press release | April 2, 2009


NAPLES, FL – April 2, 2009 – HIPAAT International Inc. (HIPAAT), provider of consent management and security auditing solutions to the healthcare industry, today announced it will introduce its enhanced privacy solution in booth 6864 at the Healthcare Information and Management Systems Society (HIMSS) Annual Conference, April 5-8, 2009 in Chicago. The vendor-neutral solution leverages industry standards to enable the creation, management, validation and enforcement of health information privacy policies for health data sharing.

myConsentMinder is HIPAAT’s new Web-based, consumer-facing privacy repository. It allows consumers to record their privacy policies using conventional, user-friendly forms. To access myConsentMinder, individuals will typically log in through a personal health record or patient portal. They will then create, edit and store their privacy preferences, which are expressed in OASIS eXtensible Access Control Markup Language (XACML) and Health Level 7 (HL7) standards. From these specialized consent templates, standards-based access rules and policies are created and can be applied in any health information exchange (HIE) environment.

Privacy eSuite, HIPAAT’s consent engine, has been enhanced to support the XACML/HL7 protocol for personal health information (PHI) access control. This is accomplished through two service-oriented architecture (SOA)-based Web services: a Consent Management Service that enables consumer, organizational and jurisdictional privacy rules to be created and administered, and a Consent Validation Service that adjudicates PHI access requests.

Privacy Manager is a point of service software application that integrates with clinical applications through context management or via application interface to enforce privacy policies. It too has been enhanced to support XACML/HL7.

HIPAAT’s Universal Audit Repository (UAR) is a standards-based repository that logs all access – and attempted access – to PHI. V2.0 is Java-based, providing more sophisticated, customizable search and report capabilities and a more powerful user interface. The UAR provides automatic, immediate breach reporting of override (unauthorized) access to PHI.

Next on the product roadmap is the Java Consent Validation Interface (JCVI). The JCVI is a Java-based toolkit allowing electronic medical record (EMR)/electronic health record (EHR) solutions to communicate with outside Consent Validation Services to become further ‘privacy aware’ of patient, organizational and jurisdictional policies. The JCVI is based on XACML/HL7 standards.

“The pressing mandate for EHRs, most recently highlighted by the American Recovery and Reinvestment Act (ARRA), reinforces the need for patient privacy protections in health information exchange,” said Terry Callahan, HIPAAT managing director. “Consumers must have privacy choices for EHRs to be successful, and providers must be confident they’ll have access to the PHI they need to treat their patients. Each of our standards-based components takes that balance into account, from consumer consent policy creation through to policy enforcement at the point of care.”



HIPAAT provides consent management and security auditing solutions to healthcare. Our SOA-based software balances consumer information privacy with the clinical need to access personal health information. Our interoperable, standards-based approach enables stakeholders at all levels of health data exchange to implement, audit and enforce patient, organizational and jurisdictional privacy policies. For more information, visit

Media contact:
Christine Callahan
Direct: (905) 891-8540

Release date: April 2,2009