1 / 29

Plan for the Establishment and Operation of the Healthcare Certification Authority

2. Report Outline. 1. Project Overview2. Four types of HCA-issued cards3. Membership Roster of HCA4. Rules and regulations on the RA

clyde
Download Presentation

Plan for the Establishment and Operation of the Healthcare Certification Authority

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. 1 Plan for the Establishment and Operation of the Healthcare Certification Authority Shyu, Charng-Er Information Management Center Department of Health Taiwan, R.O.C. 01/24/2005

    2. 2 Report Outline 1. Project Overview 2. Four types of HCA-issued cards 3. Membership Roster of HCA 4. Rules and regulations on the RA &RAO 5. Certification Specifications 6. Operational Status of HCA 7. Certification IC card issuance for medical care personnel 8.Registration Authority Operators (RAO) 9. Applications of Healthcare Certification IC Cards 10. Related Regulations 11. HCA Legal Basis 12. Budget

    3. 3 1.Project Overview (1/4) Project Origins In view of the rapid development of the medical information environment, healthcare institutions are also actively implementing plans to switch from paper to electronic medical records and computerize healthcare procedures and hospital management. The goal of these plans is to increase the quality and effectiveness of medical care and reduce the cost of healthcare management.

    4. 4 1. Project Overview (2/4) Project Basis: The Executive Yuan Research, Development and Evaluation Commission’s E-Government Electronic Certification Services Conference resolution item: All governing bodies shall provide electronic license or electronic certificate certification services. (11/13/2000) In accordance with the Knowledge Economy Development Practical Implementation Project passed by the Executive Yuan in 2001 (No. 006016), the DOH received approval for the active promotion and implementation of the sub-project: Online Health Services Promotion Plan (1/29/2001). The Healthcare Certification Authority Plan is one of the subplan. By order of the Executive Yuan (No. 0910080314), the Electronic Signature Act went into effect on April 1, 2002.

    5. 5 1. Project Overview (3/4) Project timeframe: 2002.8.1~2005.12.31 Project content: the setup of software, hardware and operating environments, the drafting of operational procedures and standards, the establishment of certification IC card production and distribution services, promotion of certification usage and the provision of related training courses, and the maintenance of the services and security management of HCA.

    6. 6 1. Project Overview (4/4) HCA goals Providing e-healthcare certification services, establishing an electronic signature mechanism, and creating a secure environment for the exchange of healthcare information within the healthcare system. Assuring the confidentiality, integrity, identity verification, and non-repudiation of electronic healthcare information To facilitate the sharing of information, HPC capabilities will be added to physicians’ medical personnel certification IC cards.

    7. 7 2. The four types of HCA-issued cards (1/3) 1. Healthcare Institutional certification IC cards Serve as electronic representation of the institution’s corporate actions—like a corporate seal. Provide encryption and signatures for electronic documents, online birth reporting, etc. 2. Healthcare personnel certification IC cards Serve as electronic representation of medical personnel’s personal behavior—like a specimen seal (i.e. personal electronic signature). Limits access to NHI IC Card information (only doctors have access), medical records signatures.

    8. 8 2. The four types of HCA-issued cards(2/3) 3.Auxiliary certification IC cards for healthcare institutions In order to cater to healthcare institutions that have multiple application systems or single systems with multiple administrators, and thus have the need to use multiple certification cards simultaneously, auxiliary certification IC cards shall be issued with functions identical to the original card. The DOH began accepting applications from medical centers for temporary card usage on December 29, 2004. After the fee rules have been ratified, the DOH will begin collecting fees from applicants. Auxiliary Certification IC cards shall be controlled by healthcare institutions, with management guidelines to be established by said institutions.

    9. 9 2. The four types of HCA-issued cards(3/3) 4. Temporary Certification IC cards for doctors These cards are for use by doctors who are temporarily unable to access NHI IC cards using their physician’s Certification IC Cards. In the case that cards are lost, damaged, left at home, or when codes are forgotten. Cards have HPC functions, but no HCA functions (signature). The DOH began accepting applications from medical centers for temporary card usage since December 29, 2004. After the fee rules have been ratified, the DOH will begin collecting fees from applicants. Temporary Certification IC cards should be controlled by medical care institutions, with management guidelines to be established by said institutions.

    10. 10 3. Membership Roster of HCA(1/3)

    11. 11 3. Membership Roster of HCA(2/3) CA:certification authority Responsible for issuing certification IC cards. RA/RAO:registration authority / registration authority operator Responsible for certification registration, applicant identity checks, and related certification services (application, cancellations, extensions, card decryption, etc.) Repository Posting of CA certifications, confirmation of certification users, posting of certificate revoked list (CRL), drafting of Certification Practice Statement (CPS), etc. Card-issuing Center Responsible for producing and issuing cards.

    12. 12 3. Membership Roster of HCA(3/3) Subscribers Certification users Certified healthcare staff and licensed healthcare institutions, holders of healthcare certification IC cards Relying Party Parties that recognize and place trust in holders of CA-issued certification cards.

    13. 13 4. Rules and regulations on the RA &RAO The RA is responsible for stipulating the detailed procedures concerning the registration of certified users and the authentication of their identities, in accordance with the processes concerned with applications from certified users, as well as with the inquiry and the cancellation of the certification process. During the application process, RAO personnel will authenticate the applicant’s identity and documents in accordance with the procedural guidelines. Public health bureaus nationwide will be authorized to serve as RAOs to carry out a wide range of services as mentioned above in the implementation of the RA’s onsite application processes.

    14. 14 5. Certification Specifications The issuance of X.509 V3 format certifications, which include the name of the user, the public key, the issuer, the effective date and the expiration date among others. Using the RSA asymmetric encryption algorithm, the length of a certification user’s key is 1024 bits, while the length of the key using the CA is 2048 bits. Additional remarks: The RSA asymmetric encryption algorithm: This is a patented encryption algorithm developed by three Massachusetts Institute of Technology (USA) scholars—Rivest, Shamir and Adleman. The length of the key: The key is composed of randomized bits. The longer the bits, the longer and more secure the key (i.e. the key will be harder to decipher).

    15. 15 As of December 31, 2004, 97,163 certification IC cards have been produced and issued, including 86,057 IC cards for medical care personnel (including 45,417 cards for doctors) 11,106 IC cards for medical care institutions The service hotline 0800-364422 (3 lines) is available for further inquiries.

    16. 16 Doctors (including practitioners of Western medicine, Chinese medicine, and dentistry) : The HCA took the initiative to send application forms to these doctors nationwide (August 2003~December 2003) Reply forms have been received and 35,023 cards have been issued In accordance with the value-added NHI IC card mobilization plan, application forms were further sent to doctors who have not yet completed the application (Oct. 19, 2004) Reply forms have been received and 10,394 cards have been issued

    17. 17 Certification IC card issuance for medical care personnel Applications were opened to other medical care personnel during the period of Mar. 2004~Dec. 2004) 51,666 cards were issued, in accordance with the 2004 plan, to other medical care personnel (with doctors’ applications still ongoing). 80,614 reply forms from other medical care personnel have been received, and 40,640 cards have been issued (the remaining cards will be issued in 2005).

    18. 18 8. Registration Authority Operators (RAO) (1/ 3) Registration Authority Operator (RAO) RAOs are certified registration windows authorized by the Healthcare Certification Authority (HCA) In accordance with the Government Public Key Infrastructure Certification Policy assurance level guidelines, the HCA provides Assurance Level 3 certification services. The applicant or his/her agent must complete the application in person. There are 79 RAOs in Health Bureaus nationwide, and Health Stations in Taipei and Kaohsiung City, as well as Taipei County. RAOs supervise the onsite identity authentication of medical care personnel or institutional applicants. Schedule for full implementation of RAOs will be in March 2005.

    19. 19

    20. 20 RAO Operating Procedures

    21. 21

    22. 22

    23. 23

    24. 24

    25. 25

    26. 26

    27. 27 Electronic file exchange flow chart

    28. 28

    29. 29

    30. 30 Total of funds used by HCA (Aug. 1, 2002~Dec. 31, 2005): 89,824,661 NT dollars, averaging an approximate 26 million NT dollars per year.

More Related