CalPSAB Security Committee
The California Privacy and Security Advisory Board (CalPSAB) Security Committee will develop and propose security standards for the protection of electronically exchanged health information. The standards will define the level of protection health care entities and their systems that exchange health information will conform. The standards will also serve to provide entities specific and clear guidance on the level of protection necessary for their information systems that engage in electronic health information exchange. The Security Committee will also address security practices and functions that may impede the progress of interoperable electronic health information exchange. The Security Committee’s primary tasks are:
- Examine national security standards promulgated by Standards Development Organizations (SDOs) applicability to interoperable electronic health information exchange in California,
- Identify security standards gaps for California not addressed by national standards,
- Recommend security standards for California to the Privacy & Security Advisory Board (PSAB), and
- Develop an implementation strategy for the proposed solutions.
Security Committee Co-Chairpersons:
Task Groups
The Security Committee formed task groups to focus on specific security issues. To date, the following task groups have been appointed:
Baseline Standards Task Group
Co-Chairpersons/Contacts:
The Baseline Standards Task Group was formed to evaluate core existing sets of security standards including Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology Standards Panel (HITSP), International Organization for Standardization (ISO), Payment Card Industry (PCI), and National Institute of Standards and Technology (NIST). It will recommend a single or blended set of existing security standards that will form a base for security standards analysis and proposals.
Device and Media Controls Task Group
Chairpersons/Contacts:
The Device and Media Controls Task Group was formed to identify a standard for protecting health information that may be stored in portable computing devices such as laptops, portable digital assistants (PDA), and smart phones. In addition, media is being addressed that includes but are not limited to: USB flash drives, compact disks, floppy diskettes for entities participating in interoperable health information exchange in California.
Access Control Task Group
Co-Chairpersons/Contacts:
The Identity Management and Authentication Task Group was formed to analyze and recommend the most efficient and effective standards for identity management and authentication to safeguard the electronic exchange of individual health information.
Applicability Joint Task Group
Co-Chairpersons/Contacts:
The Applicability Task Group was formed to determine how to apply electronic health information exchange (eHIE) standards to safeguard an individuals’ health information. The task group is currently deciding from four alternatives how entities will apply the standards. The four options under consideration are applying the standards: 1) based on data fields; 2) based on categories of data use; 3) to HIPAA-covered entities only; or 4) to all entities who handle individually identifiable health information. Additionally, the task group will consider a blend of various alternatives.
For more information on the CalPSAB Security Committee, please contact CalOHI:
Elaine Scordakis
Security Committee Manager
1600 9th Street Suite 460
Sacramento, CA 95814
Phone: 916-651-8066
Email: escorda1@ohi.ca.gov