Secure Medical Information Exchange MIX System Sead Muftic

Secure Medical Information Exchange (MIX™) System Sead Muftic SETECS Medical Technologies E–mail: sead. muftic@setecs. com Tel: 240– 535– 2095 ® ™ SETECS MIX System Secure Medical Information Exchange System January 2011 1

SETECS® MIX™ System Overview of the Presentation : 1. ) Current situation (needs and requirements) 2. ) Technologies 3. ) MIX™ concept, architecture, and components 4. ) MIX™ administration and smart cards management 5. ) MIX™ operations and use 6. ) Deployment steps 7. ) Next phase: potential extensions 2

SETECS® MIX™ System Overview of the Presentation : 1. ) Current situation (needs and requirements) 2. ) Technologies 3. ) MIX™ concept, architecture, and components 4. ) MIX™ administration and smart cards management 5. ) MIX™ operations and use 6. ) Deployment steps 7. ) Next phase: potential extensions 3

SETECS® MIX™ System – UP Michigan Project Current Situation : – 14 participating hospitals (coordinated by the UPHCN) –. . . some have EMR, some do not – – Four different EMR vendors: Mc. Kesson, Meditech, CPSI, Healthland. . . all four EMR products: proprietary and not interoperable. . . some EMR products functionally complete, some not. . . additional IT products in use – – – Security: either does not exist or based on weak mechanisms. . . no PKI or smart cards. . . only local, not applied to inter–domain transfers – No automated synchronization and transfers of data and documents – Weak compliance to medical standards (HIPAA, etc. ) 4

SETECS® MIX™ System – Response to Requirements Needs and Requirements : – Reliable and unique registration of patients – Accurate authentication of patients (based on biometrics) – Collection and distribution of demographic, medical, administrative, financial, and other data in each hospital – Sharing and transfers of data between hospitals – Registration and authentication of all professionals in each hospital – Authorization of professionals when accessing and using medical data – Protection of sensitive data (stored in databases and in transfer) – Protection of medical documents in storage, transfer, and use Overall goal (Federal IT Strategic Plan) : Objective 1. 1 – Privacy and Security: Facilitate electronic exchange, access, and use of electronic health information while protecting the privacy and security of patients’ health information Objective 1. 2 – Interoperability: Enable the movement of electronic health information to where and when it is needed to support individual health and care needs 5

SETECS® MIX™ System – Highlights and Features Accurate Patient Identification System and Process Compliance with National Standards Electronic Exchange of Medical Information Secure Method of Accessing and Transferring Data Scalable Network Compatibility with each Site’s Existing EMR Implementations Role-based Access Control within a Federated Network 6

SETECS® MIX™ System – Properties SETECS® MIX™ System 1. ) Based on medical IT and Internet security standards and technologies 2. ) Functionally and architecturally complete solution 3. ) Several components in each hospital, linked and combined with existing EMR products 4. ) MIX™ infrastructure: Regional/Group servers and Global MIX™ Server 5. ) Modular and extendible 6. ) Easy to install, administer and maintain 7

SETECS® MIX™ System Overview of the Presentation : 1. ) Current situation (needs and requirements) 2. ) Technologies 3. ) MIX™ concept, architecture, and components 4. ) MIX™ administration and smart cards management 5. ) MIX™ operations and use 6. ) Deployment steps 7. ) Next phase: potential extensions 8

SETECS® MIX™ System – Standard Technologies Medical IT and Security Technologies : 1. ) HL 7 Standard : messaging system 2. ) MIX™ SQL database 3. ) Smart card technologies 4. ) Public–Key Infrastructure (PKI) 5. ) Secure Web Services 6. ) CCR / CCD Standards 9

SETECS® MIX™ System – HL 7 Adapters 10 HL 7 Standard : Messaging System HL 7 message System A Header Segments System B HL 7 APIs Data Segments Data Attributes HL 7 message Data Types (Compound and Simple) HL 7 Adapter

SETECS® MIX™ System – Comprehensive SQ Database 11 MIX™ SQL Database HL 7 message System A System B MIX™ DB Header Segments MIX™ DB Data Segments DB Table (Normalized) Data Attributes DB Table (Un-normalized) MIX_Person DB Table (Normalized) MIX_Patient

SETECS® MIX™ System – Database Tables MIX™ SQL Database – Coding tables 12

SETECS® MIX™ System – DB Adapter 13 MIX™ SQL Database – Data tables All HL 7 Segments Normalized Optimized MIX Server MIX™ DB Data Attributes HL 7 message HL 7 Adapter

SETECS® MIX™ System – Patients’ and Providers’ Smart Cards 14 Smart Card Technologies Role: Provider. Institution: SETECS, Inc. Issued: 2009 FEB 01 Expires: 2012 FEB 01 John Smith MIX Number: 123 -456 -7890 SMITH, A. JOHN Issued: 2009 -FEB-12 Patient Smart Card Data: demographic, medical, photo, fingerprint, three certificates, security data Provider Smart Card Readers SETECS 256 K PIV Smart Card

SETECS® MIX™ System – CA Server in Hospitals 15 Public–Key Infrastructures – Issuing CA Server Request DB Response User Client Web Server

SETECS® MIX™ System – Large Scale PKI 16 Public–Key Infrastructures – Multiple Domains Top CA Policy CA Regional CA Hospital CA Server User Client User Server Client Server

SETECS® MIX™ System – Single Sign–On, SAML Ticket 17 Secure Web Services Central Server (PDP) Web Services (SAML – PDP) 5 SAMLRes 4 Application Server (PEP) 12345678 Single Sign On A-1 1 SAMLReq 3 A-2 WSS ticket 2 Web Services (SAML – PEP) 6 A-3

SETECS® MIX™ System – Standard Documents 18 CCR / CCD Standards CCD Format (XML standard) CCR Format Hospital MIX Server Doctor EMR Server

SETECS® MIX™ System Overview of the Presentation : 1. ) Current situation (needs and requirements) 2. ) Technologies 3. ) MIX™ concept, architecture, and components 4. ) MIX™ administration and smart cards management 5. ) MIX™ operations and use 6. ) Deployment steps 7. ) Next phase: potential extensions 19

SETECS® MIX™ System – MIX™ Components in Hospitals 20 MIX™ System in A Hospital MIX Server Admin Station Security Card MIX Admin MIX DB Admin Server Portal Server EMR Interface Hospital MIX SC Station Hospital MIX Medical Stations EMR Medi. Tech Smart Card Admin EMR Mc. Kesson EMR Health. Land EMR CPSI MIX Smart Cards Station Doctor Security Card Nurse Security Card Admin Security Card

SETECS® MIX™ System – Security System in Hospitals Security System in A Hospital Security Server IDMS CA/PKI AAA Security Server Admin Station Security Admin Hospital MIX Server Admin Station Security Card MIX Admin MIX DB Admin Server Portal Server EMR Interface Security Card 21

SETECS® MIX™ System – HIE MIX Server MIX™ System in A Regional / Group Center HIE MIX Server (Regional) Group X-PID HIE MIX Server Admin Station Security Card MIX DB Admin MIX Admin Info Med Docs and Data HL 7 Interface Med Docs and Data Hospital MIX Server MIX DB Admin MIX DB Med Info EMR Interface Admin Med Info EMR Interface 22

SETECS® MIX™ System – Global MIX Server 23 Global MIX™ Server PKI Global MIX Server HL 7 Unique Tables PIDs Med Docs and Data Global X-PID Group MIX Server Hospital MIX Server Patient Hospital MIX Server

SETECS® MIX™ System 24 Overview of the Presentation : 1. ) Current situation (needs and requirements) 2. ) Technologies 3. ) MIX™ concept, architecture, and components 4. ) MIX™ administration and smart cards management 5. ) MIX™ operations and use 6. ) Deployment steps 7. ) Next phase: potential extensions

SETECS® MIX™ System – MIX Admin Station 25 MIX™ System in A Hospital MIX Server Admin Station Security Card MIX Admin MIX DB Admin Server EMR Interface Hospital MIX SC Station Smart Card Admin Security Card MIX Smart Cards Station Portal Server Hospital MIX Medical Stations EMR Medi. Tech EMR Mc. Kesson EMR Health. Land EMR CPSI Doctor Nurse Security Card Admin Security Card

SETECS® MIX™ System – Registration of Hospital Entities 26

SETECS® MIX™ System – Registration of MIX Infrastructure 27

SETECS® MIX™ System – Managing HL 7 Tables 28

SETECS® MIX™ System – Managing Personnel 29

SETECS® MIX™ System – Managing Patients 30

SETECS® MIX™ System – Patients: Personal Information 31

SETECS® MIX™ System – Patients: Demographic Data 32

SETECS® MIX™ System – Patients: Medical Data 33

SETECS® MIX™ System – Patients: Insurance Data 34

SETECS® MIX™ System – Patients: Emergency Contacts 35

SETECS® MIX™ System – Transfers between Hospitals 36

SETECS® MIX™ System – Smart Cards Station 37 MIX™ System in A Hospital MIX Server Admin Station Security Card MIX Admin MIX DB Admin Server EMR Interface Hospital MIX SC Station Smart Card Admin Security Card MIX Smart Cards Station Portal Server Hospital MIX Medical Stations EMR Medi. Tech EMR Mc. Kesson EMR Health. Land EMR CPSI Doctor Nurse Security Card Admin Security Card

SETECS® MIX™ System – Enrollment of Personnel for Smart Cards 38

SETECS® MIX™ System – Enrollment of Patients for Smart Cards 39

SETECS® MIX™ System – Smart Card Requests to HIE Server Smart Cards System Regional Smart Cards DB Card Issuer Group MIX Server Hospital MIX DB MIX Data Medical Applet Data Card Manager Hospital MIX Station Hospital MIX Server MIX Portal Server 40

SETECS® MIX™ System – HIE MIX Server Admin Station HIE MIX Server (Regional) Group X-PID HIE MIX Server Admin Station Security Card MIX DB Admin MIX Admin Info Med Docs and Data HL 7 Interface Med Docs and Data Hospital MIX Server MIX DB Admin MIX DB Med Info EMR Interface Admin Med Info EMR Interface 41

SETECS® MIX™ System – Issuing of Smart Cards 42

SETECS® MIX™ System – Print/Personalize Smart Cards 43 HIE MIX Server (Regional) Group X-PID HIE MIX Server Admin Station Security Card MIX Admin MIX DB Admin Info HL 7 Adapter One-step process: printing and personalization of smart cards Role: Provider. Institution: SETECS, Inc. Issued: 2009 FEB 01 Expires: 2012 FEB 01 Blank cards SMITH, A. JOHN

SETECS® MIX™ System – Providers’ and Patients’ Smart Cards MIX™ Smart Cards SETECS® Medical Card SETECS® Security Card Insurance : Care. First Blue. Choice, Inc. Member Services: 800– 777– 9999 ID X 2 C 334445555 Group: 9909 ADM: CERT PRE: CERT PCP : Smith, John CO-PAY : CD 2200 P 60 S 90 ER 400 RX VC Issuer: UPHCN, Marquette, MI 49855, Tel: (906) 111– 2222 44

SETECS® MIX™ System Overview of the Presentation : 1. ) Current situation (needs and requirements) 2. ) Technologies 3. ) MIX™ concept, architecture, and components 4. ) MIX™ administration and smart cards management 5. ) MIX™ operations and use 6. ) Deployment steps 7. ) Next phase: potential extensions 45

SETECS® MIX™ System – MIX Medical Stations 46 MIX™ System in A Hospital MIX Server Admin Station Security Card MIX Admin MIX DB Admin Server EMR Interface Hospital MIX SC Station Smart Card Admin Security Card MIX Smart Cards Station Portal Server Hospital MIX Medical Stations EMR Medi. Tech EMR Mc. Kesson EMR Health. Land EMR CPSI Doctor Nurse Security Card Admin Security Card

SETECS® MIX™ System – Portal Interface: Patients and Providers MIX™ System in A Hospital 47

SETECS® MIX™ System – Portal Interface: Various Events MIX™ System in A Hospital 48

SETECS® MIX™ System – Portal Interface: Transfers MIX™ System in A Hospital 49

SETECS® MIX™ System – Transfers MIX™ System in A Hospital 50

SETECS® MIX™ System Overview of the Presentation : 1. ) Current situation (needs and requirements) 2. ) Technologies 3. ) MIX™ concept, architecture, and components 4. ) MIX™ administration and smart cards management 5. ) MIX™ operations and use 6. ) Deployment steps 7. ) Next phase: potential extensions 51

SETECS® MIX™ System – Step 1: Global MIX Server 52 Global MIX™ Server PKI Global MIX Server HL 7 Unique Tables PIDs XML Global Dictionaries X-PID Group MIX Server Hospital MIX Server Hospital MIX Server

SETECS® MIX™ System Deployment Steps : 1. ) Step 1: Install and activate Global MIX Server 2. ) Step 2: Install and activate HIE MIX Server 3. ) Step 3: Install and activate MIX Server in each Hospital 4. ) Step 4: Resolve registration of personnel (HR databases) and patients (local EMR systems) 5. ) Step 5: Enroll personnel and issue them smart cards 6. ) Step 6: Establish and enforce Security Policy 7. ) Step 7: Test use of the MIX system by personnel and patients 53

SETECS® MIX™ System Deployment Prerequisites : 1. ) Establish deployment team (SETECS, MTU, UPHCN, hospitals) 2. ) Specify the details of the deployment architecture 3. ) Complete HL 7 coding tables 4. ) Review registration data for patients and professionals 5. ) Specify layout and use of patients’ smart cards 6. ) Create standard elements for XACML policies 7. ) Specify documents for CCD 8. ) EMRs in hospitals without EMR products 9. ) Completion of HL 7 messages for various EMRs 54

SETECS® MIX™ System Internal System Security : 1. ) Encryption of data in MIX database 2. ) Encryption of data in Medical Smart Cards 3. ) Use of PIV authentication protocols 4. ) Firewalls and IDP systems 5. ) Reliability (hot backups) and archiving (cold backups) 6. ) Lost, blocked or terminated smart cards 7. ) Privacy of patients 8. ) Security logs and audits 9. ) Limits on data aggregation 55

SETECS® MIX™ System Overview of the Presentation : 1. ) Current situation (needs and requirements) 2. ) Technologies 3. ) MIX™ concept, architecture, and components 4. ) MIX™ administration and smart cards management 5. ) MIX™ operations and use 6. ) Deployment steps 7. ) Next phase: potential extensions 56

SETECS® MIX™ System Next Phase – Potential Extensions : 1. ) Extensions of the MIX™ system to consumers (patients) 2. ) Extension with laboratory and imaging data 3. ) Extensions to payers and insurance companies 4. ) Extensions to physicians sector 5. ) Extensions to pharmacies 6. ) Extensions to State public health institutions 7. ) Extensions to Federal public health institutions 57

SETECS® MIX™ System Conclusions of the Presentation : 1. ) Current situation (needs and requirements) 2. ) Technologies 3. ) MIX™ concept, architecture, and components 4. ) MIX™ administration and smart cards management 5. ) MIX™ operations and use 6. ) Deployment steps 7. ) Next phase: potential extensions Questions and Discussion 58

Secure Medical Information Exchange (MIX™) System Sead Muftic SETECS Medical Technologies E–mail: sead. muftic@setecs. com Tel: 240– 535– 2095 ® ™ SETECS MIX System Secure Medical Information Exchange System January 2011 59