Presentation is loading. Please wait.

Presentation is loading. Please wait.

Het Persoonlijk Gezondheidsnummer (Numéro Personnel dIdentification Santé) Prof. Dr. G. De Moor 25/09/2006.

Similar presentations


Presentation on theme: "Het Persoonlijk Gezondheidsnummer (Numéro Personnel dIdentification Santé) Prof. Dr. G. De Moor 25/09/2006."— Presentation transcript:

1 Het Persoonlijk Gezondheidsnummer (Numéro Personnel dIdentification Santé) Prof. Dr. G. De Moor 25/09/2006

2 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor The HEPI-GO project: a Proof of Concept Project 1 Dec Jul –HEPI: Health Electronic Personal Identifier (Solution within the existing legal framework) –Tranformation function INSS to HEPI

3 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor Often confused topics Health Professional Identification –Context: authorization (broad sense) in Healthcare –Security tool –Identify a person as HCP (actually authenticate a person in a HCP role) in order to authorize him to perform an action –Technical: Credentials linked to persons Patient Identifiers –Context: data-management (continuity of care) –NOT a security tool (authentication or authorization) –Technical: Uniform reference to the object (i.e. patient) of medical data (a number referring to a person)

4 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor Need and Context Europe –Interoperability (cf. eHealth Action Plan CEC/EU) –Cradle to grave patient identification number seen as an enabler for eHealth efficiency and patient safety –Priority in many countries –Most countries use National Number Situation in Belgium –No unified approach to patient identification (Patient ID locally defined)

5 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor Identifiers in Belgium –National Number (RRN/NRN) –Identification Number for Social Security (INSZ/NISS) (extension of NN) NN, INSS as HEPI, not recommended (legally): –Legal framework –Advice CBPL –Advice Counsel of Europe –Other (INSZ not meaningless) HEPI-GO: INSS-based HEPI

6 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor Broader view on HEPI-GO 2 (strongly related) Topics within HEPI-GO –The patient identifier: Primary HEPI creation –Algorithms –... –Operational aspects –Generation / Distribution –Management –...

7 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor Operational Aspects Patient Identifier –From cradle to grave –Should not complicate existing procedures (HEPI = efficiency) –Existing carriers of identifiers –SIS (Social Security Card) –eID (by 2009)

8 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor HEPI Choices –One identifier within the care domain –Distribution: –Central HEPI Conversion Service (fits BeHealth vision) –Can provide trust required because of algorithmic constraints –Allows (limited) control of HEPI generation –Care providers can store HEPI as administrative data in their records (only minimum number of conversions needed) –Patient can carry his HEPI around (e.g. on a hospital patient-card) Remember: –The HEPI is not suited for protecting privacy!

9 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor Micro-ID-domains within Care (IDM related) Not Recommended

10 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor HEPI: INSS Transformation Design Constraints formulated by stakeholders –The transformation from INSS to HEPI should be irreversible –Different interpretations of irreversible –Only authorized parties should be able to perform the transformation –The primary HEPI must be manually and automatically processable –The INSS transformation should be strictly collision free

11 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor HEPI: INSS Transformation –Not all design requirements can be met at the same time –Two different approaches, with different tradeoffs are proposed in the report: –A solution based on symmetric encryption (Collision-free, but not one-way) –A solution based on one-way functions (Requiring a centralized database to become collision free)

12 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor Candidate Solution based on Symmetric Cipher

13 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor Candidate Solution based on HASH/MAC Very similar to assigning random HEPIs

14 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor Summary I. Symmetric CipherII. Symmetric Cipher with improved Keying III. Simple Translation Table (encrypted HEPIs) IV. Translation Table with one-way function V. Hybrid Scheme of Figure 8 Crypto-attackRelies on cipher security (2 nd round weakness) Relies on cipher security (improved 2 nd round) Random Numbers (Maximum protection) Relies on HMAC security (high) Mixture of I (2 nd round weakness) and IV (improved 1 st round) Knowledgeable attacker Can reverse HEPI effortless Can reverse with effort Can reverse virtually effortless Mathematically Reversible YES NO Partially HEPI length- 64 bit + keyID - 64 bit + keyID ++ >INSS space + >>INSS space - 64 bit + keyID HEPI length example ABCD-EFGH- 345C ABCD-EFGH- 345Y 9+1 / 10+1 ABC-DEF-234-E ABCDE S 12+1 ABCD-EFGH-2345-Q ABCD-EFGH- 345R Storage of INSS and/or HEPI lists NO YES NO Can handle fundamental changes to INSS format YES Limited

15 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor Summary –HEPI-GO scope: transformation of INSS into HEPI –Scope interpreted broader –HEPI not suitable for protecting privacy –Operational –Single HEPI for the care domain –Centralised Management –Conversion algorithm –No fully satisfying solution has been found –…

16 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor Summary –Conversion algorithm (continued) –The proposed algorithm meets the HEPI-GO requirements quite well –But offers virtually no benefits over the obvious solution based on a translation table and randomly generated HEPIs –Can be used for generating secondary HEPIs towards other domains


Download ppt "Het Persoonlijk Gezondheidsnummer (Numéro Personnel dIdentification Santé) Prof. Dr. G. De Moor 25/09/2006."

Similar presentations


Ads by Google