1 / 8

PKI, Security, and Health Care

PKI, Security, and Health Care. Rich Guida Director, Information Security. What is the Health Care “Space?”. Point-of-care providers (doctors, clinics, hospitals) Consumers (who receive the care) Insurers Product companies Research institutions Governments. Another way to parse the space.

raghnall
Download Presentation

PKI, Security, and Health Care

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PKI, Security, and Health Care Rich GuidaDirector, Information Security

  2. What is the Health Care “Space?” • Point-of-care providers (doctors, clinics, hospitals) • Consumers (who receive the care) • Insurers • Product companies • Research institutions • Governments

  3. Another way to parse the space • Those who typically process patient data (as Personal Health Information – PHI) • Point-of-care facilities • Insurers • Some research institutions • Those who typically do not process patient data (as PHI – instead, anonymized) • Most product companies and governments (other than for their own employees)

  4. Applicable Federal Laws/Regulations • Health Insurance Portability and Accountability Act (HIPAA) • Confidentiality and integrity of patient data (including PHI) • FDA 21 CFR Part 11 • E-records and e-signatures • FDA “Computer Systems Validation” guidance • Government Paperwork Elimination Act (GPEA) • Electronic Signatures in Global and National Commerce Act (E-SIGN)

  5. Examples of Important Processes • Clinical trials of new drugs/devices • Data integrity/authenticity, and where PHI is involved, confidentiality • Maintaining quality assurance records on manufacturing and management • Data integrity/authenticity • Product distribution • Data integrity/authenticity – to guard against counterfeits • Billing (insurers/point-of-care providers) • All of the above

  6. Healthcare Security Today • Mostly userID/password-based for authentication and e-signatures • But strong movement towards certificate-based in many areas • Diverse environments mean diverse operating systems and practices • Health care as a whole is still evolving towards “strong computer security” principles

  7. Goals in Using Certificates • Single, unified identity for healthcare providers, globally recognized • Note: NOT patients! • Stronger e-signatures, authentication, encryption • Accelerate processes of getting drugs/devices through clinical trials – by reducing paperwork

  8. Today’s Panel • Terry Zagar from SAFE • To discuss the industry-wide initiative focusing on unified credentials based on PKI • Includes discussion of SAFE Bridge CA effort • John Landwehr from Adobe • To discuss how Adobe 6.0 and 7.0 fit in to SAFE’s activities with native PKI functionality

More Related