© Gottfried Heider 1 The Austrian Use Case: eCard The eCard Project: giving an electronic card to everyone for accessing personal health record From patients.

Slides:

Advertisements

Similar presentations

What IHE Delivers Basic Patient Privacy Consents HIT-Standards – Privacy & Security Workgroup John Moehrke GE Healthcare.

Advertisements

September, 2005What IHE Delivers 1 Basic Patient Privacy Consents (BPPC) IHE Vendors Workshop 2006 IHE Patient Care Coordination Education

Almaden Services Research Almaden Research Center, San Jose, CA 20 April 2006 Multifaceted approach to ontologizing the ONTOLOG content Rooted in pragmatism,

Extending XDW in Cross-Community Editor: Charles Parisot Notes for the March 19 th, 2013 – ITI Tech Committee.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Clients for XProtect VMS What’s new presentation

A Presentation for the Enterprise Architect © 2008 IBM Corporation IBM Technology Day - SOA SOA Governance Miroslav Petrek IT Software Architect

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,

Consumer Privacy using HITSP TP30 John Moehrke – GE Healthcare Co-Chair HITSP Security/Privacy/Infrastructure Co-Chair HL7 Security Workgroup Member IHE.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

IBM Proof of Technology Discovering the Value of SOA with WebSphere Process Integration © 2005 IBM Corporation SOA on your terms and our expertise WebSphere.

E-SENS eHealth Use Cases. eHealth Use Cases (Overview) eConfirmation How is a health care provider in MS B able to get an insurance confirmation for a.

4th project meeting 27-29/05/2013, Budapest, Hungary FP 7-INFRASTRUCTURES programme agINFRA agINFRA A data infrastructure for agriculture.

Prof. Reinhold Haux Dr. Markus Wagner The Lower Saxony Bank of Health 23 th of August, 2013.

IBM Rhapsody Simulation of Distributed PACS and DIR systems Krupa Kuriakose, MASc Candidate.

IBM Maximo Asset Management © 2007 IBM Corporation Tivoli Technical Exchange Calls Aug 31, Maximo - Multi-Language Capabilities Ritsuko Beuchert.

James Cabral, David Webber, Farrukh Najmi, July 2012.

Using 3 XDS Affinity Domains at the Connectathon Prior to the 2010 European connectathon, we chose to test with one Affinity Domain, with one Patient ID.

Using 3 XDS Affinity Domains at the Connectathon Prior to the 2010 European connectathon, we chose to test with one Affinity Domain, with one Patient ID.

Ministry of Interior e-government projects. MINEFI/DGE/STSI march Internal projects internal e-administration in information system of Ministry.

Using 3 XDS Affinity Domains at the Connectathon At past North American connectathons, we chose to test with one Affinity Domain, with one Patient ID assigning.

What IHE Delivers Security and Privacy Overview & BPPC September 23, Chris Lindop – IHE Australia July 2011.

IBM Research – China, 2013 Mining Information Dependency in Outpatient Encounters for Chronic Disease Care Wen Sun, Weijia Shen, Xiang Li, Feng Cao, Yuan.

Cross-Enterprise User Assertion IHE Educational Workshop 2007 Cross-Enterprise User Assertion IHE Educational Workshop 2007 John F. Moehrke GE Healthcare.

1 IHE ITI White Paper on Access Control WP Review Cycle 1 Chapter 4: Actors and Transactions Chapter 6: Implementation Issues Dr. Jörg Caumanns, Raik Kuhlisch,

Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.

OpenPASS Open Privacy, Access and Security Services “Quis custodiet ipsos custodes?”

© 2006 IBM Corporation Flash Copy Solutions im Windows Umfeld TSM for Copy Services Wolfgang Hitzler Technical Sales Tivoli Storage Management

From Privacy to Information Governance Dr Petra Wilson Internet Business Solutions Group - Cisco.

Nan Yang Chinese Terminologist Microsoft Language Excellence Shanghai, August 2008.

Dynamic Document Sharing Detailed Profile Proposal for 2010 presented to the IT Infrastructure Technical Committee Karen Witting November 10, 2009.

Key Issues of Interoperability in eHealth Asuman Dogac, Marco Eichelberg, Tuncay Namli, Ozgur Kilic, Gokce B. Laleci IST RIDE Project.

1 IHE ITI White Paper on Authorization Volume 1 Rough Cut Outline Jörg Caumanns, Raik Kuhlisch, Oliver Pfaff, Olaf Rode, Christof Strack, Heiko Lemke Berlin,

New RCLayout. Do product layout 3 improvements All products Local databases New functionalities.

MagicNET: Security System for Protection of Mobile Agents.

Why Study Languages Produced by the Subject Centre for Languages, Linguistics and Area Studies …When Everyone Speaks English?

Cross-Community Patient Identification (XCPI) Brief Profile Proposal for 2009 presented to the IT Infrastructure Technical Committee Karen Witting November.

XDS Security ITI Technical Committee May 27, 2006.

A-1020 Vienna, Schiffamtsgasse 15 Applying the XDS profile - Best Practice in Austria Presented at World of Health IT 2007.

IHE ITI Profile Proposal XCA Query and Retrieve Fraunhofer ISST and Tiani Spirit on behalf of epSOS Consortium and epSOS Industry Team.

1 IHE ITI White Paper on Authorization Rough Cut Implementation Opportunities for BPPC Dr. Jörg Caumanns, Raik Kuhlisch, Olaf Rode Berlin,

1 IHE ITI White Paper on Access Control WP Review Cycle 1 Chapter 4: Actors and Transactions Chapter 5: Examples Chapter 6: Implementation Issues Jörg.

Privacy & Security Maturity Model. Levels of Maturity MaturityCriteria 1-All traffic between POS & HIM is encrypted using TLS -POS & HIM nodes are mutually.

© 2005 IBM Corporation Discovering the Value of SOA with WebSphere Process Integration SOA on your terms and our expertise Building a Services Oriented.

MV-ECON Revised Schema Decision made at the Profile Kick-off Conference on Tuesday, 3/11/08 regarding MV- ECON  To do a whitepaper this year in preparation.

Cross-Enterprise Privacy Policy (XPP) Profile Proposal for 2008/09 presented to the IT Infrastructure Technical Committee Sören Bittins (eCR, Fraunhofer.

IHE IT Infrastructure Domain Update Karen Witting – IBM IT Infrastructure Technical Committee co-chair.

© 2005 IBM Corporation IBM Global Business Services 4/10/2006 | Casey Webster and Kevin Julier © 2006 IBM Corporation IBM NHIN Architecture Leveraging.

Using 3 XDS Affinity Domains at the Connectathon At past North American connectathons, we chose to test with one Affinity Domain, with one Patient ID assigning.

Cross-Enterprise User Authentication Year 2 March 16, 2006 Cross-Enterprise User Authentication Year 2 March 16, 2006 John F. Moehrke GE Healthcare IT.

September, 2005What IHE Delivers 1 Basic Patient Privacy Consents IHE Educational Workshop 2007 John Moehrke Lori Forquet.

September, 2005What IHE Delivers 1 Basic Patient Privacy Consents IHE Educational Workshop 2007 John Moehrke GE Healthcare Lori Fourquet e-HealthSign LLC.

What IHE Delivers Basic Patient Privacy Consents HIT-Standards – Privacy & Security Workgroup John Moehrke GE Healthcare.

XUA – Circle of Trust (e.g. XDS Affinity Domain) St. Johns North Clinic Auth Prov ID Prov Auth Prov ID Prov Rad Reporting PACS XDS Registry XDS PIX Rad.

XDS Security ITI Technical Committee May, XDS Security Use Cases Prevent Indiscriminate attacks (worms, DOS) Normal Patient that accepts XDS participation.

Using 3 XDS Affinity Domains at the Connectathon At past connectathons, we chose to test with one Affinity Domain and one Patient ID assigning authority.

Using 3 XDS Affinity Domains at the Connectathon At past connectathons, we chose to test with one Affinity Domain and one Patient ID assigning authority.

The Patient Choice Technical Project Dataset Considerations Candidate Standards Mapping Companion Document April 12 th, 2016.

Find International Driving Document Translator Online

Dynamic/Deferred Document Sharing (D3S) Profile for 2010 presented to the IT Infrastructure Technical Committee Karen Witting February 1, 2010.

RAD – 255 Certification Overview

Development of national eHealth system

Amadeus Open Profile Suite

System Directory for Document Sharing (SDDS)

Oracle Supplier Management Solution Product Availability

Introduction to Geoinformatics L-10. Managing GIS

Meeting EHR Security Requirements: SeAAS Approach

Presentation transcript:

© Gottfried Heider 1 The Austrian Use Case: eCard The eCard Project: giving an electronic card to everyone for accessing personal health record From patients to professionals Governmental patients directory and professional directory

© Gottfried Heider 2 eCards Is a magnetic card containing an identity of the owner It is personal and not modifiable It is used for authenticating users and for retrieving patient’s consent

© Gottfried Heider 3 Communities ELGA project is divided in communities that use XDS and XCA for cross-community access XUA for providing assertions to the user BPPC for enforcing patient consent

© Gottfried Heider 4 BPPC and requirements from ELGA Change of Confidentiality Code in the Registry 1 (one) Registry for all Policy Documents governmental policy repository Authorization for one Doctor and/or Organization Advanced Patient Privacy Consents BPPC enforce policies at consumer level This is not exactly following the XACML paradigm There is the need to “trusted” consumers

© Gottfried Heider 5 Requirements for BPPC Change of Confidentiality Code in Registry for one or more special documents Reason : Patient doesn’t like that all doctors should have the view on all documents independent from the role Eg: Family Doctor shouldn’t see psychiatric documents Second Oppinion How to do ? The change of this code should be possible without any replacement of the document – only changing the code Why this way ? If the patient changes the code more than one time the document will be stored very often in the database Disadvantage in the CDA Document the Confidentiality Code is stored = Different Confidentiality Codes For Austria it is a must

© Gottfried Heider 6 Requirements for BPPC All Consent Documents from all Affinity Domains in 1 Registry in a Consent Domain Reason : In Austria we will have approx Affinity Domains and each Affinity Domain will have 1 (one) Registry The Consent Document should be unique = should not be different from one Affinity Domain to the other one Changing of Consent Document will be done only in one Affinity Domain Performance (using eventually caching mechanisms) Easier to check the Consent Documents in a Document Consumer and also in a Document Source For Austria it is a must

© Gottfried Heider 7 Requirements for BPPC Consent Documents for 1 (one) Patient (Plan in Austria) 1 (one) Consent Document without any restrictions This Consent Document is only valid for the patient himself In this case the patient can’t block out himself This Consent Document will be created from the system automatically if the patient will be stored the first time in a Master Patient Index 1 (one) Consent Document for opt-in / opt-out The patient should define with time parameter if his documents can be stored in the Registries or not Same Rules for Document Source and Document Consumer Default will be opt-in Documents will be stored in Registry GP’s and hospital organization will have access to the documents This Consent Document will be created from the system automatically if the patient will be stored the first time in a Master Patient Index For Austria it is a must

© Gottfried Heider 8 Requirements for BPPC ( Advanced Patient Privacy Consents) Authorization for one Doctor and/or Organization Reason : Standard BPPC is working with time parameters In this case the documents are open for all GP’s, Organizations, Institutes,..at this time In Austria we will have legal problems with this (data protection) We will have a directory with all Doctors in Austria How to do ? For an outpatient it should be possible to define which doctor has the rights (dependent from the roles,..) to see his documents at the defined time (will be adjusted from the patient himself via a portal solution) Inpatient : this will be done automatically from the system For Austria it is a must (Legal Requirement)

© Gottfried Heider 9 ELGA proposal ELGA proposes to use the XACML and BPPC by enforcing policies at registry (repository) side Patients and doctors are authenticated using SAMLP for obtaining TWO authentication assertion: one for the patient and one for the doctor (no WS-Federation) XDS queries are performed using XCA carrying the TWO SAML assertions Using the assertion for the patient, the system is able to retrieve the patient’s XACML policy Policy is enforced at registry/repository level

© Gottfried Heider 10 ELGA proposal PEP: Policy Enforcement Point PDP: Policy Decision Point PIP: Policy Information Point PAP: Policy Administration Point Ticket: SAML Token with Pat Id and Role

© Gottfried Heider 11 Contacts Feedbacks are welcome! Arbeitsgemeinschaft Elektronische Gesundheitsakte

© Gottfried Heider 12 Japanese Hebrew Thank You English Merci French Danke German Grazie Italian Gracias Spanish Obrigado Brazilian Portuguese Arabic Simplified Chinese Traditional Chinese Korean Thai Hindi Tamil go raibh maith agat Gaelic Tak Danish Trugarez Breton Dutch Dank u Czech Dekujeme Vam Dankon Esperanto Tack så mycket Swedish Terima Kasih Malaysian