IHE+SDC+Profile+-+Change+Proposal

include component="page" wikiName="siframework" page="Structured Data Capture Header"

**Instructions:**

 * Based on recent discussions with the Public Health Team and within the SDC Community, the following security consideration changes (in italics) are proposed:
 * Current Security considerations:
 * SHALL use TLS v1.0 or greater in order to provide a secure channel
 * SHALL use IHE ATNA for Node Authentication and Recording Security Audit Events
 * Proposed Changes
 * Secure Channel
 * When transmitting PHI (Personally Identifiable Healthcare Information) or other confidential information over an unsecured channel, systems **SHALL** use TLS or other equivalent secure transport protocols (determined to be sufficient through risk analysis) to provide a secure channel
 * TLS implementations SHALL be at least as tight as NIST 800-52 //Guideline, Configuration and Use of TLS// (Requires a minimum of TLS 1.1 and move to TLS 1.2 starting in 2015)
 * TLS implementations **SHALL** use IHE ATNA guidelines for Node Authentication
 * When communicating without PHI or over a secured channel, systems **SHOULD** use TLS as above to provide defense in-depth and ensure transaction integrity.
 * Systems SHALL use IHE ATNA for Recording Security Audit Events
 * When evaluating security of alternative channels, transport protocols, user authentication, etc., a risk analysis SHOULD be performed and documented using NIST 800-30 guidelines of their equivalent

> If you have any questions regarding the conformance statements please contact: **Vijay Shah** at vshah@jbsinternational.com
 * If you would like to vote or leave a comment, fill out the sections of the form below
 * Once you have made your comment select the **Submit** button
 * Your vote / comment will be added to the list in the order it was received (//Comments may take a minute to appear in the table below. Refresh your browser to view your comment)//
 * Please note the due date to vote for this change proposal is **Wednesday, September 9, 2015 at 5:00 pm Eastern.**

media type="custom" key="27767599"

include component="page" wikiName="siframework" page="Structured Data Capture Contacts" include component="page" wikiName="siframework" page="space.template.inc_contentleft_end"