Скачать презентацию Integrating the Healthcare Enterprise Basic Security Robert Horn Скачать презентацию Integrating the Healthcare Enterprise Basic Security Robert Horn

1c92ac7094a9156a8515ecead8c8b844.ppt

  • Количество слайдов: 17

Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare Sept 13 -15, 2004 Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare Sept 13 -15, 2004 1 IHE Interoperability Workshop

Basic Security (SEC) Charge Posting Scheduled Workflow - Patient Info. Reconciliation Presentation of Grouped Basic Security (SEC) Charge Posting Scheduled Workflow - Patient Info. Reconciliation Presentation of Grouped Procedures NM Image Consistent Presentation of Images Post. Processing Workflow Evidence Docs Reporting Workflow Key Image Notes Simple Image & Numeric Reports Access to Radiology Information Portable Data for Imaging Basic Security Sept 13 -15, 2004 2 IHE Interoperability Workshop

Overview Security Requirements Actors and Transactions Sept 13 -15, 2004 3 IHE Interoperability Workshop Overview Security Requirements Actors and Transactions Sept 13 -15, 2004 3 IHE Interoperability Workshop

Security requirements Reasons: Clinical Use and Privacy Ø authorized persons must have access to Security requirements Reasons: Clinical Use and Privacy Ø authorized persons must have access to medical data of patients, and the information must not be disclosed otherwise. By means of procedures and security mechanisms, guarantee: Ø Confidentiality Ø Integrity Ø Availability Ø Authenticity Sept 13 -15, 2004 4 IHE Interoperability Workshop

Security measures Authentication: Establish the user and/or system identity, answers question: “Who are you? Security measures Authentication: Establish the user and/or system identity, answers question: “Who are you? ” Authorization and Access control Establish user’s ability to perform an action, e. g. access to data, answers question: “Now that I know who you are, what can you do? ” Sept 13 -15, 2004 5 IHE Interoperability Workshop

Security measures Accountability and Audit trail Establish historical record of user’s or system actions Security measures Accountability and Audit trail Establish historical record of user’s or system actions over period of time, answers question: “What have you done? ” Sept 13 -15, 2004 6 IHE Interoperability Workshop

IHE Goal IHE is establishing the first level of enterprise-wide security infrastructure for meeting IHE Goal IHE is establishing the first level of enterprise-wide security infrastructure for meeting privacy requirements (HIPAA, and like regulations world-wide). Sept 13 -15, 2004 7 IHE Interoperability Workshop

IHE Goal IHE makes cross-node security management easy: Ø Only a simple manual certificate IHE Goal IHE makes cross-node security management easy: Ø Only a simple manual certificate installation is needed. Ø Healthcare professionals are not hindered by ”complex” role based access control. However, policies may restrict them to ‘need to know information’. Ø Enforcement driven by ‘a posteriori audits’ and realtime visibility. Sept 13 -15, 2004 8 IHE Interoperability Workshop

Integrating trusted nodes • Local access control (authentication of user) • Strong authentication of Integrating trusted nodes • Local access control (authentication of user) • Strong authentication of remote node (digital certificates) • network traffic encryption is not required • Audit trail with: • Real-time access • Time synchronization Secured System Secure network System B System A Central Audit Trail Repository Sept 13 -15, 2004 9 IHE Interoperability Workshop

Secured Domain: integrating trusted nodes Other Actors Secured Node Actor Other Actors Central Audit Secured Domain: integrating trusted nodes Other Actors Secured Node Actor Other Actors Central Audit Trail Repository Other Actors Secured Node Actor Sept 13 -15, 2004 Secured Node Actor Time Server 10 Secured Node Actor IHE Interoperability Workshop

Secured Domain: Limited Administration Audit Trail/Time Server + CA for certificates to each node Secured Domain: Limited Administration Audit Trail/Time Server + CA for certificates to each node Other Actors Secured Node Actor Other Actors Central Audit Trail Repository Other Actors Secured Node Actor Sept 13 -15, 2004 Secured Node Actor Time Server 11 Secured Node Actor IHE Interoperability Workshop

Basic Security Integration Profile Actor and Transaction diagram All existing IHE actors need to Basic Security Integration Profile Actor and Transaction diagram All existing IHE actors need to be grouped with a Secure Node actor. Audit Record Repository Time Server Maintain Time Secure Node Sept 13 -15, 2004 Secure Node Authenticate Node 23 Record Audit Event “Any” IHE actor IHE Interoperability Workshop

Basic Security Integration Profile Actor grouping rules If an actor wants to support the Basic Security Integration Profile Actor grouping rules If an actor wants to support the Basic Security Profile, this actor shall be grouped with a secure Node actor. All actors grouped with a Secure Node actor in an implementation must support the Basic Security Profile. Sept 13 -15, 2004 24 IHE Interoperability Workshop

Authenticate Node transaction X. 509 certificates for node identity and keys TCP/IP Transport Layer Authenticate Node transaction X. 509 certificates for node identity and keys TCP/IP Transport Layer Security Protocol (TLS) for node authentication, and optional encryption Secure handshake protocol of both parties during Association establishment: Ø Identify encryption protocol Ø Exchange session keys Actor must be able to configure certificate list of authorized nodes. Sept 13 -15, 2004 25 IHE Interoperability Workshop

Record Audit Event transaction The BSD Syslog protocol (RFC 3164) for Audit Records Audit Record Audit Event transaction The BSD Syslog protocol (RFC 3164) for Audit Records Audit trail events and content, no standard available at the time of writing. IHE in Technical Framework : Use IHE defined XML Schema for defined content in payload of Syslog message Sept 13 -15, 2004 27 IHE Interoperability Workshop

IT Infrastructure – Secure Node The Radiology Basic Secure Node is also an IT IT Infrastructure – Secure Node The Radiology Basic Secure Node is also an IT Infrastructure Secure Node, but IT Infrastructure adds: Ø Use of reliable syslog as an option Ø Audit messages defined by IETF, HL 7, and DICOM. These accommodate more than just radiology uses. The secure node may use either format. Sept 13 -15, 2004 28 IHE Interoperability Workshop

More information…. IHE Web sites: http: //www. himss. org/IHE http: //www. rsna. org/IHE http: More information…. IHE Web sites: http: //www. himss. org/IHE http: //www. rsna. org/IHE http: //www. acc. org/quality/ihe. htm. Technical Frameworks: • ITI V 1. 0, RAD V 5. 5, LAB V 1. 0 Technical Framework Supplements - Trial Implementation • • May 2004: Radiology August 2004: Cardiology, IT Infrastructure Non-Technical Brochures : • • • Calls for Participation IHE Fact Sheet and FAQ IHE Integration Profiles: Guidelines for Buyers IHE Connect-a-thon Results Vendor Products Integration Statements Sept 13 -15, 2004 30 IHE Interoperability Workshop