190 likes | 263 Views
ID Management in e-Health. February 2007. About WISeKey . Company founded in 1999 Privately held Headquarters in Geneva, Switzerland Trust services hosted in our highly secure datacenters Affiliates around the world, including Bulgaria for Eastern Europe
E N D
ID Management in e-Health February 2007
About WISeKey • Company founded in 1999 • Privately held • Headquarters in Geneva, Switzerland • Trust services hosted in our highly secure datacenters • Affiliates around the world, including Bulgaria for Eastern Europe • Solutions deployed in over 20 countries • Strong technological alliances in the e-Health sector
Recent Misuses of Patient Health Information • Banker collects On Cancer Patients’ Mortgages • Hospital Employee Sells Country Singer’s Medical Records for $2610 • Psychological records of 62 children accidentally posted on website • Physician’s Laptop with patient medical histories stolen • health.org exposes customer names, addresses, phone numbers & email addresses on web • Washington DC Hospital Fined $25,000 • Sick employee fired by self-insured employer
Risks in the e-Health World • Wrongful access to patient or medical information • Theft of physicians laptops and data • Posting of confidential data on rogue websites • Breach of “doctor-patient” secrecy through the interception of electronic communications • Failure to comply with regulations due to weak security
What is Identity for eHealth? • People • Employees • Patients • Partners • Suppliers • Material • Computers • Medical Supplies • Drugs • Surgical Equipment
Identity and healthcare • Regulations mandate “protection” of patient health information • Protection defined (technical security services) • Access control – what you can access • Audit control – what you have accessed • Authorization control – what you can do once you access • Data integrity – ensuring data is intact • Entity authentication - proving your identity • Once again, it all comes back to Identity
Core PKI Services essential a public key infrastructure (PKI) is an arrangement that provides for trusted third partys vouching for user identities Authentication assurance to one entity that another entity is who he, she, or it claims to be Integrity assurance to an entity that data has not been altered between “there” and “here” or between “then” and “now” Confidentiality assurance to an entity that no one can read a particular piece of data except the intended receiver
Email encryption And signature Access Control User management Mobile Data Encryption Digital Signature Data Encryption Digital Identity Intranet/Extranet Access Management Use of Trusted Certificates
Strong Application Authentication “Secure Zone” Electronic Patient Records www.ehealth.bg Encrypted HTTPS Tunnel Patient Web Based Portal E-Prescriptions Data Repository Through the use of a WISeKey Trusted Certificate incorporated on a smart-card/token, the patient is able to authenticate himself in safer and “stronger” ways in order to access web-based portals Health Insurance Service Custom Hospital Application
Secure Communications • Data Encryption and digital signature of e-mails with WISeKey Certificates • Assurance of the Authenticity of the Sender and the integrity of the message • “The right people see the right information” Health Insurances Doctors Government Hospitals
Guaranteed Data Integrity “Safe Zone” Internet/Extranet Doctor receives Data XYZ Patient sends Data XYZ • By using WISeKey solutions, we are able to guarantee the integrity of data sent between two parties. This is crucial when exchanging data in such instances as e-Prescriptions. • Prevents “man in the middle” attacks
Digital Form Signing Compliant Form Digital Signature using a WISeKey Certificate Non-compliant Digital Forms • Digital Signatures permit the legal endorsement of such documents as electronic patient records, lab orders, prescriptions and requisitions thus helping compliance with different EU and country based directives.
Regulatory compliance • By combining WISeKey’s technologies with secure infrastructures and policies, you are able to better reach compliance with such directives as: • HIPPA • SAFE • EU Directive 2004/9/CE • Swiss Data Protection Law • And others
Foreseen Swiss Model Standard Certificate Identification Identification Authentication Non-Repudiation Advanced Certificate
8, Tzar Ivan Shishman st. 1000 Sofia, Bulgaria Tel. +359 2 9888 103 Fax: +359 2 9816 999 www.wisekey.com email:info@bg.wisekey.com Contact us