Presentation is loading. Please wait.

Presentation is loading. Please wait.

February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare.

Published byCameron Spencer Modified over 8 years ago

Similar presentations

Presentation on theme: "February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare."— Presentation transcript:

1 February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare

2 February 8, 2005IHE Europe Educational Event 2 Basic Security (SEC) Patient Info. Recon- ciliation Access to Radiology Information Consistent Present- ation of Images Basic Security - Evidence Docs Key Image Notes Simple Image & Numeric Reports Presentation of Grouped Procedures Post- Processing Workflow Reporting Workflow Charge Posting Scheduled Workflow Portable Data for Imaging NM Image

3 February 8, 2005IHE Europe Educational Event 3 Overview Security Requirements Actors and Transactions

4 February 8, 2005IHE Europe Educational Event 4 Security requirements Reasons: Clinical Use and Privacy  authorized persons must have access to medical data of patients, and the information must not be disclosed otherwise. By means of procedures and security mechanisms, guarantee:  Confidentiality  Integrity  Availability  Authenticity

5 February 8, 2005IHE Europe Educational Event 5 Security measures Authentication: Establish the user and/or system identity, answers question: “Who are you?” Authorization and Access control Establish user’s ability to perform an action, e.g. access to data, answers question: “Now that I know who you are, what can you do?”

6 February 8, 2005IHE Europe Educational Event 6 Security measures Accountability and Audit trail Establish historical record of user’s or system actions over period of time, answers question: “What have you done?”

7 February 8, 2005IHE Europe Educational Event 7 IHE is establishing the first level of enterprise-wide security infrastructure for meeting privacy requirements (HIPAA, and like regulations world-wide). IHE Goal

8 February 8, 2005IHE Europe Educational Event 8 IHE makes cross-node security management easy:  Only a simple manual certificate installation is needed.  Healthcare professionals are not hindered by ”complex” role based access control. However, policies may restrict them to ‘need to know information’.  Enforcement driven by ‘a posteriori audits’ and real- time visibility. IHE Goal

9 February 8, 2005IHE Europe Educational Event 9 Integrating trusted nodes System A System B Secured System Secure network Strong authentication of remote node (digital certificates) network traffic encryption is not required Secured System Local access control (authentication of user) Audit trail with: Real-time access Time synchronization Central Audit Trail Repository

10 February 8, 2005IHE Europe Educational Event 10 Secured Domain: integrating trusted nodes Secured Node Actor Other Actors Secured Node Actor Other Actors Secured Node Actor Other Actors Secured Node Actor Other Actors Time Server Central Audit Trail Repository

11 February 8, 2005IHE Europe Educational Event 11 Secured Domain: Limited Administration Audit Trail/Time Server + CA for certificates to each node Secured Node Actor Other Actors Secured Node Actor Other Actors Secured Node Actor Other Actors Secured Node Actor Other Actors Time Server Central Audit Trail Repository

12 February 8, 2005IHE Europe Educational Event 12 IHE Audit Trail Events 20 Non-Transaction Related

13 February 8, 2005IHE Europe Educational Event 13 IHE Audit Trail Events 20 Non-Transaction Related

14 February 8, 2005IHE Europe Educational Event 14 IHE Audit Trail Events 20 Non-Transaction Related

15 February 8, 2005IHE Europe Educational Event 15 IHE Audit Trail Events 20 Non-Transaction Related

16 February 8, 2005IHE Europe Educational Event 16 IHE Audit Trail Events, 18 Transaction Related

17 February 8, 2005IHE Europe Educational Event 17 IHE Audit Trail Events, 18 Transaction Related

18 February 8, 2005IHE Europe Educational Event 18 IHE Audit Trail Events, 18 Transaction Related

19 February 8, 2005IHE Europe Educational Event 19 IHE Audit Trail Events, 18 Transaction Related

20 February 8, 2005IHE Europe Educational Event 20 Example Audit Record for Patient-record-event

21 February 8, 2005IHE Europe Educational Event 21 Example Audit Record for Patient-record-event

22 February 8, 2005IHE Europe Educational Event 22 Example Audit Record for Instances-used

23 February 8, 2005IHE Europe Educational Event 23 Basic Security Integration Profile Actor and Transaction diagram All existing IHE actors need to be grouped with a Secure Node actor. Secure Node Audit Record Repository “Any” IHE actor Record Audit Event Time Server Secure Node Authenticate Node Maintain Time

24 February 8, 2005IHE Europe Educational Event 24 Basic Security Integration Profile Actor grouping rules If an actor wants to support the Basic Security Profile, this actor shall be grouped with a secure Node actor. All actors grouped with a Secure Node actor in an implementation must support the Basic Security Profile.

25 February 8, 2005IHE Europe Educational Event 25 Authenticate Node transaction X.509 certificates for node identity and keys TCP/IP Transport Layer Security Protocol (TLS) for node authentication, and optional encryption Secure handshake protocol of both parties during Association establishment:  Identify encryption protocol  Exchange session keys Actor must be able to configure certificate list of authorized nodes.

26 February 8, 2005IHE Europe Educational Event 26 Authenticate Node transaction TLS_RSA_WITH_NULL_SHA cyphersuite shall be supported for authentication If the optional encryption is selected, the TLS_RSA_WITH_3DES_SHA cyphersuite shall be supported. The well-known port 2762" as specified by DICOM shall be supported.

27 February 8, 2005IHE Europe Educational Event 27 Record Audit Event transaction The BSD Syslog protocol (RFC 3164) for Audit Records Audit trail events and content, no standard available at the time of writing. IHE in Technical Framework : Use IHE defined XML Schema for defined content in payload of Syslog message

28 February 8, 2005IHE Europe Educational Event 28 IT Infrastructure – Secure Node The Radiology Basic Secure Node is also an IT Infrastructure Secure Node, but IT Infrastructure adds:  Use of reliable syslog as an option  Audit messages defined by IETF, HL7, and DICOM. These accommodate more than just radiology uses. The secure node may use either format.

29 February 8, 2005IHE Europe Educational Event 29 Maintain Time transaction Network Time Protocol ( NTP) version 3 (RFC 1305) for time synchronization Actor must support manual configuration Required accuracy: 1 second Optionally Secure NTP may be used

30 February 8, 2005IHE Europe Educational Event 30 More information…. IHE Web sites: http://www.himss.org/IHE http://www.rsna.org/IHE http://www.acc.org/quality/ihe.htmhttp://www.acc.org/quality/ihe.htm. Technical Frameworks: ITI V1.0, RAD V5.5, LAB V1.0 Technical Framework Supplements - Trial Implementation May 2004: Radiology August 2004: Cardiology, IT Infrastructure Non-Technical Brochures : Calls for Participation IHE Fact Sheet and FAQ IHE Integration Profiles: Guidelines for Buyers IHE Connect-a-thon Results Vendor Products Integration Statements

Download ppt "February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare."

Similar presentations

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Patient Identifier Cross-referencing for MPI (PIX) Profile Mike Henderson.

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Patient Identifier Cross-referencing for MPI (PIX) Profile Mike Henderson.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Post-Processing Workflow Sanjay Jain Co-Chair, Radiology Planning.

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Post-Processing Workflow Sanjay Jain Co-Chair, Radiology Planning.
PRESENTATION TITLE Name of Presenter Company Affiliation IHE Affiliation.

PRESENTATION TITLE Name of Presenter Company Affiliation IHE Affiliation.
Audit Trail and Node Authentication / Consistent Time

Audit Trail and Node Authentication / Consistent Time
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT, EUA, PWP, DSIG IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn,

September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT, EUA, PWP, DSIG IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn,
DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.

DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.
DICOM and Integrating the Healthcare Enterprise: Five years of cooperation and mutual influence Charles Parisot Chair, NEMA Committee for advancement of.

DICOM and Integrating the Healthcare Enterprise: Five years of cooperation and mutual influence Charles Parisot Chair, NEMA Committee for advancement of.
September, 2005What IHE Delivers 1 Portable Data for Imaging - PDI IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.

September, 2005What IHE Delivers 1 Portable Data for Imaging - PDI IHE Vendors Workshop 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.
Integrating the Healthcare Enterprise IHE Technical Committee Status IHE ITI Plan Committee - February 2004.

Integrating the Healthcare Enterprise IHE Technical Committee Status IHE ITI Plan Committee - February 2004.
Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research.

Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research.
1 Charles Parisot, GE Healthcare IHE IT Infrastructure Planning Committee Co-chair IHE Update to DICOM.

1 Charles Parisot, GE Healthcare IHE IT Infrastructure Planning Committee Co-chair IHE Update to DICOM.
S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.

S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.
Integrating the Healthcare Enterprise

Integrating the Healthcare Enterprise
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Robert Horn Agfa Healthcare.

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Audit Trail and Node Authentication Robert Horn Agfa Healthcare.
7 February 2005IHE Europe Educational Event 1 Audit Trail and Node Authentication Integrating the Healthcare Enterprise G. Claeys Agfa Healthcare R&D Vendor.

7 February 2005IHE Europe Educational Event 1 Audit Trail and Node Authentication Integrating the Healthcare Enterprise G. Claeys Agfa Healthcare R&D Vendor.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.

September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.
September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.

September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.
DICOM and IHE, Integrating the Healthcare Enterprise Cor Loef Co-chair DICOM Strategic Advisory Committee Member IHE Planning and Technical Committee Cor.

DICOM and IHE, Integrating the Healthcare Enterprise Cor Loef Co-chair DICOM Strategic Advisory Committee Member IHE Planning and Technical Committee Cor.
Integrating the Healthcare Enterprise Enterprise User Authentication and Consistent Time Glen Marshall Co-Chair, IHE IT Infrastructure Planning Committee.

Integrating the Healthcare Enterprise Enterprise User Authentication and Consistent Time Glen Marshall Co-Chair, IHE IT Infrastructure Planning Committee.

Similar presentations

Ads by Google