150 likes | 512 Views
Providing Secure Internet Access to Health Care Information Rex Gantenbein, Thomas L. James, and John Kim University of Wyoming Center for Rural Health Research and Education/ Computer Science Department I. Introduction
E N D
Providing Secure Internet Access to Health Care Information Rex Gantenbein, Thomas L. James, and John Kim University of Wyoming Center for Rural Health Research and Education/ Computer Science Department
I. Introduction • Center for Rural Health Research and Education (CRHRE) at the University of Wyoming • Mission: provide Internet access to information for health care researchers and practitioners in a frontier environment • Problem: Preserving confidentiality (HIPAA) • Integrating confidential data collection and storage with secure and efficient distribution of data over the Internet => better access to health care information
II. Goals of this work • Protect data on a data warehouse from unauthorized access • Provide secure client-to-gateway connectivity through virtual private networking (VPN)
III. The Architecture of the System • Data marts – Connected to the network • Data warehouse – Isolated from the network • The main user interface – ASP • Network security – authentication & data transport
Security Features • Access Control Services • Protect internet resources from unauthorized use • Authentication • Communication Security Services • Ensure confidentiality and integrity of data in transmission • IPSec • VPN • Firewalls
Access Control – Authentication Authentication based on Kerberos version 5 • Default network authentication protocol • Confirmation uses a symmetric secret key • Advantages • Less Possibility of False Authentication • More Flexibility
Communication Security – IPSec • Data Transport Approaches • Application layer approach • Traffic is encrypted before it is submitted to the OS • Network layer approach • Encryption is added directly into the network • Traffic is protected without requiring modification of application • A security standard at the network layer of network communication has been proposed by Cisco
Communication Security – Firewalls • Protects the private resources of a network from remote users and Controls the outside resources • Examines each network packet before deciding whether or not to forward each packet • May include or work with a proxy server
Communication Security – VPN • Enables remote users to gain connectivity by tunneling into their network • IPSec protocols are used primarily for VPN • Adv. • Little effect on applications – IPSec • Economical benefit – no more leasing network lines • Additional level of security – encryption before sending
Internet ISA/VPN IIS SQL DC The Network Configuration • ISA (Proxy/Firewall) • IIS (Data Mart Server) • DC (KDC) • SQL (Data Warehouse)
The Network Configuration, cont. • ISA • The first Proxy Server running MS Internet Security and Acceleration Server (firewall + VPN) • Kerberos – blocks unauthorized access to the network • Redirect only valid connections • IIS • The web server running MS Internet Information Server • The user’s physical interface + data marts • SQL • The data warehouse running MS-SQL Server • Not connected to the network • DC • MS Windows 2000 Server • KDC (Kerberos key Distribution Center) • Does not accept outside connections
Data management approach • Data entry • An authorized user downloads the data to data marts • Administrator updates the Data warehouse • Data retrieval • An authorized user requests retrieval over the Internet • The administrator creates a new data mart • The authorized user can then download the data mart
IV. Summary • An architecture for secure remote access to confidential health information using off-the-shelf technology • Limits on the response time to any request for access • Ensures high levels of authentication, confidentiality, integrity, and authentication through the isolation of the data warehouse • Foundation for health care research through management and distribution of data in a secure manner