Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIMSS – January 28, 2002 Remote Servicing under HIPAA with proposed Solution A John F. Moehrke Chairmen of Remote Servicing Focus Group NEMA/COCIR/JIRA.

Published byGriselda Cook Modified over 8 years ago

Similar presentations

Presentation on theme: "HIMSS – January 28, 2002 Remote Servicing under HIPAA with proposed Solution A John F. Moehrke Chairmen of Remote Servicing Focus Group NEMA/COCIR/JIRA."— Presentation transcript:

1 HIMSS – January 28, 2002 Remote Servicing under HIPAA with proposed Solution A John F. Moehrke Chairmen of Remote Servicing Focus Group NEMA/COCIR/JIRA Security and Privacy Committee Systems Engineering – Security and Privacy in Healthcare GE Medical Systems

2 NEMA/JIRA/COCIR Security and Privacy Committee HIMSS – January 28, 2002 What you will learn today Remote Servicing is critical Remote Servicing presents new security risks Vendors are working on a common solution that will a.Reduce administration (Hospital and Vendor) b.Improve Accountability c.Provide a more secure environment Privacy is the Goal, Security is the way.

3 NEMA/JIRA/COCIR Security and Privacy Committee HIMSS – January 28, 2002 Security and Privacy Committee (SPC) Joint effort by NEMA-MII, COCIR-IT, and JIRA Mission: Ensure a level of data security and data privacy in the health care sector that:  Meets legally mandated requirements  Can be implemented in ways that are reasonable and appropriate  Reduces Healthcare costs of compliance Scope: All systems, devices, components, and accessories used in medical imaging informatics Scope is not exclusive of other products and is expected to be extendable to all Equipment that maintains Patient Data (PHI) International data security and data privacy legislation, currently focusing on the European Community, Japan, and the United States of America

4 NEMA/JIRA/COCIR Security and Privacy Committee HIMSS – January 28, 2002 Efforts of the SPC Educational Document :  http://medical.nema.org/privacy/education.pdf http://medical.nema.org/privacy/education.pdf Remote Servicing Proposal (This talk)  http://medical.nema.org/privacy/remote.pdf http://medical.nema.org/privacy/remote.pdf Audit Controls:  http://medical.nema.org/privacy http://medical.nema.org/privacy Secure IHE Profiles  Work in progress Members: AGFA, GE, Kodak, Konica, Philips, Siemens, Toshiba

5 NEMA/JIRA/COCIR Security and Privacy Committee HIMSS – January 28, 2002 Why do Remote Servicing? Benefit to Health Care Provider Better Availability and Integrity of the systems Quick response as no Travel involved Higher quality of service  Knowledge base available at the Vendor  Expert can be applied to the problem/solution Benefit to Vendor Lower costs to service equipment More service offerings (preemptive diagnosis) Remote Service Centers (RSC) centralize knowledge and expertise

6 HIMSS – January 28, 2002 Hospital Remote Servicing today Vendor Z Vendor Y Complex Wired Infrastructure Vendor X Remote Service Center Modem Connections Hospital Network

7 HIMSS – January 28, 2002 Hospital Remote Servicing Solution Vendor Z Vendor Y Vendor X Ex. Internet VPN Uses Hospital Network Access points

8 HIMSS – January 28, 2002 Hospital Access Control Vendor Z Vendor Y Vendor X 2. Device under service 1. Individual Service Personal 3. Access point Edges 1. Individual Service Personal 2. Device under service

9 HIMSS – January 28, 2002 Hospital Audit Trails Vendor Z Vendor Y Vendor X 2. Device under service 1. Individual Service Personal 3. Access point Edges 3. Session specifics where and when 1. Individual Service Personal 1. who, what, where, when & why 2. Device under service 2. when, and what

10 NEMA/JIRA/COCIR Security and Privacy Committee HIMSS – January 28, 2002 Health Care Provider gains Control and Manageability Control of each session and/or vendor Rules that restrict where vendor X can go, what tools they can use, when they can connect, etc Strong Access Point Authentication Audit trails to prove accountability

11 NEMA/JIRA/COCIR Security and Privacy Committee HIMSS – January 28, 2002 Next Steps for SPC  Focus Group Charter Define a Reasonable and Practical solution that follows this architecture Candidate ‘A’ -- IPSec tunneling over the Internet  ESP/AH – 3DES and SHA1  IKE – Session Key negotiation  Certificates – communicated out-of-band (mail, courier, etc)  Filtering and Routing rules maintained by the Healthcare facility  Audit trails maintained at RSC  Individual Authentication maintained at the RSC

12 HIMSS – January 28, 2002 Hospital Solution A: IPSec on Internet Vendor Z Vendor Y Vendor X IPSec Tunnel, ESP+AH 3DES, SHA1 IKE-RSA, PKI out-of-band

13 NEMA/JIRA/COCIR Security and Privacy Committee HIMSS – January 28, 2002 Conclusion The Focus Group is actively creating these Descriptions of Candidate Implementations  Vendors are providing experts from their Service organizations  AGFA, GE, Kodak, Philips, Siemens, Toshiba, + Targeting End of 2002 with demonstration at RSNA Will seek approval by NEMA, COCIR, and JIRA early 2002 Likely Vendor implementations mid 2002

14 HIMSS – January 28, 2002 John F. Moehrke GE Medical Systems 262-293-1667 John.Moehrke@med.ge.com

Download ppt "HIMSS – January 28, 2002 Remote Servicing under HIPAA with proposed Solution A John F. Moehrke Chairmen of Remote Servicing Focus Group NEMA/COCIR/JIRA."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
RSNA – December, 2002 Internet Based Remote Servicing of Medical Equipment under HIPAA – A standard solution Joint NEMA/COCIR/JIRA Security and Privacy.

RSNA – December, 2002 Internet Based Remote Servicing of Medical Equipment under HIPAA – A standard solution Joint NEMA/COCIR/JIRA Security and Privacy.
SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.

SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.
Internet2, CENIC and Merit: Partnering to Deliver Cloud Services to California.

Internet2, CENIC and Merit: Partnering to Deliver Cloud Services to California.
Workshop on High Confidence Medical Device Software and Systems (HCMDSS) Research & Roadmap June 2-3, 2005 Philadelphia, PA. Manufacturer/Care-Giver Perspective.

Workshop on High Confidence Medical Device Software and Systems (HCMDSS) Research & Roadmap June 2-3, 2005 Philadelphia, PA. Manufacturer/Care-Giver Perspective.
San Angelo Telehealth Conference November 2005. AGENDA About PHD Medical The Televisit Platform Televisit 100 for Home Ventilation Televisit Demonstration.

San Angelo Telehealth Conference November AGENDA About PHD Medical The Televisit Platform Televisit 100 for Home Ventilation Televisit Demonstration.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Security Controls – What Works

Security Controls – What Works
DICOM and Integrating the Healthcare Enterprise: Five years of cooperation and mutual influence Charles Parisot Chair, NEMA Committee for advancement of.

DICOM and Integrating the Healthcare Enterprise: Five years of cooperation and mutual influence Charles Parisot Chair, NEMA Committee for advancement of.
Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.

Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

Similar presentations

Ads by Google