Presentation is loading. Please wait.

Presentation is loading. Please wait.

Het Persoonlijk Gezondheidsnummer (Numéro Personnel dIdentification Santé) Prof. Dr. G. De Moor 25/09/2006.

Published byFrancesca Dines Modified over 10 years ago

Similar presentations

Presentation on theme: "Het Persoonlijk Gezondheidsnummer (Numéro Personnel dIdentification Santé) Prof. Dr. G. De Moor 25/09/2006."— Presentation transcript:

1 Het Persoonlijk Gezondheidsnummer (Numéro Personnel dIdentification Santé) Prof. Dr. G. De Moor 25/09/2006

2 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor The HEPI-GO project: a Proof of Concept Project 1 Dec.2005 - 1 Jul. 2006 –HEPI: Health Electronic Personal Identifier (Solution within the existing legal framework) –Tranformation function INSS to HEPI

3 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor Often confused topics Health Professional Identification –Context: authorization (broad sense) in Healthcare –Security tool –Identify a person as HCP (actually authenticate a person in a HCP role) in order to authorize him to perform an action –Technical: Credentials linked to persons Patient Identifiers –Context: data-management (continuity of care) –NOT a security tool (authentication or authorization) –Technical: Uniform reference to the object (i.e. patient) of medical data (a number referring to a person)

4 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor Need and Context Europe –Interoperability (cf. eHealth Action Plan CEC/EU) –Cradle to grave patient identification number seen as an enabler for eHealth efficiency and patient safety –Priority in many countries –Most countries use National Number Situation in Belgium –No unified approach to patient identification (Patient ID locally defined)

5 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor Identifiers in Belgium –National Number (RRN/NRN) –Identification Number for Social Security (INSZ/NISS) (extension of NN) NN, INSS as HEPI, not recommended (legally): –Legal framework –Advice CBPL –Advice Counsel of Europe –Other (INSZ not meaningless) HEPI-GO: INSS-based HEPI

6 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor Broader view on HEPI-GO 2 (strongly related) Topics within HEPI-GO –The patient identifier: Primary HEPI creation –Algorithms –... –Operational aspects –Generation / Distribution –Management –...

7 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor Operational Aspects Patient Identifier –From cradle to grave –Should not complicate existing procedures (HEPI = efficiency) –Existing carriers of identifiers –SIS (Social Security Card) –eID (by 2009)

8 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor HEPI Choices –One identifier within the care domain –Distribution: –Central HEPI Conversion Service (fits BeHealth vision) –Can provide trust required because of algorithmic constraints –Allows (limited) control of HEPI generation –Care providers can store HEPI as administrative data in their records (only minimum number of conversions needed) –Patient can carry his HEPI around (e.g. on a hospital patient-card) Remember: –The HEPI is not suited for protecting privacy!

9 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor Micro-ID-domains within Care (IDM related) Not Recommended

10 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor HEPI: INSS Transformation Design Constraints formulated by stakeholders –The transformation from INSS to HEPI should be irreversible –Different interpretations of irreversible –Only authorized parties should be able to perform the transformation –The primary HEPI must be manually and automatically processable –The INSS transformation should be strictly collision free

11 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor HEPI: INSS Transformation –Not all design requirements can be met at the same time –Two different approaches, with different tradeoffs are proposed in the report: –A solution based on symmetric encryption (Collision-free, but not one-way) –A solution based on one-way functions (Requiring a centralized database to become collision free)

12 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor Candidate Solution based on Symmetric Cipher

13 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor Candidate Solution based on HASH/MAC Very similar to assigning random HEPIs

14 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor Summary I. Symmetric CipherII. Symmetric Cipher with improved Keying III. Simple Translation Table (encrypted HEPIs) IV. Translation Table with one-way function V. Hybrid Scheme of Figure 8 Crypto-attackRelies on cipher security (2 nd round weakness) Relies on cipher security (improved 2 nd round) Random Numbers (Maximum protection) Relies on HMAC security (high) Mixture of I (2 nd round weakness) and IV (improved 1 st round) Knowledgeable attacker Can reverse HEPI effortless Can reverse with effort Can reverse virtually effortless Mathematically Reversible YES NO Partially HEPI length- 64 bit + keyID - 64 bit + keyID ++ >INSS space + >>INSS space - 64 bit + keyID HEPI length example 15+1 2222-ABCD-EFGH- 345C 15+1 3333-ABCD-EFGH- 345Y 9+1 / 10+1 ABC-DEF-234-E ABCDE-23456-S 12+1 ABCD-EFGH-2345-Q 15+1 4444-ABCD-EFGH- 345R Storage of INSS and/or HEPI lists NO YES NO Can handle fundamental changes to INSS format YES Limited

15 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor Summary –HEPI-GO scope: transformation of INSS into HEPI –Scope interpreted broader –HEPI not suitable for protecting privacy –Operational –Single HEPI for the care domain –Centralised Management –Conversion algorithm –No fully satisfying solution has been found –…

16 Telematica Commissie 25/09/2006Prof. Dr. G. De Moor Summary –Conversion algorithm (continued) –The proposed algorithm meets the HEPI-GO requirements quite well –But offers virtually no benefits over the obvious solution based on a translation table and randomly generated HEPIs –Can be used for generating secondary HEPIs towards other domains

Download ppt "Het Persoonlijk Gezondheidsnummer (Numéro Personnel dIdentification Santé) Prof. Dr. G. De Moor 25/09/2006."

Similar presentations

The U.S. Health Information Technology Agenda – and the Web John W. Loonsk, MD Director of Interoperability and Standards Office of the National Coordinator.

The U.S. Health Information Technology Agenda – and the Web John W. Loonsk, MD Director of Interoperability and Standards Office of the National Coordinator.
S.O.S. eHealth Project Open eHealth initiative for a European large scale pilot of patient summary and electronic prescription Daniel Forslund, Head of.

S.O.S. eHealth Project Open eHealth initiative for a European large scale pilot of patient summary and electronic prescription Daniel Forslund, Head of.
CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies.

CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies.
1 Future strategy for e-submission as seen by industry Dr Michael Colmorgen, IFAH-Europe 2nd Veterinary Workshop on E-submission 4 Dec 2009, EMEA, London.

1 Future strategy for e-submission as seen by industry Dr Michael Colmorgen, IFAH-Europe 2nd Veterinary Workshop on E-submission 4 Dec 2009, EMEA, London.
Conclusions from e-Health

Conclusions from e-Health
Security standardization for Health Informatics ITU-T eHealth conference Geneva 2003-05-23 Dr Gunnar O. Klein convenor of ISO/TC 215/WG 4 Security Karolinska.

Security standardization for Health Informatics ITU-T eHealth conference Geneva Dr Gunnar O. Klein convenor of ISO/TC 215/WG 4 Security Karolinska.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
EHR stakeholder workshop – 11th October 2007 1 EHR integration for clinical research: toward new interaction models ? Isabelle de Zegher.

EHR stakeholder workshop – 11th October EHR integration for clinical research: toward new interaction models ? Isabelle de Zegher.
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
Lecture 5: Cryptographic Hashes

Lecture 5: Cryptographic Hashes
HIT Policy Committee Federal Health IT Strategic Plan April 13, 2011 Jodi Daniel, ONC Seth Pazinski, ONC.

HIT Policy Committee Federal Health IT Strategic Plan April 13, 2011 Jodi Daniel, ONC Seth Pazinski, ONC.
Bringing HIPAA to Hospital Systems HIPAA impact on hospital systems viaMD solution for HIPAA compliance W e b e n a b l i n g Pa t i e n t A d m i t t.

Bringing HIPAA to Hospital Systems HIPAA impact on hospital systems viaMD solution for HIPAA compliance W e b e n a b l i n g Pa t i e n t A d m i t t.
Setting Processes for Electronic Signature 1 The ”W-SPES Project” and the “Leuven Report on the Electronic Signatures Directive” – Putting the Project.

Setting Processes for Electronic Signature 1 The ”W-SPES Project” and the “Leuven Report on the Electronic Signatures Directive” – Putting the Project.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
ULTIMA*ERP - Enterprise Hospital

ULTIMA*ERP - Enterprise Hospital
A Health Professional’s Perspective Dr Michael Wilks CPME www.cpme.eu.

A Health Professional’s Perspective Dr Michael Wilks CPME
Information Security Principles & Applications Topic 4: Message Authentication 虞慧群

Information Security Principles & Applications Topic 4: Message Authentication 虞慧群
HIMMA National Conference 2005 Accelerating E-Health Dr Ian Reinecke CEO National E-Health Transition Authority (NEHTA) Geelong 29 July 2005 nehta.

HIMMA National Conference 2005 Accelerating E-Health Dr Ian Reinecke CEO National E-Health Transition Authority (NEHTA) Geelong 29 July 2005 nehta.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Similar presentations

Ads by Google