470 likes | 665 Views
Federated Identity Management in Healthcare: What is Needed and What is Feasible. 2006 Spring Member Meeting April 26, 2006 Holt Anderson – NCHICA Executive Director William Weems, Univ. of Texas Health Science Center at Houston Casey Webster, IBM. Session Outline. Holt Anderson
E N D
Federated Identity Management in Healthcare:What is Needed and What is Feasible 2006 Spring Member Meeting April 26, 2006 Holt Anderson – NCHICA Executive Director William Weems, Univ. of Texas Health Science Center at Houston Casey Webster, IBM
Session Outline • Holt Anderson • Background of National HIT Initiatives from ONC • Casey Webster • Challenges & Approaches in Developing the Nationwide Health Information Network (NHIN) Architecture • Bill Weems • What is Possible Today! • Question & Answer Session
Background of National HIT Initiatives from ONC Holt Anderson
Compliance Certification Nationwide Health Information Network Standards Harmonization Industry Transformation Health Information Technology Deployment Infrastructure Technology Industry Privacy / Security Health IT Adoption
Standards Harmonization Process • HHS awarded a contract valued at $3.3 million to the American National Standards Institute, a non-profit organization that administers and coordinates the U.S. voluntary standardization activities, to convene the Health Information Technology Standards Panel (HITSP). • The HITSP will develop, prototype, and evaluate a harmonization process for achieving a widely accepted and useful set of health IT standards that will support interoperability among health care software applications, particularly EHRs.
Compliance Certification Process • HHS awarded a contract valued at $2.7 million to the Certification Commission for Health Information Technology (CCHIT) to develop criteria and evaluation processes for certifying EHRs and the infrastructure or network components through which they interoperate. • CCHIT will be required to submit recommendations for ambulatory EHR certification criteria in December 2005, and to develop an evaluation process for ambulatory health records in January 2006. • Criteria will include the capabilities of EHRs to protect health information, standards by which EHRs can share health information and clinical features that improve patient outcomes.
Privacy and Security Solutions • HHS awarded a contract valued at $11.5 million to RTI International, a private, non-profit corporation, to lead the Health Information Security and Privacy Collaboration (HISPC), a collaboration that includes the National Governors Association (NGA), up to 40 state and territorial governments, and a multi-disciplinary team of experts. • RTI will oversee the HISPC to assess and develop plans to address variations in organization-level business policies and state laws that affect privacy and security practices that may pose challenges to interoperable electronic health information exchange while maintaining privacy protections.
Health Information Technology Adoption Initiative • HHS awarded a contract valued in excess of $1 million to the George Washington University and Massachusetts General Hospital Harvard Institute for Health Policy to support the Health IT Adoption Initiative. • The new initiative is aimed at better characterizing and measuring the state of EHR adoption and determining the effectiveness of policies to accelerate adoption of EHRs and interoperability. • For more information visit: http://www.hitadoption.org/
Compliance Certification Nationwide Health Information Network Standards Harmonization Industry Transformation Health Information Technology Deployment Infrastructure Technology Industry Privacy / Security Health IT Adoption
Nationwide Health Information Network (NHIN) • Contracts have been awarded by HHS totaling $18.6 million to four consortia of health care and health information technology organizations to develop prototypes for the Nationwide Health Information Network (NHIN) architecture. • The contracts were awarded to: Accenture, Computer Sciences Corporation, IBM, and Northrop Grumman, along with their affiliated partners and health care market areas. • The four consortia will move the nation toward the President’s goal of personal electronic health records by creating a uniform architecture for health care information that can follow consumers throughout their lives.
Health Care Industry Compliance Certification Nationwide Health Information Network Biosurveillance Consumer Empowerment Chronic Care Electronic Health Records Breakthroughs Standards Harmonization Industry Transformation Consumer Value Health Information Technology Deployment Infrastructure Technology Industry Privacy / Security Health IT Adoption
Health Care Industry Compliance Certification Nationwide Health Information Network Biosurveillance Consumer Empowerment Chronic Care Electronic Health Records Breakthroughs Standards Harmonization Industry Transformation Consumer Value Health Information Technology Deployment Infrastructure Technology Industry Privacy / Security Health IT Adoption
Health Care Industry Compliance Certification Nationwide Health Information Network Biosurveillance Consumer Empowerment Chronic Care Electronic Health Records Breakthroughs Standards Harmonization Industry Transformation Consumer Value Health Information Technology Deployment Infrastructure Technology Industry Privacy / Security Health IT Adoption
Challenges & Approaches in Developing the Nationwide Health Information Network (NHIN) Architecture Casey Webster
The Nationwide Health Information Network (NHIN) Architecture Prototype ProjectInternet2 Spring Member Meeting April 26, 2006
Fishkill, NY (THINC) Taconic Healthcare Information Network Communication Hudson Valley: evolving RHIO w/ shared data at HealthVision hub 2,300 physicians supporting 700,000 patients Research Triangle, NC (NCHICA) (North Carolina Healthcare Information Communication Affiliates) Competitive, high-tech urban environment: UNC, Duke, Wake Forest Rockingham County, NC and Danville, VA (NCHICA) North Carolina Healthcare Information Communication Affiliates) Rural environment with NC and VA patients Small, competitive practices and hospitals Marketplaces
UNC Hospitals and Health System Duke Univ. Health System WakeMed Health System Rex Hospital (UNC) Durham Regional Hosp (Duke) 1 x Practice 1 x Practice 1 x Practice 1 x Practice 2 x Practices Pharmacy Public Health Lab Safety Net Provider Research Triangle Marketplace
Morehead Memorial Hospital Annie Penn Hospital (Moses Cone) Moses Cone Health System 1 x Practice (unaffiliated) 1 x Practice 1 x Practice 2 x Practices Pharmacy Public Health Lab Safety Net Provider Rockingham Co., NC / Danville, VA Marketplace
Community-Centric Document repositories normalize and store clinical data within a community Can be hosted by individual hospitals/practices and/or shared within the community Community hub provides MPI, document locator, security and support services The community hub is the gateway to other communities Drive and conform to standards Instantiation of IHE interoperability framework (XDS, PIX/PDQ, ATNA & CT profiles) Clinical events stored as HL7 CDA(r2)-compliant documents Java/J2EE implementation is hardware & software vendor agnostic Proven Internet protocols for authentication, authorization, and security Provide security & privacy w/o sacrificing usability or research value Anonymous/pseudonymous data that can be re-identified as needed/permitted Supports other data aggregates (registries, biosurveillance, outcomes analysis) Practical Scalable and cost-effective at every level of practice Point-of-care performance is critical to adoption Architecture Guiding Principles
Community Hub Document Locator Support Services Data Services MPI Services ATNA PIX XDR Security Services Registry Services Logging PDQ CT Access Control NHIN Interface Community Services CAD Search/RetrievalCAD Policies/Security Admin/Maintenance QoS Biosurveillance Authentication PHR Portal Authorization Community XDS Patient Consent Hospital or Physician Practice Interface Document Services HCN Gateway Document Storage and Retrieval XDS Xform/Xlate IHE Adapter IBM Business Consulting Services ArchitectureCommunity Architecture Integration Engine or Data Source
ArchitectureCross-Community Interaction • All cross-community interactions are brokered through the NHIN interface, using other community services as needed • Authentication and authority uses a federated model, with trust relationships established at the NHIN level • Cross-community patient lookup is based on demographic matching • Identity is established by matching demographic data between the local and remote PDQ databases, with a conservative threshold • IBM research is working on open issues such as patient mobility, multi-resident patients (“snowbirds”), directed searches, and undirected bounded searches • Once a positive patient match is obtained, document search and retrieval is identical to the intra-community model
NHIN Architecture Prototype – Introduction Acronyms • IHE (Integrating the Healthcare Enterprise) Profiles • XDS – Cross-Enterprise Document Sharing • Supports saving, registering, querying and retrieving documents across enterprises but within an administrative domain • PIX – Patient Identifier Cross-referencing • Supports cross referencing of patient identifiers across domains • PDQ – Patient Demographics Query • Supports query for patients given a minimal set of demographic criteria (e.g. ID or partial name) returning all the demographics and a patient identifier within a domain • ATNA – Audit Trail and Node Authentication • Supports auditing and secure communications • CT – Consistent Time • Supports consistent time across multiple systems • J2EE – Java 2 Enterprise Edition • Sun’s Java-based framework for developing and deploying complex, scalable business solutions in a standardized manner, leveraging the following technologies • JDBC – Java Database Connectivity • A vendor-neutral means of accessing relational data from within a Java/J2EE application. Note that the data itself does not necessarily have to be stored in a relational database. • EJB – Enterprise JavaBeans • JavaBeans are reusable components within the J2EE architecture • JMS – Java Messaging Service • A vendor-neutral means of accessing message queuing systems (eg, MQ Series) from within a Java/J2EE application
What is Possible Today! Bill Weems
University of Texas HealthScience Center at HoustonUTHSC-H • Six Schools • Graduate School of Biomedical Sciences • Dental School • Medical School • Nursing School • School of Health Information Sciences • School of Public Health • ~ 10,000 Students, Faculty and Staff
Texas Medical Centerwww.tmc.edu • Forty One Institutions on 740 Acres • Approximately 65,000 Employees • Seven Large Hospitals • 6,176 Licensed Beds & 334 Bassinets • 5.2 Million Patient Visits in 2004 • Baylor College of Medicine • Rice University • Texas A&M Institution of Biotechnology • University of Texas Health Science Center at Houston • University of Texas M.D. Anderson Cancer Center
Scenario I • UT-Houston Residency Programs have some attending physicians that are non-university personnel – e.g. M.D. Anderson & Baylor • Dr. James at M.D. Anderson is to be an attending physician in the UT-Houston Internal Medicine Residency Program. • On-line Graduate Medical Education Information System (GMEIS) contains confidential and sensitive information - including HIPAA data. • Dr. James needs access to GMEIS. • How is Dr. James’ identity verified, authenticated and authorized to have access as an attending physician? • If Dr. James suddenly leaves M.D. Anderson, is his access to UT-Houston Residency Program immediately abolished?
Scenario I - Problems • Dr. James has no digital credentials. • U.T. Houston policy requires that a responsible party at U. T. Houston assume responsibility for Dr. James and sponsor him as a “guest”. • Dr. James must appear before a Local Registration Administration Agent (LRAA) to have his identity verified and be credentialed. • Does not verify his status with M.D. Anderson. • If Dr. James leaves M.D. Anderson, there is no automatic process in place to revoke his access rights.
Ideally, individuals would each like a single digital credential that can be securely used to authenticate his or her identity anytime authentication of identity is required to secure any transaction.
Assigns Everlasting Identifier Issues Digital Credential IdP Obtains Physical Characteristics Permanently Bound Person Only Activation Identifier Digital Credential Identity Vetting & Credentialing Identity Provider (IdP) uth.tmc.edu Permanent Identity Database Person
UTHSC-H: An Identity Provider (IdP) It is critical to recognize that the university functions as an identity provider (IdP) in that UTHSC-H provides individuals with digital credentials that consist of an identifier and an authenticator. As an IdP, the university assumes specific responsibilities and liabilities.
Two Categories of Identity • Physical Identity – Assigned Identifier - Authentication • Facial picture, • Fingerprints • DNA sample • Identity Attributes – Authorization Attributes • Common name, • Address, • Institutional affiliations - e.g. faculty, student, staff, contractor, • Specific group memberships, • Roles, • Etc.
UTHSC-H Identity Management System HRMS SIS GMEIS UTP Guest MS Identity Reconciliation & Provisioning Processes Person Registry INDIS Authoritative Enterprise Directories OAC7 OAC47 User Administration Tools Attribute Management Sync Authentication Service Authorization Service Change Password Secondary Directories
Source of Authority (SOA) Responsibilities An organizational entity officially responsible for identifying individuals having explicitly defined affiliations with the university constitutes a “source of authority” (SOA). The SOA is responsible for • Identifying an individual, • Maintaining the appropriate records that define a person's affiliation, • Providing others with information about the specifics of an affiliation and, • Determining if an affiliation is currently active or inactive – i.e. can a person be credentialed
Person Registry • Identity Reconciliation • Unique Identifiers Generated by Source of Record • SSN – If Available (HRMS, GMEIS, UTP, Guest, SIS) • Student ID, • Employee Number - HRMS • Full Name • First, Middle, Last • Birth Information • Date of Birth, • City of Birth, • Country of Birth • Gender • UUID – An everlasting unique identifier
Issuing a Digital Credential • Individual appears before an Identity Provider (IdP) which accepts the responsibility to • positively determine and catalog a person's uniquely identifying physical characteristics (e.g. picture, two fingerprints, DNA sample), • assign a unique, everlasting digital identifier to each person identified, • issue each identified person a digital credential that can only be used by that person to authenticate his or her identity, • maintain a defined affiliation with each individual whereby the validity of the digital credential is renewed at specified intervals.
Identity Vetting & Credentialing UTHSC-H Two Factor Authentication Identity Provider (IdP) uth.tmc.edu Permanent Identity Database Assigns Everlasting Identifier Issues Digital Credential IdP Obtains Physical Characteristics ? ? Permanently Bound Person Only Activation Identifier Person Digital Credential
Identity Vetting & Credentialing UTHSC-H Username/Password Authentication Identity Provider (IdP) uth.tmc.edu Permanent Identity Database Assigns Everlasting Identifier Issues Digital Credential IdP Obtains Physical Characteristics ? ??????? Permanently Bound Person Only Activation Using Network Username Password Identifier Person Digital Credential
Federal E-Authentication Initiativehttp://www.cio.gov/eauthentication/ • Levels of assurance (Different Requirements) • Level 1 – e.g. no identity vetting • Level 2 - e.g. specific identity vetting requirements • Level 3 – e.g. cryptographic tokens required • Level 4 – e.g. cryptographic hard tokens required • Credential Assessment Framework Suite (CAF)
UTHSC-H Strategic Authentication Goals • Two authentication mechanisms. • Single university ID (UID) and password • Public Key Digital ID on Token (two-factor authentication) • Digital Signatures • Authenticates senders • Guarantees messages are unaltered, i.e. message integrity • Provides for non-repudiation • Legal signature • Encryption of email and other documents • Highly Secure Access Control • Potential for inherent global trust
Mailing List jdoe@uth.tmc.edujsmith@bcm.edugmarks@mhhs.org jdoe@uth.tmc.edu Signed&Encrypted Message Automated Mailer jsmith@bcm.edu Request Recipient'sDigital Cert. LDAP Directory Service gmarks@mhhs.org Mass Mailing of Signed & Encrypted E-mail
The University of Texas SystemSTRATEGIC LEADERSHIP COUNCILStatement of DirectionIdentity ManagementApril 27, 2004 • LDAP (Lightweight Directory Access Protocol) compliant directory services, • eduperson schema as promulgated by EDUCAUSE and Internet2, • utperson schema (to be developed) • inter-institutional access control utilizing Internet2 Shibboleth, and • consistent institutional definitions and identity management trust policies for students, faculty, and staff as well as sponsored affiliates.
Federated ServicesIdentity (IdP) & Service Providers (SP) Identity Provider (IdP) uth.tmc.edu Identity Provider (IdP) utsystem.edu Identity Provider (IdP) bcm.edu Public Key Resource Provider (SP) library.tmc.edu GMEIS (SP) uth.tmc.edu Federation WAYF Service InCommon Infrastructure Identity Provider (IdP) mdanderson.org Blackboard (SP) uth.tmc.edu Identity Provider (IdP) utmb.edu
Home Organization Service Provider IdP Browser SP Authentication System (ISO/SSO/Cert) SHIRE Federation WAYF SERVICE (IN COMMON) SHAR Handle Service Resource Manager Attribute Authority Web Site Attributes determined by ARP RBAC Authorization System - LDAP(eduperson) Shib Software =
I am satisfied with the attributes. You are allowed access Your request is forwarded to your Organization Handle Service Shibboleth How Does Shibboleth Work? 11 Home University Browser Resource Provider Who are you and where you come from? IdP What is your Organization? 1 SP Authentication System (ISO/SSO/Cert) 4 3 Who are You? Can you login? Now I know who you are. What are your user attributes? 2 WAYF (In Common) SHIRE 5 6 SHAR Handle Service Resource Manager 7 What are the attributes for this user? I know who you are. Your request and handle is redirected to Target 8 10 Attribute Authority Attributes determined by ARP Web Site 9 Your attributes are returned to Target LDAP (eduperson)
Lessons Learned The focus of planning should be on how Identity Management makes life great for people in cyberspace!!! Don’t focus on underlying theory, arcane concepts and minute implementation details. If basic infrastructure is in place along with user applications, people will use it and demand more.
What Is Needed To Reach Critical Mass? • Develop a core group that operationally believes in & understands Identity Management! • Identity Management basic policies and procedures. • Identity reconciliation & provisioning systems • Operational LDAP directory service. • As many “real” applications as possible! • Solutions that use signing & encryption. • Cherished resources PKI and Shibboleth enabled for access.
Thank You Questions ?