New committee to specify healthcare security, privacy data exchange standards
OASIS, an international open standards consortium, has formed a new group to standardize the way healthcare providers, hospitals, pharmacies and insurance companies exchange privacy policies, consent directives and authorizations within and between healthcare organizations.

The OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) technical committee will specify healthcare profiles of existing OASIS standards to support reliable, auditable methods of confirming personal identity, official authorization status and role attributes.

The committee’s work aligns with security specifications being developed within the U.S. Healthcare Information Technology Standards Panel (HITSP), a partnership between the public and private sectors working to ensure the interoperability of EHRs in the United States.

David Staggs, co-chair of the OASIS XSPA committee, said that while the primary focus of the work will center on the HITSP interoperability specifications, the committee expects XSPA will have broad applicability to health communities beyond government regulated transactions and intends to solicit use cases from other instances of cognate data exchanges—particularly in healthcare privacy contexts.

XSPA will be offered for implementation on a royalty-free basis; participation in the technical committee remains open. Archives of the work will be accessible to both members and non-members, and OASIS will offer a mechanism for public comment, the committee said.