Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cerner Presentation to S&I esMD Workgroup – Industry Scan Senior Director and Solution Strategist – Compliance John Travis.

Similar presentations


Presentation on theme: "Cerner Presentation to S&I esMD Workgroup – Industry Scan Senior Director and Solution Strategist – Compliance John Travis."— Presentation transcript:

1 Cerner Presentation to S&I esMD Workgroup – Industry Scan Senior Director and Solution Strategist – Compliance John Travis

2 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 2 Outline User Identification and Authentication Recording User Identity for Electronic Health Record Entry Proxy Use of Advanced Authentication Use of Cryptographic Means of Author/Record Linking Support for PKI and Digital Certificates Verification of External Author of Record (AoR) Credentials Support for Various Levels of AoR Determination

3 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 3 User Definition Within The System

4 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 4 Password Definition

5 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 5 Password Policies Supported Minimum Length Mixed Character Sets Minimum Numbers of Alpha, Numeric and Special Characters Expiration Policies Password History Configured to retain n prior versions Encrypted Store Never Passed as Plain Text

6 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 6 Recording User Identity for Electronic Record Entry General abilities System generally relies on authenticated user identity for session System supports time out policies for suspension and termination configurable to the application server (Citrix) or end user device depending on the context System supports password based signer authentication for order and document signature System supports advanced authentication methods for medication management events Order verification and co-signature Medication Administration Medication Dispensing We are in process of enabling requirements of DEA IFR for Electronic Prescribing of Controlled Substances (EPCS)

7 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 7 Refresher – DEA IRF Authentication Credential Authentication must be two factor with two of the three factors being from among A biometric A knowledge factor such as a password A hard token For hard tokens Must be FIPS Security Level 1 compliant Must be stored on a device separate from the computer used to access the application Could leverage an existing hard token, but would need to still be issued credentials specific to eRX of controlled substances May use hardware devices such as a PDA, a cell phone, a smart card, a USB fob or other devices

8 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 8 Refresher – DEA IFR Authentication Credential For biometrics May be stored on a computer, hard token or biometric reader If on a computer or PDA, device must be in a known controlled location or must be build directly into the computer or PDA Storage of biometric data must be adequately protected or maintained Subsystem must store device ID data at enrollment with biometric data Device ID must be verified at time of user authentication Raw data and templates must be protected if authentication is not local For an open network, data must be Cryptographically source authenticated Combined with a random challenge, nonce or timestamp Cryptographically protected Sent only to authorized systems TLS may be used

9 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 9 Refresher – DEA IFR Authentication Credential For biometrics Biometric subsystem must Operate at a false match rate of or lower Use matching software with demonstrated performance corresponding to the required false match rate Conform to Personal Identity Verification (PIV) specifications as per NIST SP Be independently tested by NIST or a DEA approved testing laboratory

10 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 10 Controlled Substance Prescribing Example

11 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 11 Proxies – General Principles Assuming appropriate security authorizations are in place, one user may grant proxy to another for purpose of notifications of signing events Proxies are granted to categories of events – not individual events Proxies typically are set for a time period to designated individuals Proxies can be revoked or granted at a users election on a specific basis while active Granted proxies can be limited in access to those which have been assigned to a user to take Proxy can be granted in an emergency case even if not generally enabled

12 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 12 Granting Proxies for Signature – Set Up

13 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 13 Setting Up Proxy Rights – Grant or Revoke

14 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 14 Setting Up Proxy Rights – Individual User

15 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 15 Notification of Proxies to a Recipient User

16 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 16 Use of Advanced Authentication For user authentication for a session and for medication management workflow, Cerner Millennium supports integration with Imprivata for strong authentication Imprivata currently has support for Fingerprint biometric authentication. Support for biometric technology found in Lenovo, Dell and other laptop PCs, Motion tablets, etc., using UPEK TouchStrip or Authentec technology USB tokens One-Time-Password (OTP) tokens Windows smart cards and national ID smart cards Active and passive proximity cards

17 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 17 Support for Advanced Authentication/Cryptographic Means/Use of PKI – EPCS Example Basic Flow

18 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 18 Support for Advanced Authentication/Cryptographic Means/Use of PKI – EPCS Example System will interface with Imprivata for strong authentication and the Certificate Management service for digitally signing controlled substance eRX

19 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 19 Support for Advanced Authentication/Cryptographic Means/Use of PKI – EPCS Example Basic workflow for EPCS

20 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 20 Support for Advanced Authentication/Cryptographic Means/Use of PKI – EPCS Example Certificate Management Service Cryptographic module used to digitally sign the EPCS is at least FIPS Level 1 validated and can be higher for deployment Digital signature service and hash function complies with FIPS and FIPS Private key will be stored encrypted on a FIPS Level 1 or higher cryptographic module using a FIPS approved encryption algorithm

21 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 21 Support for Validation of External AoR Credentials This is not an ability we currently enable

22 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 22 Supporting Various Levels of AofR General System Behaviors Upon signature, authorship is included within the document Signing actions are viewable in a action list view Specific contributions are tracked and able to be viewed in the document view with a tracked changes feature Signer authentication currently uses password based method if enabled From a use standpoint, most clients rely on authenticated session identity

23 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 23 Support for Varying Levels of AofR – Single Author

24 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 24 Support for Varying Levels of AofR – Multiple Author

25 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 25 Support for Varying Levels of AofR – Tracking of Multiple Authors

26 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 26 Example of a Signed Document as Output and Online for a Clinic Note

27 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 27 Example of Signed H&P – Shows Co-Sign and Authenticator Role

28 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 28 Example of Section of Signed Radiology Report

29 © 2011 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or transmitted without the express written consent of Cerner. 29 Example of Signed Section of ED Report – Multiple Contributors for given sections

30 QUESTIONS?


Download ppt "Cerner Presentation to S&I esMD Workgroup – Industry Scan Senior Director and Solution Strategist – Compliance John Travis."

Similar presentations


Ads by Google