Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Robert Horn Agfa Healthcare.

Published byNigel Hood Modified over 8 years ago

Similar presentations

Presentation on theme: "Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Robert Horn Agfa Healthcare."— Presentation transcript:

1 Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Robert Horn Agfa Healthcare

2 Sept 13-15, 2004IHE Interoperability Workshop 2 IHE IT Infrastructure 2004-2005 Enterprise User Authentication Provide users a single name and centralized authentication process across all systems Retrieve Information for Display Access a patient’s clinical information and documents in a format ready to be presented to the requesting user Retrieve Information for Display Access a patient’s clinical information and documents in a format ready to be presented to the requesting user Patient Identifier Cross-referencing for MPI Map patient identifiers across independent identification domains Patient Identifier Cross-referencing for MPI Map patient identifiers across independent identification domains Synchronize multiple applications on a desktop to the same patient Patient Synchronized Applications Consistent Time Coordinate time across networked systems Audit Trail & Node Authentication Centralized privacy audit trail and node to node authentication to create a secured domain. New Patient Demographics Query New Personnel White Page Access to workforce contact information New Cross-Enterprise Document Sharing Registration, distribution and access across health enterprises of clinical documents forming a patient electronic health record New

3 Sept 13-15, 2004IHE Interoperability Workshop 3 IHE IT Infrastructure 2004-2005 Enterprise User Authentication Provide users a single name and centralized authentication process across all systems Retrieve Information for Display Access a patient’s clinical information and documents in a format ready to be presented to the requesting user Retrieve Information for Display Access a patient’s clinical information and documents in a format ready to be presented to the requesting user Patient Identifier Cross-referencing for MPI Map patient identifiers across independent identification domains Patient Identifier Cross-referencing for MPI Map patient identifiers across independent identification domains Synchronize multiple applications on a desktop to the same patient Patient Synchronized Applications Consistent Time Coordinate time across networked systems Patient Demographics Query New Personnel White Page Access to workforce contact information New Cross-Enterprise Document Sharing Registration, distribution and access across health enterprises of clinical documents forming a patient electronic health record New Audit Trail & Node Authentication Centralized privacy audit trail and node to node authentication to create a secured domain. New

4 Sept 13-15, 2004IHE Interoperability Workshop 4 IHE and HIPAA Security User Identity  PWP, EUA User Authentication  EUA Node Authentication  ATNA Security Audit Trails  ATNA Data Integrity Controls  CT, ATNA TLS option Data Confidentiality  ATNA TLS option Access Controls  Future item in IHE roadmap

5 Sept 13-15, 2004IHE Interoperability Workshop 5Scope Defines basic security features for an individual system for use as part of the security and privacy environment for a healthcare enterprise. Extends the IHE radiology oriented Basic Security profile (defined in 2002) to be applicable to other healthcare uses. Supports two categories of network environments First of a family of profiles with different kinds of authentication.

6 Sept 13-15, 2004IHE Interoperability Workshop 6 ATNA Profile - Value Proposition Protect Patient Privacy and System Security:  Meet ethical and regulatory requirements Enterprise Administrative Convenience:  Unified and uniform auditing system  Common approach from multiple vendors simplifies definition of enterprise policies and protocols.  Common approach simplifies administration Development and support cost reduction through Code Re-use:  Allows vendors to leverage single development effort to support multiple actors  Allows a single development effort to support the needs of different security policies and regulatory environments.

7 Sept 13-15, 2004IHE Interoperability Workshop 7 Security requirements Reasons: Clinical Use and Privacy  authorized persons must have access to medical data of patients, and the information must not be disclosed otherwise.  Unauthorized persons should not be able to interfere with operations or modify data By means of procedures and security mechanisms, guarantee:  Confidentiality  Integrity  Availability  Authenticity

8 Sept 13-15, 2004IHE Interoperability Workshop 8 Security measures Authentication: Establish the user and/or system identity, answers question: “Who are you?”  ATNA defines: How to authenticate network connections.  ATNA requires: System internal authentication mechanisms, e.g. Enterprise User Authentication (EUA). Authorization and Access control Establish user’s ability to perform an action, e.g. access to data, answers question: “Now that I know who you are, what can you do?”  ATNA defines: How to authorize network connections.  ATNA requires: System internal mechanisms for both local and network access.

9 Sept 13-15, 2004IHE Interoperability Workshop 9 Security measures Accountability and Audit trail Establish historical record of user’s or system actions over period of time, answers question: “What have you done?”  ATNA Defines: Audit message format and transport protocol

10 Sept 13-15, 2004IHE Interoperability Workshop 10 IHE makes cross-node security management easy:  Only a simple manual certificate installation is needed.  Separate the authentication, authorization, and accountability functions to accommodate the needs of different approaches.  Enforcement driven by ‘a posteriori audits’ and real-time visibility. IHE Goal

11 Sept 13-15, 2004IHE Interoperability Workshop 11 Integrating trusted nodes System A System B Secured System Secure network Strong authentication of remote node (digital certificates) network traffic encryption is not required, it is optional Secured System Local access control (authentication of user) Audit trail with: Real-time access Time synchronization Central Audit Trail Repository

12 Sept 13-15, 2004IHE Interoperability Workshop 12 Secured Domain: integrating trusted nodes Secured Node Actor Other Actors Secured Node Actor Other Actors Secure Node Actor Other Actors Secured Node Actor Other Actors Time Server Central Audit Trail Repository

13 Sept 13-15, 2004IHE Interoperability Workshop 13 Network Environments Physically secured networks  Explicit physical security preventing access by other nodes, or  VPN and VLAN technologies that provide equivalent network isolation. Protected networks  Physical security that prevents modification or installation of unauthorized equipment  The network is shared with other authorized nodes within the enterprise that should not have unrestricted access to patient information. Unprotected networks  Not generally supported, although nodes with sufficient node level security and using encryption may be safe.

14 Sept 13-15, 2004IHE Interoperability Workshop 14 Node Security ATNA specifies some of the capabilities that are needed, e.g. access control. ATNA does not specify policies ATNA does not specify mechanisms, although other IHE protocols like EUA are obvious candidates. This permits vendors and enterprises to select technologies and policies that are appropriate to their own purposes without conflicting with the ATNA profile.

15 Sept 13-15, 2004IHE Interoperability Workshop 15 Auditing System Designed for surveillance rather than forensic use. Two audit message formats  IHE Radiology interim format, for backward compatibility with radiology  IETF/DICOM/HL7/ASTM format, for future growth DICOM Supplement 95 IETF Draft for Common Audit Message ASTM E.214 HL7 Audit Informative documents  Both formats are XML encoded messages, permitting extensions using XML standard extension mechanisms.

16 Sept 13-15, 2004IHE Interoperability Workshop 16 IHE Audit Trail Events Combined list of IETF and DICOM events Actor-start-stop The starting or stopping of any application or actor. Audit-log-used Reading or modification of any stored audit log Begin-storing-instances The storage of any persistent object, e.g. DICOM instances, is begun Health-service-event Other health service related auditable event. Images-availability-query The query for instances of persistent objects. Instances-deleted The deletion of persistent objects. Instances-stored The storage of persistent objects is completed.

17 Sept 13-15, 2004IHE Interoperability Workshop 17 IHE Audit Trail Events Combined list of IETF and DICOM events Medication Medication is prescribed, delivered, etc. Mobile-machine-event Mobile equipment is relocated, leaves the network, rejoins the network Node-authentication- failure An unauthorized or improperly authenticated node attempts communication Order-record-event An order is created, modified, completed. Patient-care-assignment Patient care assignments are created, modified, deleted. Patient-care-episode Auditable patient care episode event that is not specified elsewhere. Patient-record-event Patient care records are created, modified, deleted.

18 Sept 13-15, 2004IHE Interoperability Workshop 18 IHE Audit Trail Events Combined list of IETF and DICOM events PHI-export Patient information is exported outside the enterprise, either on media or electronically PHI-import Patient information is imported into the enterprise, either on media or electronically Procedure-record-event The patient record is created, modified, or deleted. Query-information Any auditable query not otherwise specified. Security-administration Security alerts, configuration changes, etc. Study-object-event A study is created, modified, or deleted. Study-used A study is viewed, read, or similarly used.

19 Sept 13-15, 2004IHE Interoperability Workshop 19 Authenticate Node transaction X.509 certificates for node identity and keys TCP/IP Transport Layer Security Protocol (TLS) for node authentication, and optional encryption Secure handshake protocol of both parties during Association establishment:  Identify encryption protocol  Exchange session keys Actor must be able to configure certificate list of authorized nodes. ATNA presently specifies mechanisms for HTTP, DICOM, and HL7

20 Sept 13-15, 2004IHE Interoperability Workshop 20 Record Audit Event transaction Reliable Syslog (RFC 3195) is the preferred transport for Audit Records, although BSD Syslog protocol (RFC 3164) is permitted for backward compatibility with Radiology Basic Security. Audit trail events and content based on IETF, DICOM, HL7, and ASTM standards. Also, Radiology Basic Security audit event format is allowed for backward compatibility.

21 Sept 13-15, 2004IHE Interoperability Workshop 21 Maintain Time transaction Network Time Protocol ( NTP) version 3 (RFC 1305) for time synchronization Actor must support manual configuration Required accuracy: 1 second Optionally Secure NTP may be used

22 Sept 13-15, 2004IHE Interoperability Workshop 22 What it takes to be a secure node The Secure node is not a simple add-on of an auditing capability. The larger work effort is:  Instrumenting all applications to detect auditable events and generate audit messages.  Ensuring that all communications connections are protected.  Establishing a local security mechanism to protect all local resources.  Establishing configuration mechanisms for: Time synchronization Certificate management Network configuration Implement the audit logging facility

23 Sept 13-15, 2004IHE Interoperability Workshop 23 More information…. IHE Web sites: http://www.himss.org/IHE http://www.rsna.org/IHE http://www.acc.org/quality/ihe.htmhttp://www.acc.org/quality/ihe.htm. Technical Frameworks: ITI V1.0, RAD V5.5, LAB V1.0 Technical Framework Supplements - Trial Implementation May 2004: Radiology August 2004: Cardiology, IT Infrastructure Non-Technical Brochures : Calls for Participation IHE Fact Sheet and FAQ IHE Integration Profiles: Guidelines for Buyers IHE Connect-a-thon Results Vendor Products Integration Statements

Download ppt "Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Robert Horn Agfa Healthcare."

Similar presentations

IT Infrastructure Glen Marshall Siemens Health Solutions IHE IT Infrastructure Committee Co-chair.

IT Infrastructure Glen Marshall Siemens Health Solutions IHE IT Infrastructure Committee Co-chair.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Patient Identifier Cross-referencing for MPI (PIX) Profile Mike Henderson.

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Patient Identifier Cross-referencing for MPI (PIX) Profile Mike Henderson.
Audit Trail and Node Authentication Audit Trail and Node Authentication Robert Horn Agfa Healthcare.

Audit Trail and Node Authentication Audit Trail and Node Authentication Robert Horn Agfa Healthcare.
PRESENTATION TITLE Name of Presenter Company Affiliation IHE Affiliation.

PRESENTATION TITLE Name of Presenter Company Affiliation IHE Affiliation.
Audit Trail and Node Authentication / Consistent Time

Audit Trail and Node Authentication / Consistent Time
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT, EUA, PWP, DSIG IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn,

September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT, EUA, PWP, DSIG IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn,
Overview of IHE IT Infrastructure Integration Profiles IHE IT Infrastructure Technical Committee Charles Parisot, GE Medical Systems Information Technologies.

Overview of IHE IT Infrastructure Integration Profiles IHE IT Infrastructure Technical Committee Charles Parisot, GE Medical Systems Information Technologies.
Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.

Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.
DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.

DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.
DICOM and Integrating the Healthcare Enterprise: Five years of cooperation and mutual influence Charles Parisot Chair, NEMA Committee for advancement of.

DICOM and Integrating the Healthcare Enterprise: Five years of cooperation and mutual influence Charles Parisot Chair, NEMA Committee for advancement of.
THE DICOM 2014 Chengdu Workshop August 25, 2014 Chengdu, China Keeping It Safe Brad Genereaux, Agfa HealthCare Product Manager Industry Co-Chair, DICOM.

THE DICOM 2014 Chengdu Workshop August 25, 2014 Chengdu, China Keeping It Safe Brad Genereaux, Agfa HealthCare Product Manager Industry Co-Chair, DICOM.
Slide 1 Sharing Images without CDs, The Next Imaging Sea Change GE Healthcare Chris Lindop GE Healthcare Interoperability & Standards.

Slide 1 Sharing Images without CDs, The Next Imaging Sea Change GE Healthcare Chris Lindop GE Healthcare Interoperability & Standards.
Integrating the Healthcare Enterprise IHE Technical Committee Status IHE ITI Plan Committee - February 2004.

Integrating the Healthcare Enterprise IHE Technical Committee Status IHE ITI Plan Committee - February 2004.
Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research.

Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research.
What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin – Medicity/THSA.

What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin – Medicity/THSA.
1 Charles Parisot, GE Healthcare IHE IT Infrastructure Planning Committee Co-chair IHE Update to DICOM.

1 Charles Parisot, GE Healthcare IHE IT Infrastructure Planning Committee Co-chair IHE Update to DICOM.
S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.

S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.
Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.

Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing Bill Majurski National Institute of Standards and Technology IT Infrastructure Co-Chair.
Integrating the Healthcare Enterprise

Integrating the Healthcare Enterprise
7 February 2005IHE Europe Educational Event 1 Audit Trail and Node Authentication Integrating the Healthcare Enterprise G. Claeys Agfa Healthcare R&D Vendor.

7 February 2005IHE Europe Educational Event 1 Audit Trail and Node Authentication Integrating the Healthcare Enterprise G. Claeys Agfa Healthcare R&D Vendor.

Similar presentations

Ads by Google