Meeting EHR Security Requirements: SeAAS Approach

Slides:



Advertisements
Similar presentations
Integrating the Healthcare Enterprise. Initiative to adopt standards for information and communication in healthcare IT Sponsored by health organizations.
Advertisements

Integrating the Healthcare Enterprise
September, 2005What IHE Delivers 1 Basic Patient Privacy Consents (BPPC) IHE Vendors Workshop 2006 IHE Patient Care Coordination Education
XDS Security ITI Technical Committee May 27, 2006.
GE Healthcare IHE Case Study: Transforming Image Distribution Hainan Region China.
Integrating the Healthcare Enterprise
Existing tools for cooperation – WG 2 1 Regional Policy Dialogue Capacity building seminars WORKING GROUP MEETINGS HIGH LEVEL SEMINAR SERIES 4 working.
Cross Community (XC) Profiles Karen Witting. Outline Vision – as described in 2006 IHE White Paper on Cross Community Exchange Existing – what has been.
Community of Interest for Patient Identifiers AGENDA 1.NHII’s Unique Health Information Identification Requirements - Soloman I. Appavu, SIG Leader 2.Identification.
Connecting Digital Health in Denmark Otto Larsen, Director
EHR Governance in South Western Ontario eHealth 2013 Glenn Lanteigne CIO South West and Waterloo Wellington LHIN and SWO Cluster Lead May 29, 2013 Tweet.
ULTIMA*ERP - Enterprise Hospital
Bilateral Communication With the New York Citywide Immunization Registry Angel Aponte Computer Specialist (Software) Contact:
T-Systems’ Experiences Cost Efficiency in Healthcare.
Transform Clinical Content Management & Collaboration Using Interoperability to DISCLAIMER: The views and opinions expressed in this presentation are those.
AHCCCS/ASU Clinical Data Project March 17 th, 2009 Arizona Health Care Cost Containment Health System Medicaid Transformation Grant Program.
1. Context: Ambient Intelligence Ambient Intelligence (AmI) represents a vision of ubiquitous computing, sensing and actuating to unobtrusively enhance.
Cross Domain Patient Identity Management Eric Heflin Dir of Standards and Interoperability/Medicity.
Slide 1 Sharing Images without CDs, The Next Imaging Sea Change GE Healthcare Chris Lindop GE Healthcare Interoperability & Standards.
EHR Systems Use and Quality in EHR Systems Use and Quality in Austria EHR Systems Quality Labelling and Certification November 2011, Belgrade FH-Prof.
Cross Domain Patient Identity Management Eric Heflin Dir of Standards and Interoperability/Medicity.
Component 10 – Fundamentals of Workflow Process Analysis and Redesign
Initial slides for Layered Service Architecture
S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.
© Copyright 2011 Hewlett-Packard Development Company, L.P. 1 Sundara Nagarajan (“SN”) CLOUD SYSTEMS AUTOMATION.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Robert Horn Agfa Healthcare.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.
Sandy Lum University of Toronto Candidate MHSc in Clinical Engineering The Totally Integrated Electronic Patient Record (EPR)
What IHE Delivers Security and Privacy Overview & BPPC September 23, Chris Lindop – IHE Australia July 2011.
XDS Security ITI Technical Committee May 26, 2006.
September, 2005What IHE Delivers 1 Key Image Notes Evidence Documents Simple Image & Numeric Report Access to Radiology Information IHE Vendors Workshop.
September, 2005What IHE Delivers 1 Radiology Option for Audit Trail and Node Authentication IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert.
OpenPASS Open Privacy, Access and Security Services “Quis custodiet ipsos custodes?”
DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China Efficient, Standard-Compliant Streaming of EHR Imagery Combining.
September, 2005Cardio - June 2007 IHE for Regional Health Information Networks Cardiology Uses.
Clinical Collaboration Platform Overview ST Electronics (Training & Simulation Systems) 8 September 2009 Research Enablers  Consulting  Open Standards.
Final Project – Health Information Exchange: Technology, Challenges & Opportunities Group 3 Gary Brown, Michelle Burke, Kazi Russell MMI 402 Fall 2013.
Cross-Enterprise User Authentication John F. Moehrke GE Healthcare IT Infrastructure Technical Committee.
Security, Privacy Access openPASS Open Privacy, Access and Security Services Project Status Report July 1, 2008.
Patient Identity Management Eric Heflin Dir of Standards and Interoperability/Medicity.
Dynamic Data Brief Profile Proposal for 2009/10 presented to the IT Infrastructure Planning Committee Karen Witting September 30, 2009.
XDS Security ITI Technical Committee May 27, 2006.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Patient Identifier Cross-referencing Charles PARISOT GE Healthcare.
Personal Health Records. Personal health records (PHR): – Availability and utility increasing Important for patients and consumers Combine data and empower.
1 An initiative developed in the framework of the START project supported by the European Commission (DG InfSo) START IST SSA.
No one left behind Open Systems Reference Architectures, Standards and Platforms for Independent Living and Active ageing: a proposal Paolo Inchingolo.
IT Infrastructure Planning Committee Service Model Task Service Layer Entity Service Layer Utility Service Layer Logical service abstraction layers categorize.
© Gottfried Heider 1 The Austrian Use Case: eCard The eCard Project: giving an electronic card to everyone for accessing personal health record From patients.
© 2005 IBM Corporation IBM Global Business Services 4/10/2006 | Casey Webster and Kevin Julier © 2006 IBM Corporation IBM NHIN Architecture Leveraging.
Cross-Enterprise User Authentication Year 2 March 16, 2006 Cross-Enterprise User Authentication Year 2 March 16, 2006 John F. Moehrke GE Healthcare IT.
XDS Security ITI Technical Committee May, XDS Security Use Cases Prevent Indiscriminate attacks (worms, DOS) Normal Patient that accepts XDS participation.
Date of download: 5/30/2016 Copyright © 2016 SPIE. All rights reserved. The diagram of actors (boxes) and transactions (lines) used in the XDS-I.b profile.
Date of download: 5/30/2016 Copyright © 2016 SPIE. All rights reserved. The diagram of actors (boxes) and transactions (lines) used in the XDS-I.b profile.
EHealth Development Vision. eHealth ojectives Healthcare systems and network focused on the patient: Not patient runs between institutions but the patients’
E-SENS Electronic Simple European Networked Services e-Health in e-SENS Patient Summary and ePrescription 2nd Year Review, 24th June 2015.
1 CDC Health Information Exchange (HIE) Accelerating State-wide Public Health Situational Awareness in New York Through Health Information Exchanges August.
June-September 2009www.ihe.net North American 2010 Connectathon & Interoperability Showcase Series Paul Seifert/ Kinson Ho Solution Architects Agfa HealthCare.
IT Infrastructure Plans Karen Witting – IBM IT Infrastructure Technical Committee co-chair.
eHealth Standards and Profiles in Action for Europe and Beyond
IT Infrastructure Plans
IHE Security XDS as a case study
Federation Karen Witting.
Radiology Option for Audit Trail and Node Authentication Robert Horn
IHE Workshop: Displayable Reports (DRPT)
System Directory for Document Sharing (SDDS)
Integrating the Healthcare Enterprise
Integrating the Healthcare Enterprise (IHE) IHE-EUROPE
A medical device manufacturer Spreading information to save lives
Presentation transcript:

Meeting EHR Security Requirements: SeAAS Approach Basel Katt ,Thomas Trojer, Ruth Breu University of Innsbruck, Austria Thomas Schabetsberger, and Florian Wozak ITH icoserve/Siemens, Austria

Quality Engineering Selected Projects

Quality Engineering Laura Bassi Lab Living Models for Cooperative Systems Industry Partners

ITH icoserve Portfolio /1 Clinical Information Systems DICOM (PACS) Multimedia Digital Archives local node comm unity node Portals registries ELGA Meeting EHR Security Requirements: SeAAS Approach 17.01.2019

ITH icoserve Portfolio /2 Health Network Tyrol

Challenges related to Security Architecture IHE (Integrated Healthcare Enterprise) Initiative proposes different profiles supporting the development of distributed Electronic Health Records (EHR) IHE Security profiles have two main drawbacks Application of end point security paradigm security profiles for complex security requirements like privacy and non- repudiation are vague and do not consider architectural design End point security in distributed and heterogeneous EHR systems increased management and maintenance overhead increased processing overhead at each end point Challenging enforcement of complex security requirements at each point Meeting EHR Security Requirements: SeAAS Approach 17.01.2019

IHE Basic Reference Architecture Health Region is divided into affinity domains Registry/Repository and Source/Consumer based on XDS profiles Patient id for local identification based on PIX/PDQ profiles Gateways as a bridge between different domain based on XCA profile Global Patient Id component Meeting EHR Security Requirements: SeAAS Approach 17.01.2019

Architectural Solution – Security as a Service Extracting security functionalities from end points Security tasks and mechanisms are moved from end points and placed in security specific components These components are responsible for all security requirements of the whole domain Meeting EHR Security Requirements: SeAAS Approach 17.01.2019

SeAAS Provider Architecture Main Components SeAAS Gateway intercepts functional requests and queries the SeAAS provider SeAAS Provider Engine to orchestrate the functions of different services Configuration by Policy Repository Security Services Primitive Services Complex Services Meeting EHR Security Requirements: SeAAS Approach 17.01.2019

Benefits Compatibility with current IHE security profiles Proposed extension and new profiles based on SaaS paradigm Centralized Security Solutions Overcoming the management and maintenance complexity Reducing the processing overhead of end points Tackling advanced security requirements like non-repudiation, privacy and complex access control policies Meeting EHR Security Requirements: SeAAS Approach 17.01.2019

Conclusion IHE profiles as a basis for the realization of distributed EHR systems Problems of security related profiles No support of complex security requirements End point security paradigm Security as a Service Architecture (SeAAS) Based on the cloud paradigm Conforms with the current IHE profiles and proposes possible extensions Ongoing Work Performance evaluation of the SeAAS architecture Enabling patients to set access rights to health data Usability evaluation Integration with continuous security management to monitor security requirements Meeting EHR Security Requirements: SeAAS Approach 17.01.2019

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.