Cerner Presentation to S&I esMD Workgroup – Industry Scan

Slides:



Advertisements
Similar presentations
June 27, 2005 Preparing your Implementation Plan.
Advertisements

Chapter 1: The Database Environment
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 1 Embedded Computing.
Document #07-12G 1 RXQ Customer Enrollment Using a Registration Agent Process Flow Diagram (Switch) Customer Supplier Customer authorizes Enrollment.
Document #07-12G 1 RXQ Customer Enrollment Using a Registration Agent Process Flow Diagram (Switch) Customer Supplier Customer authorizes Enrollment.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
PUBLIC KEY CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.
Proud Members of the Consulting Group, LLC
© SafeNet Confidential and Proprietary Administering SafeNet StorageSecure Smart Card Module 3: Lesson 5 SafeNet StorageSecure Storage Security Course.
Eligibility, Benefits, and Pre-certifications
Trusted Symbol of the Digital Economy 1 Bill Holmes – VP Marketing ID Platform - Smart Cards.
INFORMATION TECHNOLOGY, THE INTERNET, AND YOU
Configuration management
1 Dr. Ashraf El-Farghly SECC. 2 Level 3 focus on the organization - Best practices are gathered across the organization. - Processes are tailored depending.
AS9102 First Article Inspection Report
Copyright Critical Software S.A All Rights Reserved. COTS based approach for the Multilevel Security Problem Bernardo Patrão.
ABC Technology Project
1 Contract Inactivation & Replacement Fly-in Action ( Continue to Page Down/Click on each page…) Electronic Document Access (EDA)
1 CIFTclinic 1.1 Software for Clinics. 2 CIFTclinic Software for Medical Clinics, which addresses the requirements of practicing doctors to automate Medical.
1 Authentication Applications Ola Flygt Växjö University, Sweden
Kerberos and X.509 Fourth Edition by William Stallings
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Introduction to Computer Administration Introduction.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Fundamentals of Information Systems Security.
25 seconds left…...
We will resume in: 25 Minutes.
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.
VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.
- 1 - Defense Security Service Background: During the Fall of 2012 Defense Security Service will be integrating ISFD with the Identity Management (IdM)
User Security for e-Post Applications Dr Chandana Gamage University of Moratuwa.
TCP/IP Protocol Suite 1 Chapter 18 Upon completion you will be able to: Remote Login: Telnet Understand how TELNET works Understand the role of NVT in.
Warp it AG ATA e-Business Forum San Antonio, June 2014 © 2014 warp IT AG.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
PIV Data Model Testing Ketan Mehta March 3, 2006.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
FIT3105 Smart card based authentication and identity management Lecture 4.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
Chapter 10: Authentication Guide to Computer Network Security.
Author of Record Digital Identity Management Sub-Workgroup October 24, 2012.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Configuring Directory Certificate Services Lesson 13.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
The Federal Information Processing Standards (FIPS) Encryption Suite Sean Smith COSC
Key management issues in PGP
Authentication.
NAAS 2.0 Features and Enhancements
County HIPAA Review All Rights Reserved 2002.
Introduction to the PACS Security
Presentation transcript:

Cerner Presentation to S&I esMD Workgroup – Industry Scan John Travis Senior Director and Solution Strategist – Compliance

Outline User Identification and Authentication Recording User Identity for Electronic Health Record Entry Proxy Use of Advanced Authentication Use of Cryptographic Means of Author/Record Linking Support for PKI and Digital Certificates Verification of External Author of Record (AoR) Credentials Support for Various Levels of AoR Determination

User Definition Within The System Completed dialog for adding a new user.

Password Definition Shows querying for the user just created and doing a “reset” on the password for the user – this is a single-use password – as soon as the user logs on with this password the system will require the password to be changed for the user to proceed.

Password Policies Supported Minimum Length Mixed Character Sets Minimum Numbers of Alpha, Numeric and Special Characters Expiration Policies Password History Configured to retain “n” prior versions Encrypted Store Never Passed as Plain Text

Recording User Identity for Electronic Record Entry General abilities System generally relies on authenticated user identity for session System supports time out policies for suspension and termination configurable to the application server (Citrix) or end user device depending on the context System supports password based signer authentication for order and document signature System supports advanced authentication methods for medication management events Order verification and co-signature Medication Administration Medication Dispensing We are in process of enabling requirements of DEA IFR for Electronic Prescribing of Controlled Substances (EPCS)

Refresher – DEA IRF Authentication Credential Authentication must be two factor with two of the three factors being from among A biometric A knowledge factor such as a password A hard token For hard tokens Must be FIPS 140-2 Security Level 1 compliant Must be stored on a device separate from the computer used to access the application Could leverage an existing hard token, but would need to still be issued credentials specific to eRX of controlled substances May use hardware devices such as a PDA, a cell phone, a smart card, a USB fob or other devices

Refresher – DEA IFR Authentication Credential For biometrics May be stored on a computer, hard token or biometric reader If on a computer or PDA, device must be in a known controlled location or must be build directly into the computer or PDA Storage of biometric data must be adequately protected or maintained Subsystem must store device ID data at enrollment with biometric data Device ID must be verified at time of user authentication Raw data and templates must be protected if authentication is not local For an open network, data must be Cryptographically source authenticated Combined with a random challenge, nonce or timestamp Cryptographically protected Sent only to authorized systems TLS may be used

Refresher – DEA IFR Authentication Credential For biometrics Biometric subsystem must Operate at a false match rate of 0.0001 or lower Use matching software with demonstrated performance corresponding to the required false match rate Conform to Personal Identity Verification (PIV) specifications as per NIST SP 800-76-1 Be independently tested by NIST or a DEA approved testing laboratory

Controlled Substance Prescribing Example

Proxies – General Principles Assuming appropriate security authorizations are in place, one user may grant proxy to another for purpose of notifications of signing events Proxies are granted to categories of events – not individual events Proxies typically are set for a time period to designated individuals Proxies can be revoked or granted at a user’s election on a specific basis while active Granted proxies can be limited in access to those which have been assigned to a user to take Proxy can be granted in an emergency case even if not generally enabled

Granting Proxies for Signature – Set Up

Setting Up Proxy Rights – Grant or Revoke

Setting Up Proxy Rights – Individual User

Notification of Proxies to a Recipient User

Use of Advanced Authentication For user authentication for a session and for medication management workflow, Cerner Millennium supports integration with Imprivata for strong authentication Imprivata currently has support for Fingerprint biometric authentication. Support for biometric technology found in Lenovo, Dell and other laptop PCs, Motion tablets, etc., using UPEK TouchStrip or Authentec technology USB tokens One-Time-Password (OTP) tokens Windows smart cards and national ID smart cards Active and passive proximity cards

Support for Advanced Authentication/Cryptographic Means/Use of PKI – EPCS Example Basic Flow

Support for Advanced Authentication/Cryptographic Means/Use of PKI – EPCS Example System will interface with Imprivata for strong authentication and the Certificate Management service for digitally signing controlled substance eRX

Support for Advanced Authentication/Cryptographic Means/Use of PKI – EPCS Example Basic workflow for EPCS

Support for Advanced Authentication/Cryptographic Means/Use of PKI – EPCS Example Certificate Management Service Cryptographic module used to digitally sign the EPCS is at least FIPS 140-2 Level 1 validated and can be higher for deployment Digital signature service and hash function complies with FIPS 186-3 and FIPS 180-3 Private key will be stored encrypted on a FIPS 140-2 Level 1 or higher cryptographic module using a FIPS approved encryption algorithm

Support for Validation of External AoR Credentials This is not an ability we currently enable

Supporting Various Levels of AofR General System Behaviors Upon signature, authorship is included within the document Signing actions are viewable in a action list view Specific contributions are tracked and able to be viewed in the document view with a tracked changes feature Signer authentication currently uses password based method if enabled From a use standpoint, most clients rely on authenticated session identity

Support for Varying Levels of AofR – Single Author

Support for Varying Levels of AofR – Multiple Author

Support for Varying Levels of AofR – Tracking of Multiple Authors

Example of a Signed Document as Output and Online for a Clinic Note

Example of Signed H&P – Shows Co-Sign and Authenticator Role

Example of Section of Signed Radiology Report

Example of Signed Section of ED Report – Multiple Contributors for given sections

QUESTIONS? jtravis@cerner.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.