ABSTRACT
Abstract Some of the challenges of the 1st Wave of healthcare IT systems are related to their poor security features. The laws have created a patchwork, and healthcare has not leveraged the many years of experience from other industries. Major inhibitors to patient-consumer use of one website or an associated set of websites are the variety of privacy notices, the patient’s-consumer’s concern about how the data will be used and protected, and the confusing and complex presentation of all that complex information. Security, privacy, and consent policies invariably get lawyers involved who create complex protection documents. They may be necessary, but a new framework is needed that presents the information in a way that a normal patient-consumer and advocate can understand. Over the last 10 years, an annual Privacy and Usability conference has been organized, and the concepts have been maturing; but these concepts now need to be applied in patient-consumer health communities and associations. The Federal Enterprise Architecture (FEA) Security and Privacy Policies and a set of NIST complex guidelines have been integrated into a Health Ecosystem Security-Privacy-Consent Architecture that can be used in the other
chapters of this book; this information should be presented to the Health and Human Service work groups and standards organizations to fit with the shift to patient and consumer focus.
