1 / 15

Integrating the Healthcare Enterprise

Learn about the importance of protecting patient privacy and ensuring the confidentiality and integrity of medical data through the use of Audit Trail and Node Authentication. Discover how this technology verifies authorized access and provides an audit facility for compliance and detection of inappropriate behavior.

lisakharris
Download Presentation

Integrating the Healthcare Enterprise

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Integrating the Healthcare Enterprise Audit Trail and Node Authentication Profile • Name of Presenter • IHE affiliation

  2. IHE drives healthcare standards based-integration HIMSS Annual Conference 2004

  3. IHE 2004 achievements and expanding scope Over 80 vendors involved world-wide, 4 Technical Frameworks 31 Integration Profiles, Testing at yearly Connectathons, Demonstrations at major exhibitions world-wide Provider-Vendor cooperation to accelerate standards adoption HIMSS Annual Conference 2004

  4. IHE Process • Users and vendors work together to identify and design solutions for integration problems • Intensive process with annual cycles: • Identify key healthcare workflows and integration problems • Research & select standards to specify a solution • Write, review and publish IHE Technical Framework • Perform cross-testing at “Connectathon” • Demonstrations at tradeshows (HIMSS/RSNA…) HIMSS Annual Conference 2004

  5. Product IHE IntegrationStatement IHEConnectathon IHEDemonstration Product With IHE Easy to Integrate Products Standards IHEIntegration Profiles B IHEIntegration Profile A RFP A Proven Standards Adoption Process IHE ConnectathonResults IHETechnicalFramework User Site • IHE Integration Profiles at the heart of IHE : • Detailed selection of standards and options each solving a specific integration problem • A growing set of effective provider/vendor agreed solutions • Vendors can implement with ROI • Providers can deploy with stability HIMSS Annual Conference 2004

  6. More on IHE IT Infrastructure To learn more about IHE IT Infrastructure Integrating the Healthcare Enterprise: www.himss.org/ihe Read the IHE Brochure http://www.himss.org/content/files/IHE_newsletter_final.pdf HIMSS Annual Conference 2004

  7. Audit Trail and Node Authentication (ATNA) – Abstract/Scope • HIPAA means more attention and care to protect Patient’s Privacy, and this requires Security. • In Healthcare we have Protected Health Information for patients such as orders, procedure, images, films and reports. • The confidentiality, integrity, and availability of this information must be assured. • authorized persons must have access to medical data of patients, and the information must not be disclosed otherwise. HIMSS Annual Conference 2004

  8. Audit Trail and Node Authentication (ATNA) – Value Proposition • Assures Authorized users gain access to secure nodes • Verifies that only secure nodes exchange data. • Provides audit facility to • Verify compliance with procedures • Permit detection of inappropriate behavior • Without interfering with time critical activities HIMSS Annual Conference 2004

  9. ATNA -- EnvironmentRequired Physical Security Doors, key access, etc. restrict access Communications and Equipment are kept in restricted access areas Access to equipment is controlled Cabinets, wiring, etc. are protected. HIMSS Annual Conference 2004

  10. ATNA -- EnvironmentRequired Network Security Firewalls, VPN, and other access controls. Unauthorized external access is denied. Additional security facilities may be in place if warranted by local conditions. HIMSS Annual Conference 2004

  11. System B System A ATNA -- Node Authentication Configuration • Manually managed Node Authentication Certificates Secured Node Secured Node Secure network HIMSS Annual Conference 2004

  12. Local access control (authentication of user) • Strong authentication of remote node (digital certificates) • network traffic encryption is not required • Audit trail with: • Real-time access • Time synchronization Secured System Secured System Secure network System B System A Central Audit TrailRepository ATNA: Typical Workflow HIMSS Annual Conference 2004

  13. ATNA – Example “Transfer Image” Audit Message <?xml version="1.0" encoding="UTF-8" ?> - <AuditMessage xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="D:\data\DICOM\security\dicom-audit.xsd"> - <EventIdentification EventActionCode="C" EventDateTime="2001-12-17T09:30:47-05:00" EventOutcomeIndicator="0"> <EventID code="String" codeSystem="String" codeSystemName="String" displayName="String" originalText="String" /> <EventTypeCode code="String" codeSystem="String" codeSystemName="String" displayName="String" originalText="String" /> </EventIdentification> - <ActiveParticipant UserID="String" AlternativeUserID="String" UserName="String" UserIsRequestor="true" NetworkAccessPointID="String" NetworkAccessPointTypeCode="1"> <RoleIDCode code="String" codeSystem="String" codeSystemName="String" displayName="String" originalText="String" /> </ActiveParticipant> - <ActiveParticipant UserID="String" AlternativeUserID="String" UserName="String" UserIsRequestor="true" NetworkAccessPointID="String" NetworkAccessPointTypeCode="1"> <RoleIDCode code="String" codeSystem="String" codeSystemName="String" displayName="String" originalText="String" /> </ActiveParticipant> - <ActiveParticipant UserID="String" AlternativeUserID="String" UserName="String" UserIsRequestor="true" NetworkAccessPointID="String" NetworkAccessPointTypeCode="1"> <RoleIDCode code="String" codeSystem="String" codeSystemName="String" displayName="String" originalText="String" /> </ActiveParticipant> - <AuditSourceIdentification AuditEnterpriseSiteID="String" AuditSourceID="String"> <AuditSourceTypeCode code="1" codeSystem="String" codeSystemName="String" displayName="String" originalText="String" /> </AuditSourceIdentification> - <ParticipantObjectIdentification ParticipantObjectID="String" ParticipantObjectTypeCode="1" ParticipantObjectTypeCodeRole="1" ParticipantObjectDataLifeCycle="1" ParticipantObjectSensitivity="String"> <ParticipantObjectIDTypeCode code="String" codeSystem="String" codeSystemName="String" displayName="String" originalText="String" /> <ParticipantObjectName>String</ParticipantObjectName> - <ParticpantObjectDescription> <MPPS ID="String" /> <AccessionNumber ID="String" /> <SOPClass InstanceUID="String" NumberOfInstances="0" /> <SOPClass InstanceUID="String" NumberOfInstances="0" /> <SOPClass InstanceUID="String" NumberOfInstances="0" /> </ParticpantObjectDescription> </ParticipantObjectIdentification> - <ParticipantObjectIdentification ParticipantObjectID="String" ParticipantObjectTypeCode="1" ParticipantObjectTypeCodeRole="1" ParticipantObjectDataLifeCycle="1" ParticipantObjectSensitivity="String"> <ParticipantObjectIDTypeCode code="String" codeSystem="String" codeSystemName="String" displayName="String" originalText="String" /> <ParticipantObjectName>String</ParticipantObjectName> </ParticipantObjectIdentification> </AuditMessage> HIMSS Annual Conference 2004

  14. ATNA – Technical Details • Locally defined User Identification, Authentication, and Authorization • Node to Node communications authenticated • HL7 – TLS – Digital Certificates • DICOM – TLS – Digital Certificates • HTTP – TLS – Digital Certificates • Audit Trails • Reliable SYSLOG (Cooked) • IETF Audit Message Schema • DICOM Audit Message details • IHE further clarifications for events not detailed in DICOM HIMSS Annual Conference 2004

  15. More information…. • Web sites: www.himss.org/ihe www.rsna.org/ihe • IHE Rad Technical framework for year 5 – V5.5 • IHE IT Technical framework for year 1 – V 1.0 • Non-Technical Brochures : • IHE Fact Sheet and IHE FAQ • IHE Integration Profiles: Guidelines for Buyers • IHE Connectathon Results HIMSS Annual Conference 2004

More Related