February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare.

Slides:



Advertisements
Similar presentations
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Patient Identifier Cross-referencing for MPI (PIX) Profile Mike Henderson.
Advertisements

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Post-Processing Workflow Sanjay Jain Co-Chair, Radiology Planning.
PRESENTATION TITLE Name of Presenter Company Affiliation IHE Affiliation.
Audit Trail and Node Authentication / Consistent Time
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT, EUA, PWP, DSIG IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn,
DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.
DICOM and Integrating the Healthcare Enterprise: Five years of cooperation and mutual influence Charles Parisot Chair, NEMA Committee for advancement of.
September, 2005What IHE Delivers 1 Portable Data for Imaging - PDI IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.
Integrating the Healthcare Enterprise IHE Technical Committee Status IHE ITI Plan Committee - February 2004.
Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research.
1 Charles Parisot, GE Healthcare IHE IT Infrastructure Planning Committee Co-chair IHE Update to DICOM.
S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.
Integrating the Healthcare Enterprise
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Robert Horn Agfa Healthcare.
7 February 2005IHE Europe Educational Event 1 Audit Trail and Node Authentication Integrating the Healthcare Enterprise G. Claeys Agfa Healthcare R&D Vendor.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.
September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.
DICOM and IHE, Integrating the Healthcare Enterprise Cor Loef Co-chair DICOM Strategic Advisory Committee Member IHE Planning and Technical Committee Cor.
Integrating the Healthcare Enterprise Enterprise User Authentication and Consistent Time Glen Marshall Co-Chair, IHE IT Infrastructure Planning Committee.
February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Key Image Notes Simple Image & Numeric Report Evidence Documents Sanjay.
Integration Profiles - Overview Integrating the Healthcare Enterprise G. Claeys Agfa Healthcare R&D, Technology Manager Vendor co-chair IHE Europe Courtesy.
September, 2005What IHE Delivers 1 Key Image Notes Evidence Documents Simple Image & Numeric Report Access to Radiology Information IHE Vendors Workshop.
Integrating the Healthcare Enterprise Teaching File and Clinical Trial Export John Perry Fujifilm Medical Systems IHE Planning Committee.
September, 2005What IHE Delivers 1 Radiology Option for Audit Trail and Node Authentication IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert.
Charles Parisot IHE Radioology Planning & Technical Committee GE Medical Systems Information Technologies IHE - A Novel Approach IHE Methodology.
Feb , 2005IHE Europe Workshop 1 Integrating the Healthcare Enterprise – Radiology – Established IHE Integration Profiles: Dr. Nikolaus Wirsz –Siemens.
1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Profile IHE IT Technical and Planning Committee June 15 th – July 15 th 2004.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.
Sharing Value Sets (SVS Profile) Ana Estelrich GIP-DMP.
Integrating the Healthcare Enterprise Audit Trail and Node Authentication Profile Name of Presenter IHE affiliation.
Auditing for Accountability in Healthcare Robert Horn, Agfa, Glen Marshall, Siemens.
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Education Workshop 2007 IHE IT Infrastructure Education John Moehrke GE Healthcare.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Portable Data for Imaging - PDI Robert Horn Agfa Healthcare.
September, 2005What IHE Delivers 1 User Success Stories HIMSS Interoperability Showcase February 2006 David Piraino, M.D.
Integrating the Healthcare Enterprise Personnel White Pages Profile Name of Presenter IHE affiliation.
Integrating the Healthcare Enterprise IHE Purpose and Progress Joyce Sensmeier MS, RN, BC, CPHIMS Director of Professional Services Healthcare Information.
Cross-Enterprise User Authentication John F. Moehrke GE Healthcare IT Infrastructure Technical Committee.
February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Presentation of Grouped Procedures Charles Parisot, GE Healthcare.
Integrating the Healthcare Enterprise Teaching File and Clinical Trial Export John Perry Fujifilm Medical Systems IHE Planning Committee.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Patient Identifier Cross-referencing Charles PARISOT GE Healthcare.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Access to Radiology Information Cor Loef Co-chair IHE Radiology Technical.
IHE Update DICOM Committee Taipei, April IHE Global Update IHE Technical Framework for Year 5 V5.5 issued for public comment in February Trial.
Jonathan L. Elion MD, FACC Co-Chair, IHE Cardiology Planning Committee Future Integration Profiles (Cardiology)
June 28-29, 2005IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise IHE Resources to Facilitate Implementation Kevin O’Donnell Toshiba.
February 9, 2005IHE Europe Participants' Workshop 1 Integrating the Healthcare Enterprise Nuclear Medicine Image - NM Dr. Jerry Wallis (SNM) IHE Radiology.
Integrating the Healthcare Enterprise IHE Plans for Multi-domain Testing and Demonstrations Steve Moore Technical Project Manager (ITI, Rad)
Integrating the Healthcare Enterprise Improving Clinical Care: Enterprise User Authentication For IT Infrastructure Robert Horn Agfa Healthcare.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise IHE Conformance: Connectathons, Integration Statements & RFPs Kevin.
Integrating the Healthcare Enterprise The IHE Process: Developing Standards-based Solutions Kevin O’Donnell Co-chair, IHE Radiology Planning Committee.
June 28-29, 2005IHE Interoperability Workshop Keith W. Boone Dictaphone Corporation IHE ITI Technical Comittee Notification of Document Availability (NAV)
Basic Security Cor Loef Philips Medical Systems Co-Chair IHE Radiology Technical Committee.
Integrating the Healthcare Enterprise Transforming the Radiologic Interpretation Process (TRIP ™ ) Using IHE ™ Sanjay Jain, Kevin O’Donnell, Dave Channin.
CARS Special Session on IHE Integrating the Healthcare Enterprise – An Industry Perspective – Frequently Asked Questions Geert Claeys– AGFA (Co-Chairman.
Integrating the Healthcare Enterprise Retrieve Information for Display (RID) Integration Profile Ellie Avraham Kodak Health Imaging IHE IT Infrastructure.
Jonathan L. Elion MD, FACC Co-Chair, IHE Cardiology Planning Committee The Basics of IHE: Concepts and Process.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Reporting Workflow Key Image Notes Evidence Documents Rita Noumeir,
Integrating the Healthcare Enterprise The Integration Profiles: Basic Security Profile.
June 28-29, 2005IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Teaching File and Clinical Trial Export John Perry Fujifilm Medical.
SCAR University Section 10 Integrating the Healthcare Enterprise 110 What is IHE™ and Why does IT matter ?! David S. Channin MD Associate Professor of.
Access to Radiology Information Paul Seifert Agfa HealthCare Co-chair, IHE Radiology Technical Committee.
Patient Identifier Cross-Referencing for MPI (PIX)
Radiology Option for Audit Trail and Node Authentication Robert Horn
Clive Daniell Independent PACS / RIS Consultant Co founder of MiiTA
Ellie Avraham Kodak Health Imaging
IHE Workshop: Displayable Reports (DRPT)
Integrating the Healthcare Enterprise
Integrating the Healthcare Enterprise
IHE: Integrating the Healthcare Enterprise
Presentation transcript:

February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare

February 8, 2005IHE Europe Educational Event 2 Basic Security (SEC) Patient Info. Recon- ciliation Access to Radiology Information Consistent Present- ation of Images Basic Security - Evidence Docs Key Image Notes Simple Image & Numeric Reports Presentation of Grouped Procedures Post- Processing Workflow Reporting Workflow Charge Posting Scheduled Workflow Portable Data for Imaging NM Image

February 8, 2005IHE Europe Educational Event 3 Overview Security Requirements Actors and Transactions

February 8, 2005IHE Europe Educational Event 4 Security requirements Reasons: Clinical Use and Privacy  authorized persons must have access to medical data of patients, and the information must not be disclosed otherwise. By means of procedures and security mechanisms, guarantee:  Confidentiality  Integrity  Availability  Authenticity

February 8, 2005IHE Europe Educational Event 5 Security measures Authentication: Establish the user and/or system identity, answers question: “Who are you?” Authorization and Access control Establish user’s ability to perform an action, e.g. access to data, answers question: “Now that I know who you are, what can you do?”

February 8, 2005IHE Europe Educational Event 6 Security measures Accountability and Audit trail Establish historical record of user’s or system actions over period of time, answers question: “What have you done?”

February 8, 2005IHE Europe Educational Event 7 IHE is establishing the first level of enterprise-wide security infrastructure for meeting privacy requirements (HIPAA, and like regulations world-wide). IHE Goal

February 8, 2005IHE Europe Educational Event 8 IHE makes cross-node security management easy:  Only a simple manual certificate installation is needed.  Healthcare professionals are not hindered by ”complex” role based access control. However, policies may restrict them to ‘need to know information’.  Enforcement driven by ‘a posteriori audits’ and real- time visibility. IHE Goal

February 8, 2005IHE Europe Educational Event 9 Integrating trusted nodes System A System B Secured System Secure network Strong authentication of remote node (digital certificates) network traffic encryption is not required Secured System Local access control (authentication of user) Audit trail with: Real-time access Time synchronization Central Audit Trail Repository

February 8, 2005IHE Europe Educational Event 10 Secured Domain: integrating trusted nodes Secured Node Actor Other Actors Secured Node Actor Other Actors Secured Node Actor Other Actors Secured Node Actor Other Actors Time Server Central Audit Trail Repository

February 8, 2005IHE Europe Educational Event 11 Secured Domain: Limited Administration Audit Trail/Time Server + CA for certificates to each node Secured Node Actor Other Actors Secured Node Actor Other Actors Secured Node Actor Other Actors Secured Node Actor Other Actors Time Server Central Audit Trail Repository

February 8, 2005IHE Europe Educational Event 12 IHE Audit Trail Events 20 Non-Transaction Related

February 8, 2005IHE Europe Educational Event 13 IHE Audit Trail Events 20 Non-Transaction Related

February 8, 2005IHE Europe Educational Event 14 IHE Audit Trail Events 20 Non-Transaction Related

February 8, 2005IHE Europe Educational Event 15 IHE Audit Trail Events 20 Non-Transaction Related

February 8, 2005IHE Europe Educational Event 16 IHE Audit Trail Events, 18 Transaction Related

February 8, 2005IHE Europe Educational Event 17 IHE Audit Trail Events, 18 Transaction Related

February 8, 2005IHE Europe Educational Event 18 IHE Audit Trail Events, 18 Transaction Related

February 8, 2005IHE Europe Educational Event 19 IHE Audit Trail Events, 18 Transaction Related

February 8, 2005IHE Europe Educational Event 20 Example Audit Record for Patient-record-event

February 8, 2005IHE Europe Educational Event 21 Example Audit Record for Patient-record-event

February 8, 2005IHE Europe Educational Event 22 Example Audit Record for Instances-used

February 8, 2005IHE Europe Educational Event 23 Basic Security Integration Profile Actor and Transaction diagram All existing IHE actors need to be grouped with a Secure Node actor. Secure Node Audit Record Repository “Any” IHE actor Record Audit Event Time Server Secure Node Authenticate Node Maintain Time

February 8, 2005IHE Europe Educational Event 24 Basic Security Integration Profile Actor grouping rules If an actor wants to support the Basic Security Profile, this actor shall be grouped with a secure Node actor. All actors grouped with a Secure Node actor in an implementation must support the Basic Security Profile.

February 8, 2005IHE Europe Educational Event 25 Authenticate Node transaction X.509 certificates for node identity and keys TCP/IP Transport Layer Security Protocol (TLS) for node authentication, and optional encryption Secure handshake protocol of both parties during Association establishment:  Identify encryption protocol  Exchange session keys Actor must be able to configure certificate list of authorized nodes.

February 8, 2005IHE Europe Educational Event 26 Authenticate Node transaction TLS_RSA_WITH_NULL_SHA cyphersuite shall be supported for authentication If the optional encryption is selected, the TLS_RSA_WITH_3DES_SHA cyphersuite shall be supported. The well-known port 2762" as specified by DICOM shall be supported.

February 8, 2005IHE Europe Educational Event 27 Record Audit Event transaction The BSD Syslog protocol (RFC 3164) for Audit Records Audit trail events and content, no standard available at the time of writing. IHE in Technical Framework : Use IHE defined XML Schema for defined content in payload of Syslog message

February 8, 2005IHE Europe Educational Event 28 IT Infrastructure – Secure Node The Radiology Basic Secure Node is also an IT Infrastructure Secure Node, but IT Infrastructure adds:  Use of reliable syslog as an option  Audit messages defined by IETF, HL7, and DICOM. These accommodate more than just radiology uses. The secure node may use either format.

February 8, 2005IHE Europe Educational Event 29 Maintain Time transaction Network Time Protocol ( NTP) version 3 (RFC 1305) for time synchronization Actor must support manual configuration Required accuracy: 1 second Optionally Secure NTP may be used

February 8, 2005IHE Europe Educational Event 30 More information…. IHE Web sites: Technical Frameworks: ITI V1.0, RAD V5.5, LAB V1.0 Technical Framework Supplements - Trial Implementation May 2004: Radiology August 2004: Cardiology, IT Infrastructure Non-Technical Brochures : Calls for Participation IHE Fact Sheet and FAQ IHE Integration Profiles: Guidelines for Buyers IHE Connect-a-thon Results Vendor Products Integration Statements

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.