RSNA – December, 2002 Internet Based Remote Servicing of Medical Equipment under HIPAA – A standard solution Joint NEMA/COCIR/JIRA Security and Privacy.

Slides:

Advertisements

Similar presentations

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.

Advertisements

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Guide to Network Defense and Countermeasures Second Edition

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Westbrook Technologies from Document Management’s Role in HIPAA.

SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

HealthNet connect Telehealth

DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

1 Configuring Virtual Private Networks for Remote Clients and Networks.

Security Controls – What Works

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Virtual Private Networking Karlene R. Samuels COSC513.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Virtual Private Network

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.

Virtual Private Network (VPN). ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential “ If saving money is wrong, I don’t want.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

© 2001 by Carnegie Mellon University PSM-1 OCTAVE SM : Senior Management Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh,

Forms Management: Compliance, Security & Workflow Efficiencies.

HIMSS – January 28, 2002 Remote Servicing under HIPAA with proposed Solution A John F. Moehrke Chairmen of Remote Servicing Focus Group NEMA/COCIR/JIRA.

September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.

1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.

Module 11: Remote Access Fundamentals

VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.

Virtual Private Network (VPN) Topics Discussion What is a VPN? What is a VPN?  Types of VPN  Why we use VPN?  Disadvantage of VPN  Types of.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Profile IHE IT Technical and Planning Committee June 15 th – July 15 th 2004.

Top Issues Facing Information Technology at UAB Sheila M. Sanders UAB Vice President Information Technology February 8, 2007.

Together.Today.Tomorrow. The BLUES Project Karen C. Fox, PhD Chief Executive Officer.

Integrating the Healthcare Enterprise Audit Trail and Node Authentication Profile Name of Presenter IHE affiliation.

1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.

PKI Forum Business Panel March 6, 2000 Dr. Ray Wagner Sr. Director, Technology Research.

February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

Eliza de Guzman HTM 520 Health Information Exchange.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.

HIPAA Vendor Readiness Siemens/HDX Audio Telecast July 24, 2002.

The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,

Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.

Teamplay Connect, compare, collaborate.

Virtual Private Network (VPN)

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential outline What is a VPN? What is a VPN?  Types of VPN.

HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

Basic Security Cor Loef Philips Medical Systems Co-Chair IHE Radiology Technical Committee.

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,

Integrating the Healthcare Enterprise The Integration Profiles: Basic Security Profile.

Slide No. Topic 3 Introduction 4 Definition 5-8 Process and Procedures 9-10 Benefits 11 Suitability and Safety Technology to be Used I C T.

Virtual Private Network Access for Remote Networks

Goals Introduce the Windows Server 2003 family of operating systems

Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Remote Coding: Best Practices and Strategies AHIMA 2016

Introduction to the PACS Security

Presentation transcript:

RSNA – December, 2002 Internet Based Remote Servicing of Medical Equipment under HIPAA – A standard solution Joint NEMA/COCIR/JIRA Security and Privacy Committee John F. Moehrke, GE Medical Systems Chairman of Remote Servicing Focus Group Rob Horn, Agfa Healthcare

NEMA/COCIR/JIRA Security and Privacy Committee RSNA – December, 2002 What you will learn today Remote Servicing is critical Remote Servicing presents new security risks Vendors are working on a common solution that will a.Reduce administration (Hospital and Vendor) b.Improve Accountability c.Provide a more secure environment Privacy is the Goal, Security is the way.

NEMA/COCIR/JIRA Security and Privacy Committee RSNA – December, 2002 Security and Privacy Committee (SPC) Joint effort by NEMA-MII, COCIR-IT, and JIRA Mission: Ensure a level of data security and data privacy in the health care sector that:  Meets legally mandated requirements  Can be implemented in ways that are reasonable and appropriate  Reduces Healthcare costs of compliance Scope: All systems, devices, components, and accessories used in medical imaging informatics Scope is not exclusive of other products and is expected to be extendable to all Equipment that maintains Protected Health Information (PHI). To provide a common understanding and solution for complying with data security and data privacy legislation, currently focusing on the European Community, Japan, and the United States of America

NEMA/COCIR/JIRA Security and Privacy Committee RSNA – December, 2002 Efforts of the SPC Security and Privacy :An Introduction to HIPAA Security and Privacy:An Introduction to HIPAA Security And Privacy Auditing In Health Care Information Technology Security And Privacy Auditing In Health Care Information Technology Security and Privacy Requirements for Remote Servicing Security and Privacy Requirements forRemote Servicing Identification and Allocation of Basic Security Rules In Healthcare Imaging Systems Identification and Allocation of Basic Security Rules In Healthcare Imaging Systems Remote Service Interface-- Solution ( A ): IPSec over the Internet Using Digital Certificates Remote Service Interface-- Solution ( ): IPSec over the Internet Using Digital Certificates All papers available at Current Members: AGFA, GE, Kodak, Konica, Merge Efilm, Otech, Philips, Siemens, Toshiba

NEMA/COCIR/JIRA Security and Privacy Committee RSNA – December, 2002 Why do Remote Servicing? Benefit to Health Care Provider Better Availability and Integrity of the systems Quick response as no Travel involved Higher quality of service  Knowledge base available at the Vendor  Specialists can be applied to the problem/solution Benefit to Vendor Lower costs to service equipment More service offerings (preemptive diagnosis) Remote Service Centers (RSC) centralize knowledge and expertise

RSNA– December, 2002 Hospital Remote Servicing today Vendor Z Vendor Y Complex Wired Infrastructure Vendor X Remote Service Center Modem Connections Hospital Network

RSNA– December, 2002 Hospital Secure Remote Servicing Solution Vendor Z Vendor Y Vendor X Ex. Internet VPN Uses Hospital Network Access points

RSNA– December, 2002 Hospital Access Control Vendor Z Vendor Y Vendor X 2. Device under service 1. Individual Service Personal 3. Access point Edges 1. Individual Service Personal 1. Individual Service Personnel 2. Device under service

RSNA– December, 2002 Audit Repository Hospital Audit Trails Vendor Z Vendor Y Vendor X 2. Device under service 3. Access point Edges 3. Session specifics where and when 2. Device under service 2. when, and what Audit Repository Who, what, when

NEMA/COCIR/JIRA Security and Privacy Committee RSNA – December, 2002 Health Care Provider gains Control and Manageability Control of each session and/or vendor Rules that restrict where vendor X can go, what tools they can use, when they can connect, etc Strong Access Point Authentication Audit trails to provide accountability

NEMA/COCIR/JIRA Security and Privacy Committee RSNA – December, 2002 Solution “A” IPSec tunneling over the Internet  ESP/AH – 3DES and SHA1  IKE – Session Key negotiation  Certificates  1024 bit RSA certificates  Manually managed certificates  Filtering and Routing rules maintained by the Healthcare facility  Audit trails maintained at RSC  Vendor staff is authenticated at the RSC

RSNA– December, 2002 Hospital Solution A: IPSec over the Internet using digital certificates Vendor Z Vendor Y Vendor X IPSec Tunnel, ESP+AH 3DES, SHA1 IKE-RSA, PKI out-of-band

NEMA/COCIR/JIRA Security and Privacy Committee RSNA – December, 2002 Present Status Solution “A” approved by NEMA, COCIR, and JIRA Solution A is ready for use at Internet connected sites. More than a dozen hospitals have installed and began using solution “A” during The Focus Group is analyzing other remote servicing solutions.  IPSec that terminates inside the HCF network handling NAT  PPTP for small facilities  L2TP for small facilities