HIMSS – January 28, 2002 Remote Servicing under HIPAA with proposed Solution A John F. Moehrke Chairmen of Remote Servicing Focus Group NEMA/COCIR/JIRA.

Slides:



Advertisements
Similar presentations
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Advertisements

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
Guide to Network Defense and Countermeasures Second Edition
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
RSNA – December, 2002 Internet Based Remote Servicing of Medical Equipment under HIPAA – A standard solution Joint NEMA/COCIR/JIRA Security and Privacy.
SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.
Internet2, CENIC and Merit: Partnering to Deliver Cloud Services to California.
Workshop on High Confidence Medical Device Software and Systems (HCMDSS) Research & Roadmap June 2-3, 2005 Philadelphia, PA. Manufacturer/Care-Giver Perspective.
San Angelo Telehealth Conference November AGENDA About PHD Medical The Televisit Platform Televisit 100 for Home Ventilation Televisit Demonstration.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Security Controls – What Works
DICOM and Integrating the Healthcare Enterprise: Five years of cooperation and mutual influence Charles Parisot Chair, NEMA Committee for advancement of.
Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
Virtual Private Network
Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research.
1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.
Selecting the Right Network Access Protection Architecture
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
© 2001 by Carnegie Mellon University PSM-1 OCTAVE SM : Senior Management Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh,
Forms Management: Compliance, Security & Workflow Efficiencies.
September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.
Sandy Lum University of Toronto Candidate MHSc in Clinical Engineering The Totally Integrated Electronic Patient Record (EPR)
Implementing Network Access Protection
September, 2005What IHE Delivers 1 IHE Sponsors and Committee Members Welcome to the Interoperability Showcase.
A major step towards a Europe for Health Directive on patients’ rights in cross-border healthcare DG SANCO D2 Healthcare Systems.
Virtual Private Network (VPN) Topics Discussion What is a VPN? What is a VPN?  Types of VPN  Why we use VPN?  Disadvantage of VPN  Types of.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Chapter 6 – Data Handling and EPR. Electronic Health Record Systems: Government Initiatives and Public/Private Partnerships EHR is systematic collection.
1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Profile IHE IT Technical and Planning Committee June 15 th – July 15 th 2004.
ntegrating the ealthcare nterprise seamlessly across entire continuum of care across entire continuum of care Exchange and access information.
Top Issues Facing Information Technology at UAB Sheila M. Sanders UAB Vice President Information Technology February 8, 2007.
Together.Today.Tomorrow. The BLUES Project Karen C. Fox, PhD Chief Executive Officer.
Integrating the Healthcare Enterprise Audit Trail and Node Authentication Profile Name of Presenter IHE affiliation.
PKI Forum Business Panel March 6, 2000 Dr. Ray Wagner Sr. Director, Technology Research.
John DeStefano, MBA, RPh Software Engineering Manager Chief Integration Architect.
February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Eliza de Guzman HTM 520 Health Information Exchange.
1 The World Bank Internet Services Program Rajan Bhardvaj
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
HIPAA Vendor Readiness Siemens/HDX Audio Telecast July 24, 2002.
Clinical Collaboration Platform Overview ST Electronics (Training & Simulation Systems) 8 September 2009 Research Enablers  Consulting  Open Standards.
The IT Vendor: HIPAA Security Savior for Smaller Health Plans?
Chapter 19 Manager of Information Systems. Defining Informatics Process of using cognitive skills and computers to manage information.
Teamplay Connect, compare, collaborate.
Health Insurance Portability and Accountability Act By Bradley Gleich.
HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1.
 2014 Diagnotes, Inc. – Confidential & Proprietary Spring Into Quality Symposium March 14, 2014.
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
1 An Overview of Process and Procedures for Health IT Collaboration GSA Office of Citizen Services and Communications Intergovernmental Solutions Division.
Basic Security Cor Loef Philips Medical Systems Co-Chair IHE Radiology Technical Committee.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
Date of download: 5/30/2016 Copyright © 2016 SPIE. All rights reserved. The diagram of actors (boxes) and transactions (lines) used in the XDS-I.b profile.
Date of download: 5/30/2016 Copyright © 2016 SPIE. All rights reserved. The diagram of actors (boxes) and transactions (lines) used in the XDS-I.b profile.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Integrating the Healthcare Enterprise The Integration Profiles: Basic Security Profile.
IHE Eye Care Process and Timeline
American Health Information Management Association
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Presentation transcript:

HIMSS – January 28, 2002 Remote Servicing under HIPAA with proposed Solution A John F. Moehrke Chairmen of Remote Servicing Focus Group NEMA/COCIR/JIRA Security and Privacy Committee Systems Engineering – Security and Privacy in Healthcare GE Medical Systems

NEMA/JIRA/COCIR Security and Privacy Committee HIMSS – January 28, 2002 What you will learn today Remote Servicing is critical Remote Servicing presents new security risks Vendors are working on a common solution that will a.Reduce administration (Hospital and Vendor) b.Improve Accountability c.Provide a more secure environment Privacy is the Goal, Security is the way.

NEMA/JIRA/COCIR Security and Privacy Committee HIMSS – January 28, 2002 Security and Privacy Committee (SPC) Joint effort by NEMA-MII, COCIR-IT, and JIRA Mission: Ensure a level of data security and data privacy in the health care sector that:  Meets legally mandated requirements  Can be implemented in ways that are reasonable and appropriate  Reduces Healthcare costs of compliance Scope: All systems, devices, components, and accessories used in medical imaging informatics Scope is not exclusive of other products and is expected to be extendable to all Equipment that maintains Patient Data (PHI) International data security and data privacy legislation, currently focusing on the European Community, Japan, and the United States of America

NEMA/JIRA/COCIR Security and Privacy Committee HIMSS – January 28, 2002 Efforts of the SPC Educational Document :  Remote Servicing Proposal (This talk)  Audit Controls:  Secure IHE Profiles  Work in progress Members: AGFA, GE, Kodak, Konica, Philips, Siemens, Toshiba

NEMA/JIRA/COCIR Security and Privacy Committee HIMSS – January 28, 2002 Why do Remote Servicing? Benefit to Health Care Provider Better Availability and Integrity of the systems Quick response as no Travel involved Higher quality of service  Knowledge base available at the Vendor  Expert can be applied to the problem/solution Benefit to Vendor Lower costs to service equipment More service offerings (preemptive diagnosis) Remote Service Centers (RSC) centralize knowledge and expertise

HIMSS – January 28, 2002 Hospital Remote Servicing today Vendor Z Vendor Y Complex Wired Infrastructure Vendor X Remote Service Center Modem Connections Hospital Network

HIMSS – January 28, 2002 Hospital Remote Servicing Solution Vendor Z Vendor Y Vendor X Ex. Internet VPN Uses Hospital Network Access points

HIMSS – January 28, 2002 Hospital Access Control Vendor Z Vendor Y Vendor X 2. Device under service 1. Individual Service Personal 3. Access point Edges 1. Individual Service Personal 2. Device under service

HIMSS – January 28, 2002 Hospital Audit Trails Vendor Z Vendor Y Vendor X 2. Device under service 1. Individual Service Personal 3. Access point Edges 3. Session specifics where and when 1. Individual Service Personal 1. who, what, where, when & why 2. Device under service 2. when, and what

NEMA/JIRA/COCIR Security and Privacy Committee HIMSS – January 28, 2002 Health Care Provider gains Control and Manageability Control of each session and/or vendor Rules that restrict where vendor X can go, what tools they can use, when they can connect, etc Strong Access Point Authentication Audit trails to prove accountability

NEMA/JIRA/COCIR Security and Privacy Committee HIMSS – January 28, 2002 Next Steps for SPC  Focus Group Charter Define a Reasonable and Practical solution that follows this architecture Candidate ‘A’ -- IPSec tunneling over the Internet  ESP/AH – 3DES and SHA1  IKE – Session Key negotiation  Certificates – communicated out-of-band (mail, courier, etc)  Filtering and Routing rules maintained by the Healthcare facility  Audit trails maintained at RSC  Individual Authentication maintained at the RSC

HIMSS – January 28, 2002 Hospital Solution A: IPSec on Internet Vendor Z Vendor Y Vendor X IPSec Tunnel, ESP+AH 3DES, SHA1 IKE-RSA, PKI out-of-band

NEMA/JIRA/COCIR Security and Privacy Committee HIMSS – January 28, 2002 Conclusion The Focus Group is actively creating these Descriptions of Candidate Implementations  Vendors are providing experts from their Service organizations  AGFA, GE, Kodak, Philips, Siemens, Toshiba, + Targeting End of 2002 with demonstration at RSNA Will seek approval by NEMA, COCIR, and JIRA early 2002 Likely Vendor implementations mid 2002

HIMSS – January 28, 2002 John F. Moehrke GE Medical Systems

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.