Presentation is loading. Please wait.

Presentation is loading. Please wait.

TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)"— Presentation transcript:

1 TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry) Cornell (Wicker, Gerkhe, Machanavajjhala)

2 2 Preamble EMR is an integrative project for motivating, testing, evaluating core TRUST research areas in: – Model-based design for security – Formal modeling, verifying and enforcing policies – Sensor networks – Investigate “best practices” for interfacing public policy to technology We are fully aware of the fact that EMR is a huge area of research and EMR-TRUST is just one relatively small subproject in TRUST. We leverage our partnership with the Vanderbilt Medical Center to have a broader impact. One related effort in the US is Microsoft’s Software Factory for HL7 compliant EMR transfer among providers.

3 3 The Problem Rise in mature population – Population of age 65 and older with – Medicare was 35 million for 2003 and – 35.4 million for 2004 New types of technology – Electronic Patient Records – Telemedicine – Remote Patient Monitoring Empower patients: – Access to own medical records – Control the information – Monitor access to medical data Regulatory compliance Table compiled by the U.S. Administration on Aging based on data from the U.S. Census Bureau. United Nations ▪ “Population Aging ▪ 2002” 2050 Percentage of Population over 60 years old Global Average = 21%

4 4 Challenges Health Insurance Portability and Accountability Act of 1996 (HIPAA) – HIPAA Privacy Rule (2003): gives US citizens Right to access their medical records Right to request amendments, accounting of disclosures, etc. – HIPAA Security Rule (2005): requires healthcare organizations to Protect for person-identifiable health data that is in electronic format Complexity of privacy – Variable levels of sensitivity; “sensitive” in the eye of multiple beholders – No bright line between person-identifiable and “anonymous” data Complexity of access rights and policies – Simple role-based access control is insufficient – Governing principles: “need-to-know” and “minimum disclosure”

5 5 Research Platform: Patient Portal MyHealthAtVanderbilt is a web portal for an increasing number of services for patients. Current capabilities include – appointment management, – secure messaging, – access to EMR and – billing Future services will/may include medication management, patient data uploads, real-time data links and others..

6 6 Overall Research Objective Satisfying high-level requirements stated for – privacy, confidentiality, – integrity, – non-repudiation and – access control properties of information flows in the PP system. Focus on system architecture and policy issues - leveraging existing security technology components.

7 7 TRUST Research Effort in EMR Architecture modeling and analysis Policy modeling and analysis Interfacing real-time patient data

8 8 Architecture Modeling and Analysis Sub-Project Architecture analysis is conducted based on the SOA architecture framework – natural fit to the problem and to the existing implementation of MyHealthAtVanderbilt In SOA – Workflow modeling – Policy modeling – Data modeling – Service modeling is used to restrict and automate information flow in complex, dynamic environment.

9 9 Research Approach System Analysis Risks and Threats Analysis Policy Analysis Domain analysis VU Medical School TRUST research groups (Vanderbilt, Stanford) Domain Specific Modeling Languages Domain Specific Policy Languages Privacy preservation Modeling VU Medical School TRUST research groups (Vanderbilt, Stanford, Cornell) Mapping to target architecture -> recommendations Fast prototyping BPEL4WS tools TRUST research groups (Vanderbilt, Stanford, Berkeley)

10 10 Domain Analysis Regular meetings with Medical School – Physicians – Medical Informatics Researchers – Software engineering staff – Privacy Officer – Information Security Officer Architecture and policy discussions Case studies Brain storming sessions

11 11 “Target” Architecture for Experimentation Internal Policy Enforcement Point S1S2Sn BPEL Process Manager External Policy Enforcement Point Policy Repos. Policy Decision Pt. Configuration Engine Partners Standards: BPEL XACML SAML WS-Sec … Target Architecture Limitations: Modeling lngs? Policy lngs? Openness of architecture? Tractability of analysis?

12 12 Modeling For Patient Portal Workflow Models Activities Coordination Service Models Component Interface Data Models Policy Models Access models Privacy models Model Transformation Model Transformation Model Transformation BPEL Process Manager Policy Repos. BPEL Infrastructure PP Domain Research Tasks: Specification of modeling/policy languages Model analysis/verification methods Model translator specification Case studies Modeling Tools Analysis Tools Model Translators Technology infrastructure: WSDL BPEL4WS XACML

13 13 Modeling Challenges Development of ”correct” abstractions – How to establish clear relationship among workflow, data and policy related abstractions? Examples: “ A patient is allowed to make appointment only for regular hours.” “ Physicians can access and modify medical records for those patients where they are the designated primary care physician.” “ A nurse can read medical records only in her specialization except when the illness is marked confidential.” Research approach: Formal specification, experimental evaluation and evolution of modeling languages.

14 14 Modeling Tool

15 15 Architecture Challenges Privacy/security in open, dynamic architectures – Workflows are added and modified in the system. – Structure of information flows are dynamic, data dependent and complex. How can we guarantee and maintain privacy/security properties? Example: A new service added to the PP to provide relevant information for patients. Are there privacy leaks? Research approach: Data mining of audit files and discovering leaks, not- modeled information flows.

16 16 Deliverables Suite of modeling languages and tools In-depth modeling of part of the PP and detailed analysis of security and privacy properties Integration with Policy Languages component Exploring privacy issues related to the research project (e.g. privacy leaks through access to audit logs.)

17 17 Policy Modeling Subproject

18 18 Interfacing Real-time Patient Data (See Professor Bajcsy’s Talk)

19 19 Impact and technology transfer Direct connection to a major Patient Portal research and deployment project Results can be generalized to a wide range of SOA applications MyHealthAtVanderbilt; ….

20 20 How is TRUST making a difference here? Vanderbilt, Stanford, Berkeley, Cornell This project would be impossible without TRUST in every sense

21 21 Education and Outreach Immediate result of the unprecedented collaboration with the Medical School are: - consideration of a CS pre-med - joint projects - co-advising students - “TRUST Fellowship” for medical informatics Ph.D. candidates

Download ppt "TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)"

Similar presentations

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
1 American Public Health Association 132 nd Annual Meeting Elaine Vowels, PhD Fern Johnson-Clarke, PhD Carl W. Wilson, MPH Building Public Health Data.

1 American Public Health Association 132 nd Annual Meeting Elaine Vowels, PhD Fern Johnson-Clarke, PhD Carl W. Wilson, MPH Building Public Health Data.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.

SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.
HIPAA TRAINING to satisfy the 2009-2010 training requirement for School District # 435 Staff.

HIPAA TRAINING to satisfy the training requirement for School District # 435 Staff.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
Massachusetts: Transforming the Healthcare Economy John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.

Massachusetts: Transforming the Healthcare Economy John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.
Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford), and Helen Nissenbaum (NYU) TRUST Winter.

Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford), and Helen Nissenbaum (NYU) TRUST Winter.
Federal Student Aid Technical Architecture Initiatives Sandy England

Federal Student Aid Technical Architecture Initiatives Sandy England
A Primer on Healthcare Information Exchange John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.

A Primer on Healthcare Information Exchange John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.
IT Security Challenges In Higher Education Steve Schuster Cornell University.

IT Security Challenges In Higher Education Steve Schuster Cornell University.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
Medicaid Information Technology Architecture (MITA) Where Louisiana Medicaid is Today and Where it Will To Be in the Future April 17, 2012.

Medicaid Information Technology Architecture (MITA) Where Louisiana Medicaid is Today and Where it Will To Be in the Future April 17, 2012.
GROUP 1 PRESENTATION Aisa Bernante Princess Diane Bernales Simplicio Palado.

GROUP 1 PRESENTATION Aisa Bernante Princess Diane Bernales Simplicio Palado.
Joy Hamerman Matsumoto.  St Jude Medical Cardiac Rhythm Management Division manufactures implantable cardiac devices ◦ Pacemakers ◦ Implanted defibrillators.

Joy Hamerman Matsumoto.  St Jude Medical Cardiac Rhythm Management Division manufactures implantable cardiac devices ◦ Pacemakers ◦ Implanted defibrillators.
Brief Introduction about health information system in PuDong New area, shanghai e-health Study group,PuDong 2007-8.

Brief Introduction about health information system in PuDong New area, shanghai e-health Study group,PuDong
The Use of Health Information Technology in Physician Practices

The Use of Health Information Technology in Physician Practices
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

Similar presentations

Ads by Google