110 likes | 188 Views
Cross-Enterprise Privacy Policy (XPP). Profile Proposal for 2008/09 presented to the IT Infrastructure Technical Committee Sören Bittins ( eCR , Fraunhofer ISST) November, 18th 2008. Editors. Raik Kuhlisch, Jörg Caumanns (Fraunhofer ISST) Christof Strack (SUN Microsystems)
E N D
Cross-Enterprise Privacy Policy (XPP) Profile Proposal for 2008/09 presented to the IT Infrastructure Technical Committee Sören Bittins (eCR, Fraunhofer ISST) November, 18th 2008
Editors • Raik Kuhlisch, Jörg Caumanns (Fraunhofer ISST) • Christof Strack (SUN Microsystems) • Oliver Pfaff, Markus Franke (Siemens IT Solutions and Services)
Data Privacy and Protection (short) Processing of medical information is generally forbidden but subject to the possibility of “authorisation” (refers technically to consent) This authorisation is bound to a specific and limited “purpose” The purpose as a key principle legally regulates the “context” Finally the context directly indicates the “actors” and their assigned “role” which are legally authorised to access the medical information Inadequate implementation of the above may lead to: Violation of the data protection regulations Being forced to compensate for loss/damages suffered Violation of the legal requirement concerning confidential and discrete medical communication with all its attached implications Joint and personal liability for inappropriate risk management and assessment
Current Situation Private practices or very small hospitals usually delegate all rights to all of the concerned workforce Hospitals are utilising rather static RBAC or DAC systems with a potential organisational emergency override Most legal requirements are merely enforced “organisationally” Security measures are usually reactive and in retro-perspective: Access control rules usually grant more rights than usually required Reliance on the audit trail if a breach is assumed / detected Role and rights assignment is usually only intra-enterprise Inconsistent enforcement of the patient’s consent to medical data processing in distributed, cooperative health care scenarios
Cross-Enterprise Policy Provision XPP features the cross-enterprise retrieval of situation- and role-aware policies and the concrete enforcement of those policies XPP directly manages, controls and filters the transactions and actors within a medical network XPP may implement all core access control principles (RBAC, DAC, MAC) as well as the reflection of higher-level aspects (SoD) XPP enables automatic and flexible situation-aware decisions: Up-to-date reflection on the existence and contents of the patients consent Limitations of the roles who may access a resource (Cardiologists only) Controlled emergency override by a special policy Distributed inter-enterprise policy retrieval and decisions in a federated and interconnected environment
Requirements for Cross-Enterprise Authorisation Policy Pull vs. Policy Push optimisation of anticipated effort to discover and provide the matching policy Functionality is implemented by a Security Token Service consistent and standards-based (WS Trust) security layer Separation of Policy Registry and Policy Repository Policy lookup vs. policy retrieval Policy semantics vs. policy encoding
Proposed Standards & Systems • WS Trust for policy retrieval • SAML for integrating policies into security tokens • XACML as possibility for policy encoding • OASIS XSPA draft standard as a reference • Activities should be synchronized with the activities of HITSP and VA/HL7 on role based access control policies
IHE Profile Grouping XPP is designed to initially group with existing IHE ITI profiles: XUA: for providing subject identity information and ensuring the authenticity of the policy assertions PWP: as a policy information point for a subject’s attributes ATNA: for auditing transactions and operating XPP actors as secure and mutual authenticated nodes XDS: most prominent example for the actors and transactions to be safeguarded More grouping may follow when other transactions who might benefit from XPP are identified and implemented
Expected Acceptance It has shown that the XPP actors and transactions can be implemented using standard “off-the-shelf” libraries: Open Source eCR Reference Implementation (Fraunhofer ISST) Security Framework for a large hospital chain (Siemens) eCR Implementation for a University Hospital (iSoft, Microsoft) eCR implementation for large municipal hospital (ISPro, SUN) eCR v1.4 will incorporate the XPP Integration Profile: 11 pilot projects together with hospitals that represent 15% of the German hospital market strong vendor involvement (Agfa, Siemens, NoemaLife, SUN, Microsoft, iSoft, TietoEnator, ICW, ...) Austrian governmental initiative ELGA (electronic health record) is also aligning to this direction