80 likes | 280 Views
PKI, Security, and Health Care. Rich Guida Director, Information Security. What is the Health Care “Space?”. Point-of-care providers (doctors, clinics, hospitals) Consumers (who receive the care) Insurers Product companies Research institutions Governments. Another way to parse the space.
E N D
PKI, Security, and Health Care Rich GuidaDirector, Information Security
What is the Health Care “Space?” • Point-of-care providers (doctors, clinics, hospitals) • Consumers (who receive the care) • Insurers • Product companies • Research institutions • Governments
Another way to parse the space • Those who typically process patient data (as Personal Health Information – PHI) • Point-of-care facilities • Insurers • Some research institutions • Those who typically do not process patient data (as PHI – instead, anonymized) • Most product companies and governments (other than for their own employees)
Applicable Federal Laws/Regulations • Health Insurance Portability and Accountability Act (HIPAA) • Confidentiality and integrity of patient data (including PHI) • FDA 21 CFR Part 11 • E-records and e-signatures • FDA “Computer Systems Validation” guidance • Government Paperwork Elimination Act (GPEA) • Electronic Signatures in Global and National Commerce Act (E-SIGN)
Examples of Important Processes • Clinical trials of new drugs/devices • Data integrity/authenticity, and where PHI is involved, confidentiality • Maintaining quality assurance records on manufacturing and management • Data integrity/authenticity • Product distribution • Data integrity/authenticity – to guard against counterfeits • Billing (insurers/point-of-care providers) • All of the above
Healthcare Security Today • Mostly userID/password-based for authentication and e-signatures • But strong movement towards certificate-based in many areas • Diverse environments mean diverse operating systems and practices • Health care as a whole is still evolving towards “strong computer security” principles
Goals in Using Certificates • Single, unified identity for healthcare providers, globally recognized • Note: NOT patients! • Stronger e-signatures, authentication, encryption • Accelerate processes of getting drugs/devices through clinical trials – by reducing paperwork
Today’s Panel • Terry Zagar from SAFE • To discuss the industry-wide initiative focusing on unified credentials based on PKI • Includes discussion of SAFE Bridge CA effort • John Landwehr from Adobe • To discuss how Adobe 6.0 and 7.0 fit in to SAFE’s activities with native PKI functionality