1 / 21

EMR Project

EMR Project. Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry) Cornell (Wicker, Gerkhe, Machanavajjhala). Preamble . EMR is an integrative project for motivating, testing, evaluating core TRUST research areas in:

Antony
Download Presentation

EMR Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry) Cornell (Wicker, Gerkhe, Machanavajjhala)

  2. Preamble • EMR is an integrative project for motivating, testing, evaluating core TRUST research areas in: • Model-based design for security • Formal modeling, verifying and enforcing policies • Sensor networks • Investigate “best practices” for interfacing public policy to technology • We are fully aware of the fact that EMR is a huge area of research and EMR-TRUST is just one relatively small subproject in TRUST. We leverage our partnership with the Vanderbilt Medical Center to have a broader impact. • One related effort in the US is Microsoft’s Software Factory for HL7 compliant EMR transfer among providers.

  3. The Problem 2050 Percentage of Population over 60 years old Global Average = 21% Table compiled by the U.S. Administration on Aging based on data from the U.S. Census Bureau. United Nations ▪ “Population Aging ▪ 2002” • Rise in mature population • Population of age 65 and older with • Medicare was 35 million for 2003 and • 35.4 million for 2004 • New types of technology • Electronic Patient Records • Telemedicine • Remote Patient Monitoring • Empower patients: • Access to own medical records • Control the information • Monitor access to medical data • Regulatory compliance

  4. Challenges • Health Insurance Portability and Accountability Act of 1996 (HIPAA) • HIPAA Privacy Rule (2003): gives US citizens • Right to access their medical records • Right to request amendments, accounting of disclosures, etc. • HIPAA Security Rule (2005): requires healthcare organizations to • Protect for person-identifiable health data that is in electronic format • Complexity of privacy • Variable levels of sensitivity; “sensitive” in the eye of multiple beholders • No bright line between person-identifiable and “anonymous” data • Complexity of access rights and policies • Simple role-based access control is insufficient • Governing principles: “need-to-know” and “minimum disclosure”

  5. Research Platform: Patient Portal • MyHealthAtVanderbilt is a web portal for an increasing number of services for patients. • Current capabilities include • appointment management, • secure messaging, • access to EMR and • billing • Future services will/may include medication management,patient data uploads, real-time datalinks and others..

  6. Overall Research Objective • Satisfying high-level requirements stated for • privacy, confidentiality, • integrity, • non-repudiation and • access control properties of information flows in the PP system. • Focus on system architecture and policy issues - leveraging existing security technology components.

  7. TRUST Research Effort in EMR • Architecture modeling and analysis • Policy modeling and analysis • Interfacing real-time patient data

  8. Architecture Modeling and Analysis Sub-Project • Architecture analysis is conducted based on the SOA architecture framework – natural fit to the problem and to the existing implementation of MyHealthAtVanderbilt • In SOA • Workflow modeling • Policy modeling • Data modeling • Service modeling is used to restrict and automate information flow in complex, dynamic environment.

  9. Research Approach • System Analysis • Risks and Threats Analysis • Policy Analysis • Domain analysis • VU Medical School • TRUST research groups (Vanderbilt, Stanford) • Domain Specific Modeling Languages • Domain Specific Policy Languages • Privacy preservation • Modeling • VU Medical School • TRUST research groups (Vanderbilt, Stanford, Cornell) • Fast prototyping • BPEL4WS tools • TRUST research groups (Vanderbilt, Stanford, Berkeley) • Mapping to target architecture -> recommendations

  10. Domain Analysis • Regular meetings with Medical School • Physicians • Medical Informatics Researchers • Software engineering staff • Privacy Officer • Information Security Officer • Architecture and policy discussions • Case studies • Brain storming sessions

  11. “Target” Architecture for Experimentation Partners • Standards: • BPEL • XACML • SAML • WS-Sec • … External Policy Enforcement Point PolicyDecision Pt. BPEL Process Manager Policy Repos. Configuration Engine • Target ArchitectureLimitations: • Modeling lngs? • Policy lngs? • Openness of architecture? • Tractability of analysis? PolicyDecision Pt. Internal Policy Enforcement Point S1 S2 Sn

  12. Modeling For Patient Portal Technology infrastructure: PP Domain • Workflow Models • Activities • Coordination • Service Models • Component Interface • Data Models • Policy Models • Access models • Privacy models Modeling Tools Analysis Tools Model Transformation Model Transformation Model Transformation Model Translators • Research Tasks: • Specification of modeling/policy languages • Model analysis/verification methods • Model translator specification • Case studies WSDL XACML BPEL4WS BPEL Process Manager Policy Repos. BPEL Infrastructure

  13. Modeling Challenges • Development of ”correct” abstractions • How to establish clear relationship among workflow, data and policy related abstractions?Examples:“ A patient is allowed to make appointment only for regular hours.”“ Physicians can access and modify medical records for those patients where they are the designated primary care physician.”“ A nurse can read medical records only in her specialization except when the illness is marked confidential.” Research approach: Formal specification, experimental evaluation and evolution of modeling languages.

  14. Modeling Tool

  15. Architecture Challenges • Privacy/security in open, dynamic architectures • Workflows are added and modified in the system. • Structure of information flows are dynamic, data dependent and complex. How can we guarantee and maintain privacy/security properties? Example: A new service added to the PP to provide relevant information for patients. Are there privacy leaks? Research approach: Data mining of audit files and discovering leaks, not-modeled information flows.

  16. Deliverables • Suite of modeling languages and tools • In-depth modeling of part of the PP and detailed analysis of security and privacy properties • Integration with Policy Languages component • Exploring privacy issues related to the research project (e.g. privacy leaks through access to audit logs.)

  17. Policy Modeling Subproject

  18. Interfacing Real-time Patient Data (See Professor Bajcsy’s Talk)

  19. Impact and technology transfer • Direct connection to a major Patient Portalresearch and deployment project • Results can be generalized to a wide range of SOA applications • MyHealthAtVanderbilt; ….

  20. How is TRUST making a difference here? • Vanderbilt, Stanford, Berkeley, Cornell • This project would be impossible withoutTRUST in every sense

  21. Education and Outreach • Immediate result of the unprecedented collaboration with the Medical School are: • consideration of a CS pre-med • joint projects • co-advising students • “TRUST Fellowship” for medical informatics Ph.D. candidates

More Related