Presentation is loading. Please wait.

Presentation is loading. Please wait.

Meeting EHR Security Requirements: SeAAS Approach

Published byRoger Mongrain Modified over 5 years ago

Similar presentations

Presentation on theme: "Meeting EHR Security Requirements: SeAAS Approach"— Presentation transcript:

1 Meeting EHR Security Requirements: SeAAS Approach
Basel Katt ,Thomas Trojer, Ruth Breu University of Innsbruck, Austria Thomas Schabetsberger, and Florian Wozak ITH icoserve/Siemens, Austria

2 Quality Engineering Selected Projects

3 Quality Engineering Laura Bassi Lab
Living Models for Cooperative Systems Industry Partners

4 ITH icoserve Portfolio /1
Clinical Information Systems DICOM (PACS) Multimedia Digital Archives local node comm unity node Portals registries ELGA Meeting EHR Security Requirements: SeAAS Approach

5 ITH icoserve Portfolio /2
Health Network Tyrol

6 Challenges related to Security Architecture
IHE (Integrated Healthcare Enterprise) Initiative proposes different profiles supporting the development of distributed Electronic Health Records (EHR) IHE Security profiles have two main drawbacks Application of end point security paradigm security profiles for complex security requirements like privacy and non- repudiation are vague and do not consider architectural design End point security in distributed and heterogeneous EHR systems increased management and maintenance overhead increased processing overhead at each end point Challenging enforcement of complex security requirements at each point Meeting EHR Security Requirements: SeAAS Approach

7 IHE Basic Reference Architecture
Health Region is divided into affinity domains Registry/Repository and Source/Consumer based on XDS profiles Patient id for local identification based on PIX/PDQ profiles Gateways as a bridge between different domain based on XCA profile Global Patient Id component Meeting EHR Security Requirements: SeAAS Approach

8 Architectural Solution – Security as a Service
Extracting security functionalities from end points Security tasks and mechanisms are moved from end points and placed in security specific components These components are responsible for all security requirements of the whole domain Meeting EHR Security Requirements: SeAAS Approach

9 SeAAS Provider Architecture
Main Components SeAAS Gateway intercepts functional requests and queries the SeAAS provider SeAAS Provider Engine to orchestrate the functions of different services Configuration by Policy Repository Security Services Primitive Services Complex Services Meeting EHR Security Requirements: SeAAS Approach

10 Benefits Compatibility with current IHE security profiles
Proposed extension and new profiles based on SaaS paradigm Centralized Security Solutions Overcoming the management and maintenance complexity Reducing the processing overhead of end points Tackling advanced security requirements like non-repudiation, privacy and complex access control policies Meeting EHR Security Requirements: SeAAS Approach

11 Conclusion IHE profiles as a basis for the realization of distributed EHR systems Problems of security related profiles No support of complex security requirements End point security paradigm Security as a Service Architecture (SeAAS) Based on the cloud paradigm Conforms with the current IHE profiles and proposes possible extensions Ongoing Work Performance evaluation of the SeAAS architecture Enabling patients to set access rights to health data Usability evaluation Integration with continuous security management to monitor security requirements Meeting EHR Security Requirements: SeAAS Approach

Download ppt "Meeting EHR Security Requirements: SeAAS Approach"

Similar presentations

Integrating the Healthcare Enterprise. Initiative to adopt standards for information and communication in healthcare IT Sponsored by health organizations.

Integrating the Healthcare Enterprise. Initiative to adopt standards for information and communication in healthcare IT Sponsored by health organizations.
Integrating the Healthcare Enterprise

Integrating the Healthcare Enterprise
September, 2005What IHE Delivers 1 Basic Patient Privacy Consents (BPPC) IHE Vendors Workshop 2006 IHE Patient Care Coordination Education

September, 2005What IHE Delivers 1 Basic Patient Privacy Consents (BPPC) IHE Vendors Workshop 2006 IHE Patient Care Coordination Education
XDS Security ITI Technical Committee May 27, 2006.

XDS Security ITI Technical Committee May 27, 2006.
GE Healthcare IHE Case Study: Transforming Image Distribution Hainan Region China.

GE Healthcare IHE Case Study: Transforming Image Distribution Hainan Region China.
Integrating the Healthcare Enterprise

Integrating the Healthcare Enterprise
Existing tools for cooperation – WG 2 1 Regional Policy Dialogue Capacity building seminars WORKING GROUP MEETINGS HIGH LEVEL SEMINAR SERIES 4 working.

Existing tools for cooperation – WG 2 1 Regional Policy Dialogue Capacity building seminars WORKING GROUP MEETINGS HIGH LEVEL SEMINAR SERIES 4 working.
Cross Community (XC) Profiles Karen Witting. Outline Vision – as described in 2006 IHE White Paper on Cross Community Exchange Existing – what has been.

Cross Community (XC) Profiles Karen Witting. Outline Vision – as described in 2006 IHE White Paper on Cross Community Exchange Existing – what has been.
Community of Interest for Patient Identifiers AGENDA 1.NHII’s Unique Health Information Identification Requirements - Soloman I. Appavu, SIG Leader 2.Identification.

Community of Interest for Patient Identifiers AGENDA 1.NHII’s Unique Health Information Identification Requirements - Soloman I. Appavu, SIG Leader 2.Identification.
Connecting Digital Health in Denmark Otto Larsen, Director

Connecting Digital Health in Denmark Otto Larsen, Director
EHR Governance in South Western Ontario eHealth 2013 Glenn Lanteigne CIO South West and Waterloo Wellington LHIN and SWO Cluster Lead May 29, 2013 Tweet.

EHR Governance in South Western Ontario eHealth 2013 Glenn Lanteigne CIO South West and Waterloo Wellington LHIN and SWO Cluster Lead May 29, 2013 Tweet.
ULTIMA*ERP - Enterprise Hospital

ULTIMA*ERP - Enterprise Hospital
Bilateral Communication With the New York Citywide Immunization Registry Angel Aponte Computer Specialist (Software) Contact:

Bilateral Communication With the New York Citywide Immunization Registry Angel Aponte Computer Specialist (Software) Contact:
T-Systems’ Experiences Cost Efficiency in Healthcare.

T-Systems’ Experiences Cost Efficiency in Healthcare.
Transform Clinical Content Management & Collaboration Using Interoperability to DISCLAIMER: The views and opinions expressed in this presentation are those.

Transform Clinical Content Management & Collaboration Using Interoperability to DISCLAIMER: The views and opinions expressed in this presentation are those.
AHCCCS/ASU Clinical Data Project March 17 th, 2009 Arizona Health Care Cost Containment Health System Medicaid Transformation Grant Program.

AHCCCS/ASU Clinical Data Project March 17 th, 2009 Arizona Health Care Cost Containment Health System Medicaid Transformation Grant Program.
1. Context: Ambient Intelligence Ambient Intelligence (AmI) represents a vision of ubiquitous computing, sensing and actuating to unobtrusively enhance.

1. Context: Ambient Intelligence Ambient Intelligence (AmI) represents a vision of ubiquitous computing, sensing and actuating to unobtrusively enhance.
Cross Domain Patient Identity Management Eric Heflin Dir of Standards and Interoperability/Medicity.

Cross Domain Patient Identity Management Eric Heflin Dir of Standards and Interoperability/Medicity.
Slide 1 Sharing Images without CDs, The Next Imaging Sea Change GE Healthcare Chris Lindop GE Healthcare Interoperability & Standards.

Slide 1 Sharing Images without CDs, The Next Imaging Sea Change GE Healthcare Chris Lindop GE Healthcare Interoperability & Standards.
EHR Systems Use and Quality in EHR Systems Use and Quality in Austria EHR Systems Quality Labelling and Certification 21 - 22 November 2011, Belgrade FH-Prof.

EHR Systems Use and Quality in EHR Systems Use and Quality in Austria EHR Systems Quality Labelling and Certification November 2011, Belgrade FH-Prof.

Similar presentations

Ads by Google