1 / 43

Healthcare Provider Directories 2011-Jan-24

Healthcare Provider Directories 2011-Jan-24. Eric Heflin Dir of Standards and Interoperability/Medicity. Audience/Scope. Agenda Introduction Terms Used Personnel White Pages (PWP) Healthcare Provider Directories (HPD) Cross-Enterprise User Assertions (XUA)

bob
Download Presentation

Healthcare Provider Directories 2011-Jan-24

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Healthcare Provider Directories2011-Jan-24 Eric Heflin Dir of Standards and Interoperability/Medicity

  2. Audience/Scope • Agenda • Introduction • Terms Used • Personnel White Pages (PWP) • Healthcare Provider Directories (HPD) • Cross-Enterprise User Assertions (XUA) • Relationships Between HPD and PWP • For More Information

  3. Audience/Scope • Audience • Senior healthcare IT technical executives • Architects • Implementers seeking a broad overview • Scope • Broad context and guidance about the use of two IHE standard profiles for provider directories • Personnel White Pages and Healthcare Provider Directory • Purpose • Provide reusable educational content

  4. Introduction • IHE has created two standards (profiles) for healthcare-related directories • One profile targets peopleinside an enterprise • The second profile targets people and organizationsacross enterprises • This presentation introduces and compares both profiles

  5. HPD/PWP Terms Used • Directory: A type of database, typically with a hierarchal structure, supporting queries to determine a list of matching subjects, or determining attributes about a subject. • Healthcare Provider: Medical information entities such as physicians, medical laboratories, hospitals, dentists, pharmacists, nurses, diagnostic imaging professionals etc. This includes both individuals as well as organizations. • LDAP (Lightweight Directory Access Protocol): A type of directory that is widely deployed, multi-vendor, and mature. • HPD (Healthcare Provider Directory): An IHE profile and a specific instance of a directory with defined attributes and service interfaces. Defined in more detail in this presentation. • PWP (Personnel White Pages): An IHE profile and a specific instance of a directory with defined attributes and service interfaces. Defined in more detail in this presentation. • DSML (Directory Services Markup Language): An XML grammar for accessing LDAP directories. • XUA: A method of expressing identity attributes across domains.

  6. XUA Terms Used • Assertion:A piece of data produced by a SAML authority regarding either an act of authentication performed on a subject, attribute information about the subject, or authorization data applying to the subject with respect to a specified resource. This Assertion is used in access control and audit trails. • Federated Identity:A user’s identity is said to be federated between a set of Providers when there is an agreement between the providers on a set of identifiers and/or attributes to use to refer to the user. • Identity Provider :A type of service provider that creates, maintains, and manages identity information for users and provides user authentication to other service providers within a federation, such as with web browser profiles. • Security Assertion Markup Language (SAML):The set of specifications describing security assertions that are encoded in XML, profiles for attaching the assertions to various protocols and frameworks, the request/response protocol used to obtain the assertions, and bindings of this protocol to various transfer protocols (for example, SOAP and HTTP). • Security Domain:An environment defined by a single set of security policies, including a set of people, equipment, facilities, procedures. A Security Domain may be a single enterprise or a collection of enterprises (e.g. IHE-XDS Affinity Domain). • Principal:A person or system who makes use of a system and its resources for any purpose.

  7. PWP – personnel white pages

  8. What Problem is Being Solved? • PWP Problem Statement: The industry needs a standards-based method access to basic directory information on human workforce members to other workforce members within the enterprise.

  9. PWP Definition • Personnel White Pages Profile (PWP) provides access to basic human workforce user directory information. • This information has broad use among many clinical and non-clinical applications across the healthcare enterprise. • The information can be used to enhance the clinical workflow (contact information), enhance the user interface (user friendly names and titles), and ensure identity (digital certificates).

  10. PWP Selected Use Cases • Username query to determine user’s full name • Determine a user’s organization identification • Determine a user’s email address • Determine a user’s name given his/her initials • Determine a user’s name given his/her provider ID

  11. PWP Scope • Provide access to basic information about the human workforce members • Does not include Patients • Defines method for finding the PWP • Defines query/access method • Defines attributes of interest • Leverages an ISO standard

  12. PWP Value • Single Authoritative Knowledge Base • Reduce duplicate and unconnected user info database • Single place to update • Name Changes • New Phone Number • Additional Addresses • Enhance Workflow and Communications • Providing information necessary to make connections • Phone Number • Email Address • Postal Address

  13. PWP Actor Diagram Personnel White Pages Consumer Find Personnel White Pages [ITI-23] Query Personnel White Pages [ITI-24] DNS Server Personnel White Pages Directory

  14. PWP Actors • Three Actors • Personnel White Pages Consumer • DNS Server • Personnel White Pages Directory • Two Transactions • Find Personnel White Pages [ITI-23] • Query Personnel White Pages [ITI-24] • No Options

  15. PWP Process Flow

  16. PWP Security and Privacy • Security and privacy for and PWP is established via other mechanisms • ATNA for node authentication and secure logging • EUA to authenticate users • XUA for access control • IT best practices • Regional-specific legal, regulatory, policy, privacy, and security analysis is suggested • See the HPD profile for an analysis • X.509 keys can be stored in HPD or PWP directories

  17. PWP References • For more information on PWP, please see: • IHE ITI Technical Framework Profile • http://www.ihe.net/Technical_Framework/upload/IHE_ITI_TF_Rev7-0_Vol1_FT_2010-08-10.pdf • IHE ITI Technical Framework Transactions • http://www.ihe.net/Technical_Framework/upload/IHE_ITI_TF_Rev7-0_Vol2a_FT_2010-08-10.pdf • Wiki Page • http://wiki.ihe.net/index.php?title=Personnel_White_Pages • John’s 2004 PWP slide deck (URL??)

  18. HPD – Healthcare provider directory

  19. What Problem is Being Solved? • HPD Problem Statement: The industry needs a standards-based method to support queries against, and management of, healthcare provider information that may be publicly shared in a directory structure.

  20. HPD Definition • HPD supports queriesagainst, and management of, healthcare provider information that may be publicly shared in a directory structure. HPD directory structure is a listing of the following two categories of healthcare providers that are classified by provider type, specialties, credentials, demographics and service locations. • Individual Provider: A person who provides healthcare services, such as a physician, nurse, or pharmacist. • Organizational Provider: Organization that provides or supports healthcare services, such as a hospital, Healthcare Information Exchange (HIE), Managed Care, Integrated Delivery Network (IDN), and Association.

  21. HPD Selected Use Cases • Yellow pages lookup • Query providers and their associations for Social Services Disability Determination • Emergency Responders Identification in planning for an emergency event • Provider Authorization and lookup during an emergency event • Forwarding of Referral Documents to a Specialist • Certificate Retrieval • Language Retrieval

  22. HPD Scope • Designed to maintain a structured list of attributes for both organizations (such as clinics) and people (such as physicians) • Allows extensibility • Largely semantically interoperable • Leverages ISO standard (21091) • Designed to enable cross organizational directory access

  23. HPD Value • Single Authoritative Knowledge Base • Reduce duplicate and unconnected user info database • Single place to update • Name Changes • New Phone Number • Additional Addresses • Enhance Workflow and Communications • Providing information necessary to make connections • Phone Number • Email Address • Postal Address

  24. HPD Value • Enhance User Interactions • Provide user friendly identities and lists • List of members • Displayable name of a user • Initials query • Contributes to Identity Management • Additional methods of identity cross verification • Name, address, phone number, email • Cross reference with Enterprise User Authentication identity • Future expansion likely will contain certificates

  25. HPD Actor Diagram Provider Information Feed [ITI-59] Provider Information Source Provider Information Directory Provider Information Query [ITI-58] Provider Information Consumer

  26. HPD Actors • Three Actors • Provider Information Directory • Provider Information Consumer • Provider Information Source • Two Transactions • Provider Information Query [ITI-58] • Provider Information Feed [ITI-59] • One Option • Provider Information Feed [ITI-59]

  27. HPD Options • 28.2.1 Provider Information Feed Option • When the Provider Information Feed Option is declared the Provider Information Directory shall support the Provider Information Feed [ITI-59] transaction

  28. HPD Relationships

  29. HPD Process Flow

  30. HPD Organizational Provider

  31. HPD Individual Provider

  32. HPD Security and Privacy • Security and privacy for HPD is established via other mechanisms • ATNA for node authentication and secure logging • EUA to authenticate users • XUA for access control • PWP for system users identification • IT best practices • LDAP authentication for attribute protection • Regional-specific legal, regulatory, policy, privacy, and security analysis is suggested • See the HPD profile for an analysis • X.509 keys can be stored in HPD or PWP directories

  33. HPD Standards Used • LDAP • DSML • ISO/TS 21091

  34. HPD References • For more information on HPD, please see: • IHE Technical Framework • http://www.ihe.net/Technical_Framework • ISO TS 21091:2005 – Requires purchase • http://www.iso.org/iso/catalogue_detail.htm?csnumber=35647

  35. xua– cross-enterprise user assertion

  36. XUA Definition • XUA specifies the use of an existing standard (SAML 2.0) to carry cross-enterprise attributes identifying a person or system making a request • Cross-Enterprise User Assertion provides a means to communicate claims about the identity of an authenticated principal (user, application, system...) in transactions that cross-enterprise boundaries. The XUA Profile supports enterprises that have chosen to have their own user directory with their own unique method of authenticating the users, as well as others that may have chosen to use a third party to perform the authentication.

  37. XUA Introduction • XUA based on SAML 2.0 • XUA++ enhances XUA to indicate several key SAML attributes • A complete discussion of XUA can be found in other IHE documents (see references section) • Here we primarily discuss the relationships between XUA and HPD/PWP

  38. XUA PWP/HPD Relationship • Organizations are responsible for identity proofing, authenticating, authorizing and managing end-users credentials compliant with local policy • XUA / XUA++ attributes can be maintained in PWP and HPD directories • Selected PWP and HPD attributes can be subsequently expressed in XUA • Implies that users should never be removed from PWP or HPD directories; only depreciated to preserve log integrity

  39. summary

  40. HPD/PWP Comparisons

  41. Other IHE References • General information about IHE can be found at: • http://www.ihe.net • Information about the IHE IT Infrastructure domain can be found at: • http://www.ihe.net/Domains/index.cfm • Information about the structure of IHE Technical Frameworks and Supplements can be found at: • http://www.ihe.net/About/process.cfmand http://www.ihe.net/profiles/index.cfm

  42. Credits: • Selected content copied from other IHE sources including the ITI Framework Profiles, Transactions, Supplements, and educational materials • Reviewers: • John, Karen, Rob, Geoff, will list all

More Related