Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Gottfried Heider 1 The Austrian Use Case: eCard The eCard Project: giving an electronic card to everyone for accessing personal health record From patients.

Published byJody Goodman Modified over 8 years ago

Similar presentations

Presentation on theme: "© Gottfried Heider 1 The Austrian Use Case: eCard The eCard Project: giving an electronic card to everyone for accessing personal health record From patients."— Presentation transcript:

1 © Gottfried Heider 1 The Austrian Use Case: eCard The eCard Project: giving an electronic card to everyone for accessing personal health record From patients to professionals Governmental patients directory and professional directory

2 © Gottfried Heider 2 eCards Is a magnetic card containing an identity of the owner It is personal and not modifiable It is used for authenticating users and for retrieving patient’s consent

3 © Gottfried Heider 3 Communities ELGA project is divided in communities that use XDS and XCA for cross-community access XUA for providing assertions to the user BPPC for enforcing patient consent

4 © Gottfried Heider 4 BPPC and requirements from ELGA Change of Confidentiality Code in the Registry 1 (one) Registry for all Policy Documents governmental policy repository Authorization for one Doctor and/or Organization Advanced Patient Privacy Consents BPPC enforce policies at consumer level This is not exactly following the XACML paradigm There is the need to “trusted” consumers

5 © Gottfried Heider 5 Requirements for BPPC Change of Confidentiality Code in Registry for one or more special documents Reason : Patient doesn’t like that all doctors should have the view on all documents independent from the role Eg: Family Doctor shouldn’t see psychiatric documents Second Oppinion How to do ? The change of this code should be possible without any replacement of the document – only changing the code Why this way ? If the patient changes the code more than one time the document will be stored very often in the database Disadvantage in the CDA Document the Confidentiality Code is stored = Different Confidentiality Codes For Austria it is a must

6 © Gottfried Heider 6 Requirements for BPPC All Consent Documents from all Affinity Domains in 1 Registry in a Consent Domain Reason : In Austria we will have approx. 50-60 Affinity Domains and each Affinity Domain will have 1 (one) Registry The Consent Document should be unique = should not be different from one Affinity Domain to the other one Changing of Consent Document will be done only in one Affinity Domain Performance (using eventually caching mechanisms) Easier to check the Consent Documents in a Document Consumer and also in a Document Source For Austria it is a must

7 © Gottfried Heider 7 Requirements for BPPC Consent Documents for 1 (one) Patient (Plan in Austria) 1 (one) Consent Document without any restrictions This Consent Document is only valid for the patient himself In this case the patient can’t block out himself This Consent Document will be created from the system automatically if the patient will be stored the first time in a Master Patient Index 1 (one) Consent Document for opt-in / opt-out The patient should define with time parameter if his documents can be stored in the Registries or not Same Rules for Document Source and Document Consumer Default will be opt-in Documents will be stored in Registry GP’s and hospital organization will have access to the documents This Consent Document will be created from the system automatically if the patient will be stored the first time in a Master Patient Index For Austria it is a must

8 © Gottfried Heider 8 Requirements for BPPC ( Advanced Patient Privacy Consents) Authorization for one Doctor and/or Organization Reason : Standard BPPC is working with time parameters In this case the documents are open for all GP’s, Organizations, Institutes,..at this time In Austria we will have legal problems with this (data protection) We will have a directory with all Doctors in Austria How to do ? For an outpatient it should be possible to define which doctor has the rights (dependent from the roles,..) to see his documents at the defined time (will be adjusted from the patient himself via a portal solution) Inpatient : this will be done automatically from the system For Austria it is a must (Legal Requirement)

9 © Gottfried Heider 9 ELGA proposal ELGA proposes to use the XACML and BPPC by enforcing policies at registry (repository) side Patients and doctors are authenticated using SAMLP for obtaining TWO authentication assertion: one for the patient and one for the doctor (no WS-Federation) XDS queries are performed using XCA carrying the TWO SAML assertions Using the assertion for the patient, the system is able to retrieve the patient’s XACML policy Policy is enforced at registry/repository level

10 © Gottfried Heider 10 ELGA proposal PEP: Policy Enforcement Point PDP: Policy Decision Point PIP: Policy Information Point PAP: Policy Administration Point Ticket: SAML Token with Pat Id and Role

11 © Gottfried Heider 11 Contacts Feedbacks are welcome! Arbeitsgemeinschaft Elektronische Gesundheitsakte www.arge-elga.at office@arge-elga.at gottfried.heider@ehealthcon.at office@tiani-spirit.com

12 © Gottfried Heider 12 Japanese Hebrew Thank You English Merci French Danke German Grazie Italian Gracias Spanish Obrigado Brazilian Portuguese Arabic Simplified Chinese Traditional Chinese Korean Thai Hindi Tamil go raibh maith agat Gaelic Tak Danish Trugarez Breton Dutch Dank u Czech Dekujeme Vam Dankon Esperanto Tack så mycket Swedish Terima Kasih Malaysian

Download ppt "© Gottfried Heider 1 The Austrian Use Case: eCard The eCard Project: giving an electronic card to everyone for accessing personal health record From patients."

Similar presentations

What IHE Delivers Basic Patient Privacy Consents HIT-Standards – Privacy & Security Workgroup John Moehrke GE Healthcare.

What IHE Delivers Basic Patient Privacy Consents HIT-Standards – Privacy & Security Workgroup John Moehrke GE Healthcare.
September, 2005What IHE Delivers 1 Basic Patient Privacy Consents (BPPC) IHE Vendors Workshop 2006 IHE Patient Care Coordination Education

September, 2005What IHE Delivers 1 Basic Patient Privacy Consents (BPPC) IHE Vendors Workshop 2006 IHE Patient Care Coordination Education
Almaden Services Research Almaden Research Center, San Jose, CA 20 April 2006 Multifaceted approach to ontologizing the ONTOLOG content Rooted in pragmatism,

Almaden Services Research Almaden Research Center, San Jose, CA 20 April 2006 Multifaceted approach to ontologizing the ONTOLOG content Rooted in pragmatism,
Extending XDW in Cross-Community Editor: Charles Parisot Notes for the March 19 th, 2013 – ITI Tech Committee.

Extending XDW in Cross-Community Editor: Charles Parisot Notes for the March 19 th, 2013 – ITI Tech Committee.
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
Clients for XProtect VMS What’s new presentation

Clients for XProtect VMS What’s new presentation
A Presentation for the Enterprise Architect © 2008 IBM Corporation IBM Technology Day - SOA SOA Governance Miroslav Petrek IT Software Architect

A Presentation for the Enterprise Architect © 2008 IBM Corporation IBM Technology Day - SOA SOA Governance Miroslav Petrek IT Software Architect
Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.
Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,

Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,
Consumer Privacy using HITSP TP30 John Moehrke – GE Healthcare Co-Chair HITSP Security/Privacy/Infrastructure Co-Chair HL7 Security Workgroup Member IHE.

Consumer Privacy using HITSP TP30 John Moehrke – GE Healthcare Co-Chair HITSP Security/Privacy/Infrastructure Co-Chair HL7 Security Workgroup Member IHE.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
IBM Proof of Technology Discovering the Value of SOA with WebSphere Process Integration © 2005 IBM Corporation SOA on your terms and our expertise WebSphere.

IBM Proof of Technology Discovering the Value of SOA with WebSphere Process Integration © 2005 IBM Corporation SOA on your terms and our expertise WebSphere.
E-SENS eHealth Use Cases. eHealth Use Cases (Overview) eConfirmation How is a health care provider in MS B able to get an insurance confirmation for a.

E-SENS eHealth Use Cases. eHealth Use Cases (Overview) eConfirmation How is a health care provider in MS B able to get an insurance confirmation for a.
4th project meeting 27-29/05/2013, Budapest, Hungary FP 7-INFRASTRUCTURES-2011-2 programme 283770 agINFRA agINFRA A data infrastructure for agriculture.

4th project meeting 27-29/05/2013, Budapest, Hungary FP 7-INFRASTRUCTURES programme agINFRA agINFRA A data infrastructure for agriculture.
Prof. Reinhold Haux Dr. Markus Wagner The Lower Saxony Bank of Health 23 th of August, 2013.

Prof. Reinhold Haux Dr. Markus Wagner The Lower Saxony Bank of Health 23 th of August, 2013.
IBM Rhapsody Simulation of Distributed PACS and DIR systems Krupa Kuriakose, MASc Candidate.

IBM Rhapsody Simulation of Distributed PACS and DIR systems Krupa Kuriakose, MASc Candidate.
IBM Maximo Asset Management © 2007 IBM Corporation Tivoli Technical Exchange Calls Aug 31, 2010 1 Maximo - Multi-Language Capabilities Ritsuko Beuchert.

IBM Maximo Asset Management © 2007 IBM Corporation Tivoli Technical Exchange Calls Aug 31, Maximo - Multi-Language Capabilities Ritsuko Beuchert.
James Cabral, David Webber, Farrukh Najmi, July 2012.

James Cabral, David Webber, Farrukh Najmi, July 2012.
Using 3 XDS Affinity Domains at the Connectathon Prior to the 2010 European connectathon, we chose to test with one Affinity Domain, with one Patient ID.

Using 3 XDS Affinity Domains at the Connectathon Prior to the 2010 European connectathon, we chose to test with one Affinity Domain, with one Patient ID.
Using 3 XDS Affinity Domains at the Connectathon Prior to the 2010 European connectathon, we chose to test with one Affinity Domain, with one Patient ID.

Using 3 XDS Affinity Domains at the Connectathon Prior to the 2010 European connectathon, we chose to test with one Affinity Domain, with one Patient ID.

Similar presentations

Ads by Google