Document Confidentiality

1. Document Confidentiality Milan Petkovic, Ray Krasinski Structured Documents / Security WGs HL-7 Cambridge Meeting October, 2010

2. The Problem • Lack of persistent end-to-end encryption for CDA documents • Distributed heterogeneous environments with multiple intermediaries • Encryption currently at transport level (e.g. TLS) • Certain transports lack standard solutions (e.g. USB drive) • Open document-level standard for encryption fosters interoperability • Similar document-level encryption already defined for imaging • Need for enabling technology towards addressing meaningful use (HITECH), privacy legislation… • Continua Health Alliance, national health networks, etc. foreseen as possible adopters

3. Use case Third party opinion in tele-monitoring • DMO transfers encrypted CDA document to hospital in different affinity domain • Hospital GP accesses the document • GP forwards encrypted CDA document to expert specialist • Expert specialist accesses document for 2nd opinion Exchanging health records using USB drives • Doctor E-mails record summary to patient as encrypted CDA document • Patient detaches document and saves it on his USB drive • Patient shares encrypted CDA document with healthcare providers

4. Discussion • Document-level-encryption under discussion in IHE for 2010/2011 • Document encryption • Key management • Potential involvement of HL-7 for CDA document encryption • Encryption at the CDA level (XML Encryption to encrypt body and selected header fields) • Advantage: fine-grained protection (selectively protect metadata and content, …) which allows for routing, searching, de-identification, etc.