documents

PMRM TC Emergency Responder Use Case Draft: 2 Aug 2011