Hello Privacy and Security WG,
In preparation for our April 10th meeting, we have several follow-up items to consider from our last meeting:
Concrete Examples: There was consensus on the need for concrete examples to develop policy documents and guidelines tailored to OHIE’s focus and objectives. This included example documents and policies
Risk Assessment and Management: Participants emphasized the importance of starting privacy and security efforts with comprehensive risk assessment and management processes. There are a number of examples to leverage, such as NIST, HITRUST, ENISA, etc
Capacity Building and Awareness: The meeting highlighted the importance of developing capacity and raising awareness about privacy and security issues, particularly in regions where there is limited focus on these aspects despite existing legislation.
Support for Implementations: Participants sought recommendations and support for implementing security frameworks in live environments, highlighting the need for expertise and guidance, particularly in interoperability projects.
Please take some time in the next couple weeks and compile any examples, policies, etc that you would like to highlight!