Download presentation
Presentation is loading. Please wait.
Published byAsher Hancock Modified over 8 years ago
1
Auditing for Accountability in Healthcare Robert Horn, Agfa, Glen Marshall, Siemens
2
22-Sep-20032 Security Methods Access Control –Get permission before allowing action –Suitable for situations, e.g. restricting access to authorized medical staff Audit Control –Allow action without interference, trusting the judgement of the staff. –Monitor behavior to detect and correct errors. Both have a place in security systems Local security policies determine what is handled by access control, and what is handled by audit controls.
3
22-Sep-20033 Audit System Access Control Activity Report? Event Encode a Description Send to Repository Audit Control: Local Policy determines what events to report, and when. Security Audit Message Standard Defines how to describe events Repository Local Policy determines what reports to keep, analyze, etc.
4
22-Sep-20034 Standards Efforts IETF - Security Audit Message structure (similar to HL7 version 3 XML structures) HL7 – Define descriptions of potentially auditable events in the HL7 domain, utilizing the IETF structure DICOM – Define descriptions of potentially auditable events in the DICOM domain, utilizing the IETF structure
5
22-Sep-20035 Existing Audit Message Interim effort by IHE –Radiology-centric view of events –Demonstrated functional capabilities –Part of the IHE Technical Framework Provides a basis for evaluating the more general solution being developed by IETF, HL7, DICOM, and ASTM Will coexist with the more general solution, and gradually be replaced by the more general solution.
6
22-Sep-20036 Emerging Audit Message New Effort for IHE IT Infrastructure 2004+ –Informed by DICOM, HL7, ASTM, and IHE –Posted as IETF Internet Draft, leading to RFC Anticipates an enterprise audit repository –Supports uniform policy administration –Enables integration of security surveillance –Provides extensibility to accommodates various government regulations plus enterprise and local policies
7
22-Sep-20037 Emerging Audit Message Schema(1)
8
22-Sep-20038 Emerging Audit Message Schema(2) EventActionCode EventDateTime EventOutcomeIndicator
9
22-Sep-20039 Emerging Audit Message Schema(3) UserID AlternativeUserID UserName UserIsRequestor NetworkAccessPointID NetworkAccessPointTypeCode
10
22-Sep-200310 Emerging Audit Message Schema(4) AuditEnterpriseSiteID AuditSourceID
11
22-Sep-200311 Emerging Audit Message Schema(5) ParticipantObjectID ParticipantObjectTypeCode ParticipantObjectTypeCodeRole ParticipantObjectDataLifeCycle ParticipantObjectSensitivity
12
22-Sep-200312 Emerging Audit Message Extensibility –Is a fully conformant XML Schema –Direct extension: add elements –Restriction: constrain values –Vocabulary: reference to externally defined nomenclature from any source
13
22-Sep-200313 Questions?
14
22-Sep-200314 Thank You!
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.