Presentation is loading. Please wait.

Presentation is loading. Please wait.

Purpose of HIPAA Administrative Simplification to improve... the efficiency and effectiveness of the health care system, by encouraging the development.

Similar presentations


Presentation on theme: "Purpose of HIPAA Administrative Simplification to improve... the efficiency and effectiveness of the health care system, by encouraging the development."— Presentation transcript:

1 Purpose of HIPAA Administrative Simplification to improve... the efficiency and effectiveness of the health care system, by encouraging the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information. –from the statute

2

3

4

5 Security/Privacy Services u A group of related services that, together, facilitate the integrity, confidentiality, interoperability and automation of healthcare information exchange in a SOA-based healthcare IT environment. u They address issues of entity authentication, authorization, access control and accountability. u Owned by Security TC, but… u Cross discipline, cross domain approach.

6 Scope and Purpose Security-as-a-Service within an SOA- oriented architecture implies the decomposition and decoupling of complex security processes that are typically integrated across infrastructure and applications into a set of encapsulated, loosely-coupled security/privacy services.

7 Scope and Purpose Security-as-a-Service within an SOA- oriented architecture implies the decomposition and decoupling of complex security processes that are typically integrated across infrastructure and applications into a set of encapsulated, loosely-coupled security/privacy services.

8 Why do we care? u Encourages the deployment of interoperable services and applications u Reduces the cost of application development u Facilitates the automation of certain healthcare business processes

9 Scenario: Clinician Needs Patient Data From viewpoint of Requestor/Recipient- Requesting u Where is the patient data? Whos the custodian? u In what format can the data be sent? u What courier services are available? u How do I submit a request? From viewpoint of Healthcare Information Custodian u Who is requesting the data? u Why should I let them see it? u Do the Requestors privileges match my Policy? Courier Service u Deliver to intended recipient u Dont allow tampering u Maintain confidentiality From viewpoint of Requestor/Recipient- Receiving u Who sent it? Do I trust them? u Has it been tampered with? u Can I understand what the Author intended to say?

10 Functional Capabilities u To include security/privacy functionality essential to enable or facilitate interoperability and automation including identity management, trust management, privilege and access management, auditing, etc. These would be as constrained as possible while still providing a complementary set of security services. u Identity and credentials of a resource requestor that can be authenticated must be transported to an resource access decision point where appropriate authorization policy is applied, an access control decision is enforced and all required audit events are recorded. Confidentiality of PHI is maintained at all times.

11 Example – Open Source EHR-S Function Operating System Computer Hardware Healthcare Applications/ Components Execution Environment Eclipse Base Framework Cross Industry Framework Healthcare Framework HL7 EHR-S Function I.1.6 Basic NHIN Access Trust Registry Identity Management Trust Network Directory Access Security/ Encryption Privacy Audit Services Communications Authentication

12 Example – Vendor ePrescription Sub-Profile Vendors use the Healthcare Framework to build specialized profiles and applications like ePrescribing. Installable Eclipse plug-ins encapsulate the functions required to support profiles and applications. Operating System Computer Hardware Healthcare Applications/ Components Execution Environment Eclipse Base Framework Cross Industry Framework Healthcare Framework HL7 EHR-S Function DC ePrescribe Trust Registry Identity Management Trust Network HL7 MessagingUI - RCP Directory Access ePrescription Practice Management Components EHR System Components Payer Services HL7 Vocabulary Advanced XML Processing Security/ Encryption Privacy Audit Services Communications Authentication

13 OverviewConceptual Healthcare Service Architecture Health Information Network POINT OF SERVICE Hospital, LTC, CCC, EPR Physician Office EMR EHR Viewer Physician/ Provider Lab System (LIS) Lab Clinician Radiology Center PACS/RIS Radiologist Pharmacy System Pharmacist Public Health Services Public Health Provider HSB Access NodeRepresentative HIN Services HSB Support Services Open HealthIT Core Initiative Health Information Network Infrastructure Services Security Management Provider Registry Patient Resolution Service Registry Privacy Management Community Management Interoperability Services HL7 V3 Terminology Document Processing Patient Information Services De-Identified Patient Data Warehouse Healthcare Information Exchange Personal Health Record (PHR) Electronic Health Record (EHR) Public Health Information Services Public Health Reporting Outbreak Management Healthcare Service Bus (HSB) R R R R R R R R R R Open HealthIT Reference Implementation Representative Commercial Services

14 Overview--Healthcare Service Architecture Health Information Network POINT OF SERVICE Physician Office EMR Physician/ Provider HSB Access NodeRepresentative HIN Services HSB Support Services Open HealthIT Core Initiative Healthcare Information Exchange R Open HealthIT Reference Implementation Representative Commercial Services

15 Open Health IT - HSB Messaging Stack Network Hardware Healthcare Service Bus TCP/IP HTTP SOAP xHIN Protocols Local Healthcare Services Healthcare Process Model & Execution Engine Healthcare Applications HTTP SOAP xHIN Protocols Intranet Healthcare Services HTTP-S/MIME Browser HTTP SOAP xHIN Protocols Intranet Healthcare Services HTTP SOAP xHIN Protocols HSB Support Services

16

17 xHIN Identity Transport Transport Envelope (http, smtp, file, …) SOAP Envelope SOAP Header SOAP Body wss:Security Encrypted (transport) Encrypted (transport, optional) Other Query Sender ID + Structural Role Sender Functional Role Policy-based (Tier 1) Target Object Access Decision Policy-based (Tier 0) Web Service Access Decision Other Digital Signature (transport) SAML Assertion: Role SAML Assertion: Other Sender Other Document Other

18 xHIN – extensible Health Information Network The xHIN technology represents both an architecture and a set of functional specifications that exhibits two essential attributes: u the ability to facilitate automation of clinical and business processes, and u high extensibilitythe ease with which xHIN-based health information networks can be deployed, expanded and enhanced. xHIN oneness TM

19 Security/Privacy Services May include: u Integrity u Confidentiality u Identity Management u Access Control/Privilege Management Access Decision Service Access Policy Provisioning Service u Audit Privacy Security u Entity Registry Service Facilitates the location of an entitys PKI information and other information required to accomplish the exchange of healthcare information. u Credential Authentication Service u Credential Binding Service Credentials may be bound to an Identity u Trust Correlation Service u De-identification, Re-identification, Pseudnonymization

20 Entity Registry Service PKI identity services for entities are likely to be provided by many different parties- private, commercial and government. The Entity Registry Service facilitates the location of an entitys PKI information and other information required to accomplish the exchange of healthcare information. The entity data may be maintained by an Identity Provider. This service may leverage the EIS.

21 Access Control/Privilege Management u Access Decision Service Taking into account asserted identity/credentials, target resource and other factors, returns a decision allowing or denying access to the target resource. May leverage Identity Authentication and Credential Authentication Services u Access Policy Provisioning

22 Next Steps Reference/Resource Compilation Mailing List Telecon Schedule Sub-service Prioritization Initial Drafts

23 Eclipse OHF Architecture Overview Eclipse Core Windows or Linux OS Computer Hardware Display Interne t Security (OSGi) Smart Token Support Other Plug-ins as needed Devices Wireless Support Class of Plug-ins Plug-in Communication Channel Metering JFace SWT Runtime UI Workbench Services Resources TextUpdateHelp Basic XML Services Non-core Services and Plug-ins Rules Processing Dynamic Code/Schema Management Business Intelligence and Modeling Other Plug-ins as needed Development Tools Data Tools EclipseTelecomAutomotiveHealthcare

24 Eclipse Core Windows or Linux OS Computer Hardware Display Interne t Security (OSGi) Smart Token Support Other Plug-ins as needed Devices Wireless Support Class of Plug-ins Plug-in Communication Channel Metering JFace SWT Runtime UI Workbench Services Resources TextUpdateHelp Basic XML Services Non-core Services and Plug-ins Business Intelligence and Modeling Other Plug-ins as needed Development Tools Data Tools EclipseApplicationsHealthcare Open Healthcare Framework HIPAA Support XML Processing Trust-based Network Support Web Service Support Other Plug-ins as needed Voice Services Support Administrative Tools EHR Support Rules Processing Dynamic Code/Schema Management Eclipse OHF Architecture Overview

25 Eclipse Core Open Healthcare Framework Windows or Linux OS Computer Hardware HIPAA Support Display Interne t Dynamic Code/Schema Management Security (OSGi) Smart Token Support Other Plug-ins as needed Applications Devices Wireless Support XML Processing Trust-based Network Support Web Service Support Other Plug-ins as needed Voice Services Support Administrative Tools EHR Support Class of Plug-ins Plug-in Communication Channel Dictation/ Transcription ePrescription CCR Client Practice Management Administrative Support Training Telecom Services Registry Services Clinical Testing Payer Services Trust Services Support Metering Knowledge Services Clinical Data Capture Support Patient Services Rules Processing Eclipse OHF Architecture Overview


Download ppt "Purpose of HIPAA Administrative Simplification to improve... the efficiency and effectiveness of the health care system, by encouraging the development."

Similar presentations


Ads by Google