1 / 32

Presented by: John Fraser Director of Information Systems Minnesota Health Data Institute

Minnesota Health Data Institute Center for Healthcare Electronic Commerce. Digital Signatures & Public Key Infrastructure: HealthKey Minnesota Project. Minnesota HIMSS Conference Tuesday, November 2nd, 1999 Minneapolis, MN. Presented by: John Fraser Director of Information Systems

haroun
Download Presentation

Presented by: John Fraser Director of Information Systems Minnesota Health Data Institute

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Minnesota Health Data Institute Center for Healthcare Electronic Commerce Digital Signatures & Public Key Infrastructure: HealthKey Minnesota Project Minnesota HIMSS Conference Tuesday, November 2nd, 1999 Minneapolis, MN Presented by: John Fraser Director of Information Systems Minnesota Health Data Institute

  2. HealthKey Project HealthKey Minnesota Minnesota Washington Massachusetts Utah North Carolina Five-State HealthKey

  3. WHO IS MHDI? ( Minnesota Health Data Institute )

  4. Minnesota Health Data Institute? ( MHDI ) • We are a MN Public-Private partnership • Not-for-Profit, private corporation • Our origins are in the private sector (1992) • Created by Minnesota Legislature (1993) • Joint governance and funding • Governance • Minnesota Commissioner of Health • 21-member Board of Directors • Funding • 70% private • 30% public

  5. MHDI Mission • The MHDI Mission is to support the information needs of: • consumers • purchasers • providers • health plans • policymakers • in measuring and improving the quality and cost-effectiveness of health care in Minnesota

  6. MHDI’s Two Programs • 1. Performance Measurement • Comparative measures of health plan and provider system performance to support consumer choice, accountability, and improvement • 2. Electronic Commerce • Minnesota Center for Healthcare Electronic Commerce • Electronic data interchange (EDI) and network infrastructure to support efficient and effective communication of information between health care system participants

  7. MHDI’s Electronic Commerce Program Minnesota Center for Healthcare Electronic Commerce • Objectives • Provide assistance and facilitation to the healthcare community to implement standardized transactions. ( for example “HIPAA” Support ) • Provide optional private medical network for secure, private transactions • Private MedNet medical network. • Develop new pilots and inter-state projects to test and implement leading edge solutions for private, secure healthcare electronic commerce. • Eligibility Access: Central Query Service (CQS) • HealthKey MN Project

  8. HealthKey Pilot Minnesota

  9. HealthKey Pilot Purpose: 1. Build PKI System in MN for healthcare 2. Educate Users on this technology 3. Develop Certificate Authority, & Policy 4. Pilot Selected Technology & Transactions: - Develop Directory Services - Develop Smartcard system - Create & Issue Public-Private Keys - Digitally sign Emails & Documents - Encrypt Emails - Accessing Secure Web Sites with Smartcards

  10. HealthKey Pilot Schedule: Phase One - Technology Demonstration - August - Dec 1999 Phase Two - HealthKey Implementation - Jan, 2000 - thru 2001, 2 yr program

  11. HealthKey Pilot Management: (MN) 1- Institute Board of Directors 2- MCHEC* Management Committee 3- Security Task Force *Minnesota Center for Healthcare Electronic Commerce

  12. HealthKey Pilot Vendor Partners: 1- PricewaterhouseCoopers (PwC) 2- Entrust Inc. 3- DataKey Inc. 4- Novell Inc. 5- Netscape Inc. (AOL) *Minnesota Center for Healthcare Electronic Commerce

  13. HealthKey Pilot - Components Policy > Develop model Certificate Policy Statement (CPS) Technology > The Pilot will be testing the following products: - Entrust CA Software - Verisign CA Software - Netscape Directory Server - Novell Directory Server (NDS) - DataKey Smartcards

  14. Licensed CA’s Licensed CA’s Licensed CA’s MN Electronic Authentication Act ~ Authority Diagram ~ Foreign CA’s Foreign CA’s MN Sec of State Foreign CA’s HealthKey Licensed CA Certificates Certificates Certificates Certificates Certificates

  15. HealthKey Pilot Policy Work Completed To Date: - Policy Workgroup Met - September 9th - Draft presented at October 15th Mtg. - May Do Certificate Policy Statement

  16. David Kampf Fairview Harold Palmer Securiosity Scott Taschler Entrust Bob Burkhart Rick Ensenbach Childrens John Fraser (MHDI) Security Task Force Certificate Practice Statement Workgroup Minnesota Health Data Institute Not Shown: - Reidun Hanson -HCMC - Paul Lampru - WebMD

  17. HealthKey Pilot Work Completed To Date: - LDAP Design Effort - Received LDAP Draft Schema from CHIME August 23rd. - Sent to PWC for Integration - Still needs work! - Setting Up Directory Design Group

  18. HealthKey Pilot Work Completed To Date: - PriceWaterhouseCoopers - All software in - Systems development complete (Nov 1) - Software/Hardware being distributed ( Early November )

  19. HealthKey Pilot Work Completed To Date: - DataKey - Smartcard - Smartcards designed - 50 Smartcard readers - 100 Smartcards

  20. HealthKey - Technical Overview Phase 1- Registration Could you register me? Yes, I can. • Must Provide: • Birth Certificate • Drivers License • Passport, etc 1 Registrant Providers/Users Internet & MedNet 2 • Create User - • Create Public/Private • Certificates 3 Directory Server CA Server • Add User to directory • Add Public Key to directory

  21. HealthKey - Technical Overview Phase 2- Usage Email Login FTP Etc. Internet Providers/Users Providers/Users Directory Server STEPS: 1. Lookup User in directory 2. Check for valid certificate (CRL) 3. Get certificate 4. Encrypt with their certificate 5. Optionally digitally sign document 6. Send

  22. HealthKey - Technical Overview Phase 2- Usage Email Login FTP Etc. Internet Providers/Users Providers/Users Directory Server • Get Document • Decrypts with Private Certificate • Optionally Check Digital Signature

  23. HealthKey Pilot - Proposed HealthKey Smartcard:

  24. HealthKey MN Example Directory Design c=us DRAFT o=healthkey.org o=ma yo o=uhin.org` o=mhdi.org o=CHIC o=allina o=mhdc.org o=bcbsmn o=chita.org o=healthpartners o=nchica.org ou=pharmacy ou=docs ou=groups Key: c = country code o = organization ou = organization unit

  25. MN HealthKey Pilot RWJ Project • MN Security Task Force Pilot will transition • into the new RWJ Grant project early 2000.

  26. Minnesota Washington Massachusetts Utah RWJ / 5-State Pilot North Carolina Minnesota Washington Massachusetts Utah North Carolina

  27. Minnesota Washington Massachusetts Utah North Carolina Robert Wood Johnson Grant Project • Project Overview: • - Timeline: • Two Year Project - Starts November, 1999 • - Goals: • Develop and Implement the • Next Generation PKI for Healthcare • Develop Privacy and Confidentiality Practices • Disseminate Results for • Public Benefit / National Model

  28. Minnesota Washington Massachusetts Utah North Carolina Robert Wood Johnson Grant Project Project Core Technologies: - Directory Server Development - Certificate Authority Coordination - Registration Authority Coordination

  29. Minnesota Washington Resources: Massachusetts Utah North Carolina • Security Task Force Pilot • - Go to new HealthKey website at: http://www.healthkey.org • LDAP Information: • http://www.kingsmountain.com/ldapRoadmap.shtml • - A tutorial aid to navigating various LDAP and X.500 resources on the Internet • http://www.critical-angle.com/ldapworld/index.html • - LDAP World tm provides current information on the status of the LDAP specifications, • availability of LDAP products, and deployment of LDAP-based directories. • http://www.zdnet.com/pcmag/pctech/content/18/15/ec1815.001.html • - Good intro to Windows 2000’s Active Directory and LDAP.

  30. Questions and Answers

  31. How to reach us: Minnesota Health Data Institute 651.917.6700 (v) 651.917.6720 (f) http://www.mhdi.org/

More Related