1 / 19

ELECTRONIC PRESCRIPTIONS

ELECTRONIC PRESCRIPTIONS. Basia Korel Kendra Wadsworth. MOTIVATION. Astronomical number of medical errors and deaths Up to 7,000 Americans die per year The financial costs run nearly $77 billion a year Prescription fraud is a growing problem in the United States.

meriel
Download Presentation

ELECTRONIC PRESCRIPTIONS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ELECTRONIC PRESCRIPTIONS Basia Korel Kendra Wadsworth

  2. MOTIVATION • Astronomical number of medical errors and deaths • Up to 7,000 Americans die per year • The financial costs run nearly $77 billion a year • Prescription fraud is a growing problem in the United States.

  3. A. Prescription altered to change the type of drug from Tylenol II to Tylenol IV

  4. CURRENT STATE-OF-ART • UIFramework - Graphical user interface of prescribing e-Prescriptions project • TrustworthyRX - Secure transmission of the e-Prescriptions across a trustworthy framework project

  5. GOALS • Integrate the user interface for writing prescriptions with the project that digitally signs and secures the transmission of the prescription. • Add further functionality to the user interface • To incorporate fingerprint authentication to ensure the identity of the physician

  6. WHY FINGERPRINTS??? • Impossible to lend someone your hand • More than 50 percent of all help desk calls are related to passwords either lost, forgotten, or otherwise useless • Other authentication mechanisms require you to carry something • Everyone is known to have a unique, immutable fingerprint

  7. DigitalPersona U.are.U 4000 Reader

  8. FINGERPRINT IDENTIFICATION: HOW IT WORKS • A fingerprint is made of a series of ridges and furrows on the surface of the finger. • The uniqueness of a fingerprint can be determined by the pattern of ridges and furrows as well as the minutia points. • Minutiae points are local ridge characteristics that occur at either a ridge bifurcation or a ridge ending.

  9. HOW IT WORKS… • Fingerprint scanner captures an image of the fingerprint (the pattern of ridges and furrows) • Only a subset of features are extracted from the image based on spatial relationships • Data containing subset of data points is stored in a template

  10. HOW IT WORKS… • Our system assumes enrollment – the fingerprint enrollment template is stored in a secure database • The verification template is captured in the running system and verified against the enrollment template

  11. ISSUES… • Integration - All data fields must be consistent in database, prescription object in UI and prescription object in TrustworthyRX • Means to instantiate prescription object in TrustworthyRX with populated fields from UI. • Generate an XML file with these populated fields according to XML Schema definition. • Fingerprint authentication – assume physician enrollment • Generate and store x.509 certificates from a trust CA for appropriate stakeholders to digital sign prescription object.

  12. DIGITAL SIGNATURES • Public key cryptography algorithm • Jane wants to send a secure message to John and John wants to verify it came from Jane 1. Jane’s message -> hash alg. -> Jane’s message digest 2. message digest -> Jane’s private key -> Jane’s signature 3. Jane -> Jane’s message and signature -> John 4. signature -> Jane’s public key -> hash alg. -> John’s computed message digest 5. Jane’s message digest == John’s computed message digest

  13. x.509 CERTIFICATES • Uses a digital signature to bind a public key to an identity. - authenticates user - assures that data originated from the verified source - data integrity - protects data from being altered during transmission - confidentiality - protects a user’s identity. • Our implement - Authenticode x.509 v.3 certificates - this certificate is signed with a private key that uniquely identifies the holder of the certificate.

  14. E-PRESCRIPTIONS DEMO

  15. A FEW PROBLEMS… • Both projects needed to be redesigned for proper integration. • Web Services – x.509 certificates • Web Services - RSACryptoServiceProvider

  16. NOT ENOUGH TIME • Web services • Timed session • Replay attack

  17. FUTURE WORK • WS-SecureConversation – ensure message level security by securing internal SOAP messages in the system. • Web services and SSL – secure end-user to web services connections and database to client connections. • Ensure ethical and lawful drugs/prescriptions are being issued.

  18. THANK YOUS • Professor Weaver • Mentors: Shaun Hutton & Paul Bui • Dr. Tom Powers • NSF REU Group, Summer 2006

  19. REFERENCES • Center for Problem-Oriented Policing, “The Problem of Prescription Fraud”, http://www.popcenter.org/Problems/problem-prescription-fraud.htm • Vogelsang, Jeff and Kristin Wang, “Trustworthy Electronic Prescriptions”, Project Documentation, April 2006. • Stuppy, John and Austin Kennedy, “Secure e-Prescriptions User Interface”, Project Summary & User Manual, Spring 2006.

More Related