- What Works? What doesn't Work? What do we need to know? What do we need to create? (3M5F)
- Who has access and at what levels? (3M7Q)
- Where do you store this - even physical security of buildings - and replication (3M7T)
- Right decisions on capabilities (3M7U)
- does failure propagate through the grid? (3M7V)
- HIPAA, FISMA - policy constraints that designs need to meet - do we understand the goals? (3M7W)
- How measure compliance? (3M7X)
- This is a nasty problem and very complex (3M7Y)
- OS enables you to know what's going on (3M7Z)
- As people take ownership of help care and policies are achieved for EHR by 2014 - need to look beyond - privacy and security as a community service - fund and collaborate on health and bioinformatics grid (3M81)
- NEED to Know: (3M82)
- need prospective approach with all the stakeholder to access and act on risk (3M83)
- need to prevent fraud and abuse and have stronger approaches (3M84)
- (3M89)
- prevent being able to use information for blackmail (3M8A)
- (3M8D)
- no one silver bullet - lots of layers of defense - containment policy (3M8E)
- (3M8F)
- Social Networking discussion around creating safe spaces - MySpace postings that could haunt someone's future - Is this a topic with the emerging health networks (3M8G)
- (3M8H)
- patients are concerned about discrimination by insurance companies (3M8I)
- heard recently -- $900 street value of health record vs. $6 credit card (3M8J)
- make sure all stakeholders are involved - security too often treated as afterthought (3M8K)
- NIST guidelines are good - but scalable to grid - Is this realistic? (3M8L)
- need strategic infrastructure - need cyber-tooling - credentialling physicians, researchers (3M8M)
- role/relevance of HSPD 12? e-authentication being integrated with SAFE, DoD (3M8N)
- promising (3M8O)
- international grid trust federation - including America's gid managment authority (3M8P)
- (3M8S)
- need consent for peer sharing - how this relates to confidentiality (3M8T)
- (3M8U)
- Federal bridge - How certify the portals that will b engaged - nasty problem (3M8V)
- Will this approach scale (can heavy-weight processes scale?) (3M8W)
- What is public trust for an individual? (3M8X)
- What is a trusted network? (3M8Y)
- What are risks/ consequences when something goes wrong? (3M8Z)
- Needs to be consortia effort - needs consensus (3M90)