Monday, 21 December 2009

EU healthcare - interoperable eHealth - legal framework

Following the recent OASIS standards for interoperable e-health data authorisation, access and information exchange I thought I'd also mention a document which doesn't seem to have received much attention.

An EU-commissioned Study on the Legal Framework for Interoperable eHealth in Europe SMART 2007/0059 was issued on 15 September 2009. It "mainly provided a better insight in the relevant legal framework of the Member States and emphasized the complexity of the issues".

To quote from the summary, its aim was (emphasis added):

"to identify and analyse the legal and regulatory framework for electronic health services in the EU Member States and for cross-border services when provided via eHealth applications, in particular in the areas of electronic health records, telemedicine and e-prescription. The report contains the analysis and assessment of the information collected in the Member States and draws some conclusions and recommendations. The study shows that it is absolutely necessary to invest in further legal study in this field. More in-depth legal analysis is, for instance, urgently needed with regard to the upcoming national legislation with regard to electronic health records. Better insight in the current legal discussions on this topic in the Member States should feed the discussion on a European scale and prevent additional fragmentation. The same effort is without any doubt also needed in the areas of telemedicine and ePrescription."

As well as summarising healthcase systems in EU member states, the legal and regulatory framework for the healthcare profession, processing of personal health data as personal data and data protection in that context, and patients' rights including human rights, it also (as you'd expect from their summary) looks at the regulatory frameworks for e-health in member states relating to electronic health records or electronic patient records, telemedicine and electronic prescriptions.

See more on EU ehealth studies.

Labels: , , , , , , ,
Posted by W. (Like M. But upside down) at Monday, December 21, 2009
Bookmark and Share
0 comments Links to this post

Saturday, 19 December 2009

OASIS - Healthcare Data Security & Privacy Authorization & Access Control Standards approved

The web services open standards group OASIS, an industry body which has done a lot of good work agreeing and promulgating technological standards, has just approved two new healthcare industry-related technology standards for health information interoperability i.e. access to healthcare data across different organisations, both as of 1 November 2009:

  1. the Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of the Security Assertion Markup Language (SAML) for Healthcare, version 1.0
    • a framework designed to provide access control interoperability in the healthcare environment via cross-enterprise security and privacy authorization (XSPA), using SAML assertions with common semantics and vocabularies in specified exchanges
    • aimed at satisfying requirements for information-centric security within the healthcare community; will enable hospitals and other service providers to validate requests for information access, allowing user attributes to be matched against the security policies related to user location, role, purpose of use, data sensitivity, and other relevant factors
    • includes a privacy policy that enforces patient preferences, consent directives and other privacy conditions (object masking, object filtering, user, role, purpose, etc.)
  2. the XSPA Profile of the eXtensible Access Control Markup Language (XACML) for Healthcare, version 1.0
    • a cross-enterprise security and privacy profile that describes how to use XACML to provide a mechanism to exchange security and privacy policies, evaluate consent directives and determine authorizations in an interoperable manner
    • i.e. describes mechanisms for authenticating, administering, and enforcing authorisation policies which control access to protected information residing within or across enterprise boundaries, thus promoting interoperability within the healthcare community by providing common semantics and vocabularies for policy enforcement.

For non-technical lawyers - the references to "security policies" and "privacy policies" here are used not so much in the sense of what people normally understand as "privacy policies" and the like, but rather as means to clearly represent and automatically check and enforce through technology the underlying policies or rules in the traditional sense.

These new standards set out a framework and means for exchanging data securely and consistently with any privacy policies, but (as with the ISTPA Privacy Management Reference Model) they still need to be implemented technically to see use.

No doubt the members of OASIS, who include IBM, Sun Microsystems, AOL, Boeing, Booz Allen Hamilton, CA, Cisco, EMC, HP, Intel, Jericho Systems, Neustar, Nokia, Oracle, Red Hat, SAP, Skyworth TTG, U.S. Veterans Health Administration and others, will be amongst the first to do so.

Labels: , , , , ,
Posted by W. (Like M. But upside down) at Saturday, December 19, 2009
Bookmark and Share
0 comments Links to this post

Friday, 18 December 2009

Google London recruiting lawyer

I see, even in these times of cutbacks and mass redundancies in UK and US law firms, that Google London are looking for another associate legal counsel.

Interesting - and a sign perhaps that things are still good at Google? It's for a transactional lawyer too, not a litigator.

But they want "experience drafting and negotiating contracts for technology and media clients" - so that rules me out then, although I could have ticked all the other boxes.

No commission or finders' fee necessary, if you heard about the job from me and get it, you can always treat me to a cuppa sometime…

Labels: ,
Posted by W. (Like M. But upside down) at Friday, December 18, 2009
Bookmark and Share
0 comments Links to this post

Thursday, 17 December 2009

France - Sarkozy's party in copyright breach music video

It's ironic and not a little amusing that this excruciating (and excruciatingly funny) "lip dub" video featuring lip synching politicians from the UMP party of French President Nicolas Sarkozy was produced and released without obtaining copyright permission for the use of the song, so they'll now have to cough up! (It seems the copyright owner had refused consent when they tried to clear the rights, but they went ahead anyway.)

Sarkozy was of course behind France's controversial three strikes law for disconnecting copyright infringers from the internet.

I make no comment on the quality of the lip synching or the dancing. You'll have to decide for yourself whether you'd rather have had your internet access cut off than watch it!

Via Techdirt.

Labels: , , ,
Posted by W. (Like M. But upside down) at Thursday, December 17, 2009
Bookmark and Share
0 comments Links to this post

Digital Britain - December 2009 update released

The UK Department for Culture, Media & Sport (DCMS) have issued Digital Britain - Implementation Update (PDF), December 2009.

This reports on the progress in implementing the recommendations in the June 2009 Digital Britain White Paper - not just the Digital Economy Bill (which got only a brief mention) but the many other projects to take forward the various measures e.g. digital inclusion and access to public data (on which see, if you've not come across it yet, the Smarter Government site which includes sections on 1.3 Radically opening up data and promoting transparency and 2.3 Harnessing the power of comparative data).

See generally the Digital Britain sub site.

Labels: , , , ,
Posted by W. (Like M. But upside down) at Thursday, December 17, 2009
Bookmark and Share
0 comments Links to this post
Subscribe to: Posts (Atom)