1 / 19

ID Management in e-Health

ID Management in e-Health. February 2007. About WISeKey . Company founded in 1999 Privately held Headquarters in Geneva, Switzerland Trust services hosted in our highly secure datacenters Affiliates around the world, including Bulgaria for Eastern Europe

beth
Download Presentation

ID Management in e-Health

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ID Management in e-Health February 2007

  2. About WISeKey • Company founded in 1999 • Privately held • Headquarters in Geneva, Switzerland • Trust services hosted in our highly secure datacenters • Affiliates around the world, including Bulgaria for Eastern Europe • Solutions deployed in over 20 countries • Strong technological alliances in the e-Health sector

  3. Recent Misuses of Patient Health Information • Banker collects On Cancer Patients’ Mortgages • Hospital Employee Sells Country Singer’s Medical Records for $2610 • Psychological records of 62 children accidentally posted on website • Physician’s Laptop with patient medical histories stolen • health.org exposes customer names, addresses, phone numbers & email addresses on web • Washington DC Hospital Fined $25,000 • Sick employee fired by self-insured employer

  4. Risks in the e-Health World • Wrongful access to patient or medical information • Theft of physicians laptops and data • Posting of confidential data on rogue websites • Breach of “doctor-patient” secrecy through the interception of electronic communications • Failure to comply with regulations due to weak security

  5. What is Identity for eHealth? • People • Employees • Patients • Partners • Suppliers • Material • Computers • Medical Supplies • Drugs • Surgical Equipment

  6. Need for e-Identity

  7. Patient Centric Model

  8. Digital Identity

  9. Identity and healthcare • Regulations mandate “protection” of patient health information • Protection defined (technical security services) • Access control – what you can access • Audit control – what you have accessed • Authorization control – what you can do once you access • Data integrity – ensuring data is intact • Entity authentication - proving your identity • Once again, it all comes back to Identity

  10. Core PKI Services essential a public key infrastructure (PKI) is an arrangement that provides for trusted third partys vouching for user identities Authentication assurance to one entity that another entity is who he, she, or it claims to be Integrity assurance to an entity that data has not been altered between “there” and “here” or between “then” and “now” Confidentiality assurance to an entity that no one can read a particular piece of data except the intended receiver

  11. Email encryption And signature Access Control User management Mobile Data Encryption Digital Signature Data Encryption Digital Identity Intranet/Extranet Access Management Use of Trusted Certificates

  12. Strong Application Authentication “Secure Zone” Electronic Patient Records www.ehealth.bg Encrypted HTTPS Tunnel Patient Web Based Portal E-Prescriptions Data Repository Through the use of a WISeKey Trusted Certificate incorporated on a smart-card/token, the patient is able to authenticate himself in safer and “stronger” ways in order to access web-based portals Health Insurance Service Custom Hospital Application

  13. Secure Communications • Data Encryption and digital signature of e-mails with WISeKey Certificates • Assurance of the Authenticity of the Sender and the integrity of the message • “The right people see the right information” Health Insurances Doctors Government Hospitals

  14. Guaranteed Data Integrity “Safe Zone” Internet/Extranet Doctor receives Data XYZ Patient sends Data XYZ • By using WISeKey solutions, we are able to guarantee the integrity of data sent between two parties. This is crucial when exchanging data in such instances as e-Prescriptions. • Prevents “man in the middle” attacks

  15. Digital Form Signing Compliant Form Digital Signature using a WISeKey Certificate Non-compliant Digital Forms • Digital Signatures permit the legal endorsement of such documents as electronic patient records, lab orders, prescriptions and requisitions thus helping compliance with different EU and country based directives.

  16. Regulatory compliance • By combining WISeKey’s technologies with secure infrastructures and policies, you are able to better reach compliance with such directives as: • HIPPA • SAFE • EU Directive 2004/9/CE • Swiss Data Protection Law • And others

  17. Foreseen Swiss Model Standard Certificate Identification Identification Authentication Non-Repudiation Advanced Certificate

  18. 8, Tzar Ivan Shishman st. 1000 Sofia, Bulgaria Tel. +359 2 9888 103 Fax: +359 2 9816 999 www.wisekey.com email:info@bg.wisekey.com Contact us

More Related