1 / 22

Integrative Projects Status Report

This status report provides an update on the role of Integrative Projects in TRUST, with a focus on patient portals and systems/security co-design in embedded systems. It also highlights the societal context of patient portals, the MyHealth@Vanderbilt project, and the technical challenges faced in their development.

ruano
Download Presentation

Integrative Projects Status Report

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Integrative ProjectsStatus Report Janos Sztipanovits

  2. Content • Role of Integrative Projects in TRUST • Status Report on Project Formation: • Patient Portals • Systems/Security Co-design in Embedded Systems • Next Steps

  3. Role of Integrative Projects • Link research efforts to real-life challenges • Help validating research results • Facilitate technology transitioning toward National stakeholders • Provide focus for integrating research efforts

  4. Patient Portals: Societal Context • Health Insurance Portability and Accountability Act of 1996 (HIPAA) • The HIPAA Privacy Rule, which became effective in April of 2003, gives US citizens for the first time a uniform right to access to information contained in their medical records, • to request amendments or corrections to those records, • to request an accounting of disclosures of their personal health information made by their healthcare providers. • The HIPAA Security Rule, which became effective in April, 2005, requires healthcare organizations to adopt administrative, physical and technical protections for person-identifiable health data that is maintained or transmitted in electronic format. • Currently, the civil and criminal liabilities associated with the • Security Rule create additional concerns and reticence of health care • organizations to bring new classes of users into the previously private, • internal domain of electronic clinical information systems.

  5. MyHealth@Vanderbilt • Experimental Patient Portal at VUMC • Patient access to lab results • Patient-entered notes e.g., dietary supplements • Automated drug-drug interaction checking for items that patients add to their medications • Opportunity • Use MyHealth as an evaluation platform for TRUST technologies

  6. Criteria for Being a TRUST Integrative Project • Interest from the Medical Community • Multisciplinary: Social, Systems, Security • Scale: Societal with huge potential implications • Real: MyHealth is a live experimental system • Technical richness and fundamental challenges

  7. Integrative Project Development on Patient Portals • Discussions and preparations started with Prof. Bill Stead, Director, Informatics Center and the Prof. Dan Masys, Chair, Department of Biomedical Informatics of Vanderbilt University Medical Center in September, 2005. • We jointly organized a Design Workshop for an Integrative Project related to Patient Portals on December 16, 2005 at Vanderbilt Center for Better Health. (http://dbmi.mc.vanderbilt.edu/trust/#Output) • Detailed project planning between TRUST and the MyHealth program continue.

  8. Meeting at Vanderbilt

  9. Presentations

  10. The Nature of Biomedical Data • Complexity of privacy • Variable levels of sensitivity; “sensitive” is in the eye of multiple beholders, and highly context-dependent • No bright line between person-identifiable and “anonymous” data • So inherently rich in attributes that re-identification potential never reaches zero • Genome as Future Diary: An individual’s medical data may have implications for other family members who have much different values and preferences, and for future generations • Complexity of access rights and policies • Simple role-based access control is insufficient • Governing principles: “need-to-know” and “minimum disclosure” Source: Dan Masys’s presentation

  11. Design Rounds

  12. Workshop Results • Real-time Patient Data MonitoringProject (see poster) • Role-based Access Modeling for Patient Portals (see poster) • Unintended Consequences(joint study group between the MyHealth program and TRUST)

  13. Patient Portals:Technical Challenges 1/2 • Access ControlUnique problems: - Policy languages - Policy validation - Distributed policy enforcement • Data PrivacyUnique problems: - Learning from data while keeping individual data private - Publishing data without possibility to link back to individuals - Information flow through data access: “leaking secret data” - Incorporating background knowledge - Interaction between privacy and policy languages

  14. Patient Portals: Technical Challenges 2/2 • Distributed trust managementUnique problems: - Maintaining trust across multiple players with conflicting interests and policies • Information architecture modeling and analysisUnique problems: - Technical and organizational heterogeneity - Major role of legacy systems - Scale and complexity • Benchmarking • Creation of synthetic patient data • Real-life patient data • Societal Impact of Patient Portals- What privacy policy would make patients comfortable with contributing data to research study?

  15. Approaches • What solutions are possible? • Policy languages (Stanford) • Data privacy (Cornell) • Information architecture modeling and analysis (VU, Berkeley) • Distributed trust management (Cornell) • Societal impact (Berkeley) • Use MyHealth as demo system • Put TRUST research thrusts in MyHealth contexts

  16. Embedded System/Security Co-design: Societal Context • Embedded and Networked Embedded Systems have huge penetration • in all market sectors: automotive, aerospace, defense, medical, • transportation, energy, chemicals, communications and others. • Security of embedded systems is becoming a major societal concern • Resource limitations, timing, and complexity make the development of secure embedded and networked embedded systems a significant scientific and technical challenge

  17. Integrative Project Development on System/Security Co-design • Discussions and preparations started with the ESCHER companies (GM, Boeing, Raytheon) in September, 2005. • We solicited input for challenge problem specificationand testbed ideas. • At the December 2005 ESCHER Advisory Group meeting we discussed specific ideas and plans • A low-cost testbed implementation is ongoing.

  18. Testbed Configuration Plant Simulator DAQ Controller Controller Controller Wireless Link • Different SW platforms: • Linux • GRSecurity • Others (LynxOS, VxWorks,..) Single board computer SBC4495 from Micro/Sys Minilab 1008

  19. Composition Platform Functional Models Component Models OS Security Services Access Control HW/SW Arch Componentized Model Partitioning Model Platform Model Secure Component Structure Model Deployment Model Generators Integrated Co-design Environment • Domain-specific Modeling Languages (AADL, Simulink/StateFlow, …) • Security modeling for different platforms • Model Analysis tools • Code Generators

  20. Exploratory Integrative Project Ideas • Sensor Networks in Cooperation with Oak Ridge National Labs • Dirty Bomb Detection • Trusted Transportation Corridor (VU)

  21. Sensor Networks: Dirty Bomb Detection Demonstration in VU Stadium Goal: Detection of Rad. Source position by tracking location of moving sensor with less than 1m error. • Demonstration in Vanderbilt Stadium, April, 2006 (IPSN’06) • ORNL: Rad. Sensor • VU-ISIS: Sensor localization and system integration • Berkeley: Platform • Cornell: Networking Oak Ridge National Labs TRUST team: Vanderbilt-Berkeley-Cornell

  22. Next Steps • Additional integrative projects concepts arebeing developed (e.g. sensor networks) • Project teams are formed between TRUST groups and “stakeholders” • Detailed project plans are discussed • Integrative project teams are formed First results will be reported at the April 2006 TRUST Review Meeting

More Related