Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health.
Published byModified over 5 years ago
Presentation on theme: "Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health."— Presentation transcript:
Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health 2005, Tromsö May, 24
Page 2 Content What is the need of a PKI in the Health sector ? Why do Health organisations implement IT systems ? The PKI definition The Health actors and the exchanges to be secured The experience of the GIP-CPS, first European public PKI Certificates : guarantee of identity, profession, activity Recording, publication Deployment status Examples of applications The GIP-CPS business development PKI interoperability issues
Page 3 The HealthCare Information System Why do Health organisations implement IT systems ? 1. To share medical information between all parties assuming some responsibility towards patients 2. To implement public health security information systems (medical watching, epidemiological surveys, clinical research….) 3. To improve administrative and financial management processes 4. To develop continuous access to information and knowledge for the HealthCare system participants
Page 4 What is a PKI ? A Public Key Infrastructure (PKI) manages the space of confidence of the organization, enable to control all the security aspects of the environment : users’ authentication, confidentiality, data integrity, non-repudiation of the transactions. To achieve this goal, the PKI offers the administration services, the generation and diffusion of keys and electronic certificates necessary to the security products (secured e-mail, SSL server and clients, signature software...). REGISTRATION AUTHORITY (Med. Assoc., State and Insurance representatives) Valid the professional record CERTIFICATION AUTHORITY (GIP-CPS) produces cards as well as associated keys and certificates PUBLICATION SERVICE HealthCare PROFESSIONAL CPS PKI Directory Opposition Lists CRL
Page 5 Fournisseurs Payeurs Care providers Regulator Payers Suppliers HealthCare Structures HealthCare Professionals Pharmaceutical laboratories Pharmacies Health web sites Compulsory National Health Insurances Complementary Health Insurances Employers What is the need of a PKI in the Health sector ? Many data exchanges to secure
Page 6 The GIP-CPS « Groupement d’Intérêt Public – Carte de Professionnel de Santé » It fits the demands for confidence and security in electronic exchanges and sharing of medical data Its members : - the French state, - the 3 compulsory national health insurances, - the complementary health insurances, - the professional associations, - different user organizations.
Page 7 In France, the certification authority of the health sector Since it was created (in 1993), the GIP-CPS has developed the health professional card (CPS smart card) for the SESAM-Vitale application (the electronic refund claim form exchanged between health professionals and health insurance). Within its card, the GIP-CPS delivers to health professionals certificates usable by all the applications of the health sector allowing : the authentication, the signature. Moreover, confidentiality certificates are used for messages’ encoding.
Page 8 The certificate : official « electronic professional identity document » Quality of the recording process : rigorous checking of identity and professional skills of the holder (Medical Associations, State and Insurance representatives’ visas). Publication of valid certificates and revocation list accessible for applications 24/24 and 7/7 Setting up of a single French health professional repository (RPPS*) * RPPS : « Répertoire Partagé des Professionnels de Santé » Confidence guarantee bring by the GIP-CPS
Page 9 The deployment status (16/04/2005 figures) Valid cards’ holders : 570 506 Liberal sector : 495 382 (8 out of 10 liberal health professional) –Regulated health professionals : 286 924 –Employees : 208 458 Health structures : 75 124 –Regulated health professionals : 19 571 –Employees : 55 553
Page 10 Examples of applications Management of medical duties in Dordogne Access to medical files in medical departments of military units (health service of the Armies) Access for liberal professionals to a hospital medical file in Antibes Shared Patient Medical File between doctors in Lyon (Oncora network) Management of working time, secured accesses to buildings and workstations in a hospital in Angers e-transmission of the refund claim forms (Sesam-Vitale) : 76 580 000 in January 2005
Page 11 The GIP-CPS business development The new national projects (Shared Personal Medical File “DMP”, secured access to health insurance data, electronic prescriptions...) will : –Stimulate exchanges and sharing of medical electronic data, –Require the protection of these exchanges and data. To adapt its offer to these emergent needs, the GIP-CPS enhances its range of certificates with : – Certificates with software support (being able to be embarked by industries in a USB key, a key server, a personal electronic assistant...), – Server Certificates.
Page 12 PKI interoperability issues Necessity of interoperability Why interoperability ? It is a precondition to secured interconnection of applications and networks How interoperability is checked? by comparison of certification policies, of exploitation procedures and implemented means What are the means of implementation ? –Accreditation by national reference organizations –Mutual recognition of PKI at an international level Interoperability within European countries - Would a European certification authority be of any interest ? - How can we study and experiment interoperability of electronic certificates with other State members ?
Page 13 Conclusion Thank you for your attention ! www.gip-cps.fr Contact for international relationship : firstname.lastname@example.org