7 February 2005IHE Europe Educational Event 1 Audit Trail and Node Authentication Integrating the Healthcare Enterprise G. Claeys Agfa Healthcare R&D Vendor.

Slides:



Advertisements
Similar presentations
Integrating the Healthcare Enterprise
Advertisements

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Patient Identifier Cross-referencing for MPI (PIX) Profile Mike Henderson.
Audit Trail and Node Authentication Audit Trail and Node Authentication Robert Horn Agfa Healthcare.
PRESENTATION TITLE Name of Presenter Company Affiliation IHE Affiliation.
Audit Trail and Node Authentication / Consistent Time
IHE Profile Proposal: Dynamic Configuration Management October, 2013.
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT, EUA, PWP, DSIG IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn,
Overview of IHE IT Infrastructure Integration Profiles IHE IT Infrastructure Technical Committee Charles Parisot, GE Medical Systems Information Technologies.
Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.
DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.
DICOM and Integrating the Healthcare Enterprise: Five years of cooperation and mutual influence Charles Parisot Chair, NEMA Committee for advancement of.
Information Security Policies and Standards
THE DICOM 2014 Chengdu Workshop August 25, 2014 Chengdu, China Keeping It Safe Brad Genereaux, Agfa HealthCare Product Manager Industry Co-Chair, DICOM.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
Slide 1 Sharing Images without CDs, The Next Imaging Sea Change GE Healthcare Chris Lindop GE Healthcare Interoperability & Standards.
Integrating the Healthcare Enterprise IHE Technical Committee Status IHE ITI Plan Committee - February 2004.
Cross Domain Patient Identity Management Eric Heflin Dir of Standards and Interoperability/Medicity.
Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research.
What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin – Medicity/THSA.
1 Charles Parisot, GE Healthcare IHE IT Infrastructure Planning Committee Co-chair IHE Update to DICOM.
Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.
Integrating the Healthcare Enterprise
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Robert Horn Agfa Healthcare.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.
September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.
Pathfinding Session: IT Infrastructure for Intra-Enterprise IHE North America Webinar Series 2008 Charles Parisot IT Infrastructure Planning Co-chair GE.
Integrating the Healthcare Enterprise Enterprise User Authentication and Consistent Time Glen Marshall Co-Chair, IHE IT Infrastructure Planning Committee.
Integration Profiles - Overview Integrating the Healthcare Enterprise G. Claeys Agfa Healthcare R&D, Technology Manager Vendor co-chair IHE Europe Courtesy.
Cross-Enterprise User Assertion IHE Educational Workshop 2007 Cross-Enterprise User Assertion IHE Educational Workshop 2007 John F. Moehrke GE Healthcare.
Integrating the Healthcare Enterprise Teaching File and Clinical Trial Export John Perry Fujifilm Medical Systems IHE Planning Committee.
September, 2005What IHE Delivers 1 Radiology Option for Audit Trail and Node Authentication IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert.
September, 2005What IHE Delivers 1 An Overview of the IHE IT Infrastructure IHE Vendors Workshop 2006 IHE IT Infrastructure Education Glen F. Marshall.
1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Profile IHE IT Technical and Planning Committee June 15 th – July 15 th 2004.
September, 2005What IHE Delivers 1 Cross-Enterprise Document Point-to-point Interchange (XDP) IHE Vendors Workshop 2006 IHE IT Infrastructure Education.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.
Integrating the Healthcare Enterprise Audit Trail and Node Authentication Profile Name of Presenter IHE affiliation.
Document Digital Signature (DSG) Document Digital Signature (DSG) Gila Pyke / Lori Reed-Fourquet Smart Systems for Health Agency / Identrus IHE ITI Technical.
Review and update of IHE The Future & XDS–I. Overview - IHE Updates IHE Organisational Changes The Infrastructure Domain Radiology Update XDS-I.
February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare.
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Education Workshop 2007 IHE IT Infrastructure Education John Moehrke GE Healthcare.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Portable Data for Imaging - PDI Robert Horn Agfa Healthcare.
Cross-Enterprise User Authentication John F. Moehrke GE Healthcare IT Infrastructure Technical Committee.
September, 2005What IHE Delivers 1 Contributing Authors: John Donnelly, Tim Becker, Harry Solomon Edited by Bryan Jennings, Medical Micrographics Retrieve.
IHE IT Infrastructure & Radiology Integration Profiles IHE Update to DICOM Committee Charles Parisot, GE Medical Systems Information Technologies.
IHE Update IT Infrastructure, Radiology, Laboratory and Cardiology IHE Update to December 2003 DICOM Committee Charles Parisot, GE Medical Systems Information.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Patient Identifier Cross-referencing Charles PARISOT GE Healthcare.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Access to Radiology Information Cor Loef Co-chair IHE Radiology Technical.
September, 2005What IHE Delivers 1 Cross-Enterprise Document Point-to-point Interchange (XDM) IHE Vendors Workshop 2006 IHE IT Infrastructure Education.
IHE Workshop – June 2006What IHE Delivers 1 Nicholas Steblay Boston Scientific Implantable Device Cardiac Observations (IDCO) Profile.
February 9, 2005IHE Europe Participants' Workshop 1 Integrating the Healthcare Enterprise Nuclear Medicine Image - NM Dr. Jerry Wallis (SNM) IHE Radiology.
IHE Cardiology Displayable Report (DRPT) Profile Harry Solomon, Tom Dolan February 16, 2005 Rev 0.3.
Integrating the Healthcare Enterprise Improving Clinical Care: Enterprise User Authentication For IT Infrastructure Robert Horn Agfa Healthcare.
Integrating the Healthcare Enterprise The IHE Process: Developing Standards-based Solutions Kevin O’Donnell Co-chair, IHE Radiology Planning Committee.
Basic Security Cor Loef Philips Medical Systems Co-Chair IHE Radiology Technical Committee.
Integrating the Healthcare Enterprise Retrieve Information for Display (RID) Integration Profile Ellie Avraham Kodak Health Imaging IHE IT Infrastructure.
Jonathan L. Elion MD, FACC Co-Chair, IHE Cardiology Planning Committee The Basics of IHE: Concepts and Process.
Integrating the Healthcare Enterprise The Integration Profiles: Basic Security Profile.
June-September 2009www.ihe.net North American 2010 Connectathon & Interoperability Showcase Series Paul Seifert/ Kinson Ho Solution Architects Agfa HealthCare.
What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin - Medicity.
June 28-29, 2005IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Teaching File and Clinical Trial Export John Perry Fujifilm Medical.
IHE IT Infrastructure Integration Profiles: Adaptation to Cardiology Harry Solomon.
Patient Demographics Query (PDQ) Didi Davis Director, Eclipsys Corporation Co-Chair, IT Infrastructure Planning Committee.
Access to Radiology Information Paul Seifert Agfa HealthCare Co-chair, IHE Radiology Technical Committee.
Patient Identifier Cross-Referencing for MPI (PIX)
Radiology Option for Audit Trail and Node Authentication Robert Horn
IHE Workshop: Displayable Reports (DRPT)
Integrating the Healthcare Enterprise
IHE: Integrating the Healthcare Enterprise
Presentation transcript:

7 February 2005IHE Europe Educational Event 1 Audit Trail and Node Authentication Integrating the Healthcare Enterprise G. Claeys Agfa Healthcare R&D Vendor Co-chair IHE Europe Courtesy of IHE Committees

7 February 2005IHE Europe Educational Event 2 IHE IT Infrastructure Enterprise User Authentication Provide users a single name and centralized authentication process across all systems Retrieve Information for Display Access a patient’s clinical information and documents in a format ready to be presented to the requesting user Retrieve Information for Display Access a patient’s clinical information and documents in a format ready to be presented to the requesting user Patient Identifier Cross-referencing for MPI Map patient identifiers across independent identification domains Patient Identifier Cross-referencing for MPI Map patient identifiers across independent identification domains Synchronize multiple applications on a desktop to the same patient Patient Synchronized Applications Consistent Time Coordinate time across networked systems Patient Demographics Query New Personnel White Page Access to workforce contact information New Cross-Enterprise Document Sharing Registration, distribution and access across health enterprises of clinical documents forming a patient electronic health record New Audit Trail & Node Authentication Centralized privacy audit trail and node to node authentication to create a secured domain. New

7 February 2005IHE Europe Educational Event 3Scope Defines basic security features for a system in a healthcare enterprise in order to guarantee :  Only authorized persons have access to PHI (Protected Health Information)  Protect PHI against alteration, destruction and loss  Comply existing Privacy & Security regulations Extends the IHE radiology oriented Basic Security profile (2002) to be applicable to other healthcare uses.

7 February 2005IHE Europe Educational Event 4Assumptions IHE ATNA transactions takes place in a secure domain  User/devices in secure domain adhere to security policy of hospital  Secure network is isolated from external networks through firewall  Intrusion detection systems are in place to detect violations Favor authentication & auditing over authorization

7 February 2005IHE Europe Educational Event 5 Security Mechanism Authentication (user and device) Authorization Accountability (audit trails) Confidentiality Integrity ATNA, EUA ATNA

7 February 2005IHE Europe Educational Event 6 ATNA - Security mechanism Device/User Authentication  “Who are you?”  Proof that the user/device is the one who it claims to be  ATNA features: Mutual device authentication over network, using certificates User authentication -> responsibility of implementation Authorization  “What are you allowed to do?”  Role based access control (RBAC)  ATNA features : Only authenticated users/devices can access PHI RBAC is on the IHE roadmap

7 February 2005IHE Europe Educational Event 7 ATNA - Security mechanism (cont.) Accountability (audit trails)  “What have you done?”  Mechanisms to record and examine user/system activity  ATNA features : Audit message format + transport protocol Integrity  Proof that data has not been altered or destroyed in an unauthorized manner  ATNA features : TLS based network communication Confidentiality  Protection of PHI, transmitted or stored  Optional for intra-muros transmission  Required for extra-muros transmission  ATNA features : TLS option of AES

7 February 2005IHE Europe Educational Event 8 IHE ATNA- Architecture System A System B Secured System Secure network Strong authentication of remote node (digital certificates) network traffic encryption is not required, it is optional Secured System Local access control (authentication of user) Audit trail with: Real-time access Time synchronization Central Audit Trail Repository

7 February 2005IHE Europe Educational Event 9 IHE ATNA – New Actors Secure Node  Make an actor secure Audit Record Repository  Receives audit messages  Correlate audit information from different sources  Patient- or user- centric analysis  Filter&forward messages to enterprise audit repositories Time Server  Maintain reference time  Enables client application to synchronise their time

7 February 2005IHE Europe Educational Event 10 IHE ATNA vs IHE Basic Security Focus on enterprise and not on radiology Support additional audit events (non- radiology related) Support additional audit event format  IETF format Support additional transport mechanism  Reliable syslog (cooked mode)

7 February 2005IHE Europe Educational Event 11 Backward compatibility ATNA is backward compatible with Basic Security  Applications, supporting Basic Security are ATNA compliant Basic security is deprecated  No further extensions  New applications are encouraged to use new message format, transport mechanism

7 February 2005IHE Europe Educational Event 12 All existing IHE actors need to be grouped with a Secure Node actor. Secure Node Audit Record Repository “Any” IHE actor Record Audit Event Time Server Secure Node Authenticate Node Maintain Time IHE ATNA – Actor and Transactions

7 February 2005IHE Europe Educational Event 13 IHE ATNA – Transaction diagram

7 February 2005IHE Europe Educational Event 14 Secure Node Local user authentication  Only needed at “client” node  Authentication mechanism User name and password (minimum) Biometrics, smart card  Secure nodes maintain list of authorized users : local or central (using EUA)  Security policy of hospital defines the relation between user and user id

7 February 2005IHE Europe Educational Event 15 Secure Node (cont.) Mutual device authentication  Establish a trust relationship between 2 network nodes  Strong authentication by exchanging X.509 certificates  Certificates have a expiration date of 2 yr  Actor must be able to configure certificate list of trusted nodes. TCP/IP Transport Layer Security Protocol (TLS)  Used with DICOM/HL7/HTTP messages  Secure handshake protocol of both parties during Association establishment: Identify encryption protocol Exchange session keys  Supported cyphersuite : TLS_RSA_WITH_NULL_SHA (message signing, no encryption, default) TLS_RSA_WITH_AES_128_CBC_SHA (message signing + encryption, optional)

7 February 2005IHE Europe Educational Event 16 What it takes to be a secure node The Secure node is not a simple add-on of an auditing capability. The larger work effort is:  Instrument all applications to detect auditable events and generate audit messages.  Ensure that all communications connections are protected (system hardening).  Establish a local security mechanism to protect all local resources  Establish configuration mechanisms for: Time synchronization Certificate management Network configuration Implement the audit logging facility

7 February 2005IHE Europe Educational Event 17 Audit Record Repository Receives audit events from applications/actors accessing PHI ATNA defines  List of events that generate audit messages  Audit message format  Transport mechanism

7 February 2005IHE Europe Educational Event 18 Audit Events Audit triggers are defined for every operation that access PHI (create, delete, modify, import/export) IHE TF describes the supported Audit Trigger per Actor Audit triggers are grouped on study level to minimize overhead

7 February 2005IHE Europe Educational Event 19 IHE Audit Trail Events Combined list of IETF and DICOM events Actor-start-stop The starting or stopping of any application or actor. Audit-log-used Reading or modification of any stored audit log Begin-storing-instances The storage of any persistent object, e.g. DICOM instances, is begun Health-service-event Other health service related auditable event. Images-availability-query The query for instances of persistent objects. Instances-deleted The deletion of persistent objects. Instances-stored The storage of persistent objects is completed.

7 February 2005IHE Europe Educational Event 20 IHE Audit Trail Events Combined list of IETF and DICOM events Medication Medication is prescribed, delivered, etc. Mobile-machine-event Mobile equipment is relocated, leaves the network, rejoins the network Node-authentication- failure An unauthorized or improperly authenticated node attempts communication Order-record-event An order is created, modified, completed. Patient-care-assignment Patient care assignments are created, modified, deleted. Patient-care-episode Auditable patient care episode event that is not specified elsewhere. Patient-record-event Patient care records are created, modified, deleted.

7 February 2005IHE Europe Educational Event 21 IHE Audit Trail Events Combined list of IETF and DICOM events PHI-export Patient information is exported outside the enterprise, either on media or electronically PHI-import Patient information is imported into the enterprise, either on media or electronically Procedure-record-event The patient record is created, modified, or deleted. Query-information Any auditable query not otherwise specified. Security-administration Security alerts, configuration changes, etc. Study-object-event A study is created, modified, or deleted. Study-used A study is viewed, read, or similarly used.

7 February 2005IHE Europe Educational Event 22 Audit Message Format Two audit message formats  IHE Radiology Provisional format, for backward compatibility with radiology  New ATNA format, for future growth Joint effort of IETF/DICOM/HL7/ASTM Draft version :  Both formats are XML encoded messages, permitting extensions using XML standard extension mechanisms.  XSLT transformation is provided to convert “Provisional scheme” to “ATNA” scheme

7 February 2005IHE Europe Educational Event 23 Audit Transport Mechanism Reliable Syslog – cooked mode  Preferred mechanism  RFC 3195  Connection oriented  Support certificate based authentication, encryption BSD Syslog protocol (RFC 3164) for backward compatibility

7 February 2005IHE Europe Educational Event 24 Maintain Time transaction Network Time Protocol ( NTP) version 3 (RFC 1305) for time synchronization Required accuracy: 1 second Optionally Secure NTP may be used

7 February 2005IHE Europe Educational Event 25 More information…. IHE Web sites: Technical Frameworks: ITI V1.0, RAD V5.5, LAB V1.0 Technical Framework Supplements - Trial Implementation May 2004: Radiology August 2004: Cardiology, IT Infrastructure Non-Technical Brochures : Calls for Participation IHE Fact Sheet and FAQ IHE Integration Profiles: Guidelines for Buyers IHE Connect-a-thon Results Vendor Products Integration Statements

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.